Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help on this matter

Started by zailan , Aug 16 2011 09:17 PM

  • This topic is locked This topic is locked

#1
zailan
Posted 16 August 2011 - 09:17 PM

zailan

    New Member

  • Member
  • Pip
  • 1 posts
Hi everyone,

I am sorry if i ask a repeating question as i am not well verse in this computer world :)

here is my problem. When i surf the internets this address keep poping up. (4 url) and after that i run the

Thank you guys (BTW i am from Malaysia excuse my poor english please)

http://www.xn--&-8ga.com/

file:///C:/Program%20Files/Mozilla%20Firefox/

file:///C:/Program%20Files/Mozilla%20Firefox/T%E2%80%98%C3%91%C3%A5%C2%AD%C2%A6%C5%92M%E2%80%98%1A%C2%BD%C5%B8y%C2%A7d%C3%B9%11vU%C2%B0%C2%BEd%C2%B3%C3%A7%C3%94%0EA%C2%AE%C2%A0.%C3%82%C2%BB%C2%A1%C2%AE%11%C3%84%C3%ABF+5%C3%B8%C3%88%E2%80%94%C3%B7%C3%84%08%C3%BD%C3%87%13siB%C3%BD%E2%80%A1%E2%84%A2p%C2%B0%E2%84%A2%C3%BB%C3%BE:%C2%AF%C3%A3%04%5B%C3%94:%C5%BE%20%C3%A1%E2%80%A0H%0B%C2%BDA%E2%82%AC:%C3%A0%C2%9D%C3%84%C2%AA%C3%8A%C5%A0SH%C2%AB%C3%A7%E2%80%98%17%C2%A9%C2%A5:%112%C3%9C%C2%BB%60%0E$%C3%A7%C3%A3%C3%BD%%19xmG%15%C3%B2%C3%B0%C3%99%C2%8F%1F%C3%83b%C3%9Cc%C2%AE%E2%84%A2%C3%9Bj%1FV%C3%91*%C3%87~%E2%84%A2%C3%985S.%04f%C3%8B%C3%86%C3%8C%C3%8B%C3%A0%C2%A8%C3%A55I*D%C3%968%02%C3%8Ad%C3%8DC%E2%80%A0%C3%B7%C3%A8%E2%80%A0%E2%80%BAG%C5%92!%1C%C3%8A:%C2%A5k%C2%B7%C3%B5%5DADj%E2%80%A2%C3%B5S%C3%90l%C3%B9%05%1B%0Cn~%C2%A2%C3%B9%C2%A5%C3%9Fv%C2%8D%C2%AF2Y%C3%B4%C5%BE%C2%BF%C3%A2%E2%80%B9J?^%E2%80%99d%C2%9DTFl%C3%A4zg%C2%B5%C3%B2%7F%C3%91u%C5%BDn%E2%80%98%C2%B3%C3%B4p+%C3%A3f%C2%B5%C2%A9%E2%80%A6%C3%A6l%C3%918%03%C2%AA%C3%AC

http://www.xn--pda.com/


OTL and i attached the report below. Please guide me in solving this problem.


OTL logfile created on: 8/17/2011 10:58:39 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\user78\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.95% Memory free
3.98 Gb Paging File | 2.49 Gb Available in Paging File | 62.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 64.90 Gb Free Space | 66.52% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 151.60 Gb Free Space | 75.64% Space Free | Partition Type: NTFS

Computer Name: USER78-PC | User Name: user78 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 10:58:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\user78\Downloads\OTL.exe
PRC - [2011/08/04 13:50:33 | 000,399,536 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/07/21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/07/21 14:59:06 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/29 09:24:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 08:27:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/29 09:00:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/05/28 14:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/03/15 04:34:10 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
PRC - [2009/10/16 10:44:14 | 001,600,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe
PRC - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
PRC - [2009/10/16 10:44:06 | 001,060,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCD.exe
PRC - [2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/09 11:52:10 | 001,824,032 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2009/01/12 10:04:50 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\PACTray.exe
PRC - [2008/12/16 16:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\GUCI_AVS.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/04 13:50:34 | 001,849,520 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2011/08/04 13:50:34 | 000,161,968 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011/08/04 13:50:34 | 000,021,680 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/06/28 08:27:59 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/20 08:46:20 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/17 02:30:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/01/22 10:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2010/01/22 10:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/01/22 10:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/29 09:24:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/29 09:00:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/20 19:41:47 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/28 14:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 14:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/07/21 14:59:08 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/29 09:24:53 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 09:24:53 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/01/03 16:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 16:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/03 16:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/01/03 16:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/10/25 17:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/16 10:43:04 | 000,130,200 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2009/10/16 10:42:58 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\System32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2009/10/16 10:42:50 | 000,048,280 | ---- | M] (Nero AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/03 14:21:24 | 000,710,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/09 08:41:14 | 000,592,640 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GUCI_AVS.sys -- (GUCI_AVS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=vsl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 BC 5D 25 17 DB CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\user78\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11 00:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2011/01/30 21:27:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2011/06/30 09:00:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 08:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 09:00:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/04 13:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11 00:01:49 | 000,000,000 | ---D | M]

[2011/02/16 11:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user78\AppData\Roaming\Mozilla\Extensions
[2011/02/16 11:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user78\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/01 15:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user78\AppData\Roaming\Mozilla\Firefox\Profiles\n9tlrrae.default\extensions
[2011/08/01 15:02:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user78\AppData\Roaming\Mozilla\Firefox\Profiles\n9tlrrae.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/16 13:45:09 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\user78\AppData\Roaming\Mozilla\Firefox\Profiles\n9tlrrae.default\extensions\[email protected]
[2011/04/06 10:55:46 | 000,000,931 | ---- | M] () -- C:\Users\user78\AppData\Roaming\Mozilla\Firefox\Profiles\n9tlrrae.default\searchplugins\conduit.xml
[2011/04/21 13:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/21 10:10:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/28 08:27:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/21 10:10:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 09:16:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/21 13:08:42 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchvsl.xml

O1 HOSTS File: ([2011/04/12 10:45:27 | 000,000,852 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4 - HKCU..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 163.173.1.150 202.188.0.133 202.188.1.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 10:09:37 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/08/13 09:54:52 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/08/13 09:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/08/13 09:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/13 09:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/08/01 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\user78\Desktop\zailan
[2011/07/19 16:40:50 | 000,000,000 | ---D | C] -- C:\Users\user78\container

========== Files - Modified Within 30 Days ==========

[2011/08/17 10:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/17 10:54:30 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 10:54:30 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 08:54:35 | 008,237,236 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/17 08:54:35 | 002,683,010 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/17 08:50:17 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/08/17 08:50:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/17 08:49:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 08:49:23 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/16 13:48:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/16 13:48:30 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/13 10:09:37 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/08/13 10:09:34 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/08/13 09:54:54 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/08/10 08:56:43 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/09 11:57:49 | 208,301,971 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/04 13:50:44 | 000,002,056 | ---- | M] () -- C:\Users\user78\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/08/02 15:57:58 | 000,026,194 | ---- | M] () -- C:\Users\user78\Desktop\c8fb96ac93e084609ca60c3df1723e3d.jpg
[2011/08/01 14:01:26 | 000,678,619 | ---- | M] () -- C:\Users\user78\Desktop\zailan.zip
[2011/08/01 13:34:20 | 005,303,957 | ---- | M] () -- C:\Users\user78\Desktop\L1020090.JPG
[2011/08/01 13:34:10 | 005,417,788 | ---- | M] () -- C:\Users\user78\Desktop\L1020089.JPG
[2011/08/01 11:33:36 | 004,887,815 | ---- | M] () -- C:\Users\user78\Desktop\L1020088.JPG
[2011/08/01 11:33:26 | 005,170,213 | ---- | M] () -- C:\Users\user78\Desktop\L1020087.JPG
[2011/07/26 10:55:02 | 000,251,711 | ---- | M] () -- C:\Users\user78\Desktop\Zailan.jpg
[2011/07/25 16:41:21 | 000,681,424 | ---- | M] () -- C:\Users\user78\Desktop\DSC_5177.JPG
[2011/07/25 13:16:19 | 000,438,993 | ---- | M] () -- C:\Users\user78\Desktop\DSC_5174.JPG
[2011/07/25 13:12:46 | 000,830,660 | ---- | M] () -- C:\Users\user78\Desktop\DSC_5175.JPG
[2011/07/21 14:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/07/19 16:31:12 | 002,669,770 | ---- | M] () -- C:\Users\user78\Desktop\desaki.jpg
[2011/07/19 16:22:24 | 002,817,959 | ---- | M] () -- C:\Users\user78\Desktop\DSCN0121.JPG

========== Files Created - No Company Name ==========

[2011/08/17 08:50:17 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/08/16 13:48:30 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/16 13:48:30 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/13 12:18:22 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/08/13 09:54:54 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/08/11 12:42:16 | 005,417,788 | ---- | C] () -- C:\Users\user78\Desktop\L1020089.JPG
[2011/08/11 12:42:16 | 005,303,957 | ---- | C] () -- C:\Users\user78\Desktop\L1020090.JPG
[2011/08/11 12:42:16 | 005,170,213 | ---- | C] () -- C:\Users\user78\Desktop\L1020087.JPG
[2011/08/11 12:42:16 | 004,887,815 | ---- | C] () -- C:\Users\user78\Desktop\L1020088.JPG
[2011/08/04 13:50:37 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/08/02 15:57:55 | 000,026,194 | ---- | C] () -- C:\Users\user78\Desktop\c8fb96ac93e084609ca60c3df1723e3d.jpg
[2011/08/01 14:01:22 | 000,678,619 | ---- | C] () -- C:\Users\user78\Desktop\zailan.zip
[2011/07/26 10:54:59 | 000,251,711 | ---- | C] () -- C:\Users\user78\Desktop\Zailan.jpg
[2011/07/25 16:40:32 | 000,681,424 | ---- | C] () -- C:\Users\user78\Desktop\DSC_5177.JPG
[2011/07/25 13:15:02 | 000,830,660 | ---- | C] () -- C:\Users\user78\Desktop\DSC_5175.JPG
[2011/07/25 13:15:02 | 000,438,993 | ---- | C] () -- C:\Users\user78\Desktop\DSC_5174.JPG
[2011/07/19 16:31:11 | 002,669,770 | ---- | C] () -- C:\Users\user78\Desktop\desaki.jpg
[2011/07/19 16:29:41 | 002,817,959 | ---- | C] () -- C:\Users\user78\Desktop\DSCN0121.JPG
[2011/03/25 09:00:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PDEs
[2011/03/25 09:00:27 | 000,000,268 | RH-- | C] () -- C:\Users\user78\AppData\Roaming\Noise Gate
[2011/03/25 09:00:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/03/25 08:58:36 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organs
[2011/03/25 08:58:36 | 000,000,268 | RH-- | C] () -- C:\Users\user78\AppData\Roaming\Nature Sounds
[2011/03/25 08:58:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/02/17 15:05:05 | 000,135,999 | ---- | C] () -- C:\Windows\hphins32.dat
[2011/02/17 15:05:05 | 000,000,558 | ---- | C] () -- C:\Windows\hphmdl32.dat
[2011/01/29 17:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/12/01 23:55:13 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/12/01 23:55:13 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/08/24 08:19:36 | 000,000,268 | RH-- | C] () -- C:\Users\user78\AppData\Roaming\PPD Plugins
[2010/08/24 08:19:36 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Phaser
[2010/08/24 08:19:36 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Perl
[2010/08/24 08:19:36 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Percussion Kit
[2010/08/24 08:19:36 | 000,000,268 | RH-- | C] () -- C:\Users\user78\AppData\Roaming\Pedal Hard
[2010/08/24 08:19:36 | 000,000,268 | RH-- | C] () -- C:\Users\user78\AppData\Roaming\PageLibraries
[2010/08/24 08:19:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010/08/24 08:19:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010/08/24 08:19:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/05/24 22:38:35 | 000,000,135 | ---- | C] () -- C:\Windows\Mp3CutterJoiner.ini
[2010/05/24 22:37:10 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySMP3CutJoin.dat
[2010/05/14 23:22:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/11 00:01:35 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/03 19:56:24 | 000,169,787 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010/04/03 19:56:24 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2010/04/01 21:06:02 | 000,002,057 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini
[2010/03/23 01:38:31 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009/10/06 15:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 003,775,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 008,237,236 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 002,683,010 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 08:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
  • 0

Advertisements

#2
Gammo
Posted 17 August 2011 - 05:54 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=vsl
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
[2011/04/21 13:08:42 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchvsl.xml

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

    Click me

    If you can't disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP