Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked?

Started by mojoanna1 , Aug 19 2011 04:12 PM

  • This topic is locked This topic is locked

#16
Gammo
Posted 21 August 2011 - 05:53 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL again
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic.

  • 0

Advertisements

#17
mojoanna1
Posted 21 August 2011 - 05:43 PM

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hsy Gammo, hope you're having a good day. Thanks again for all your help.


Susanna


Here's the log.



OTL logfile created on: 8/21/2011 7:30:31 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = c:\Users\CYA\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 49.45% Memory free
6.09 Gb Paging File | 4.63 Gb Available in Paging File | 75.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.05 Gb Total Space | 136.10 Gb Free Space | 61.57% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: CYA | User Name: CYA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/20 10:24:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- c:\Users\CYA\Downloads\OTL.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/06/01 11:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/05 16:09:54 | 001,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/09/05 16:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/02 08:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/12/19 22:28:32 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/12/19 22:28:20 | 000,251,288 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/12/19 22:28:20 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/12/19 22:28:20 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/12/19 22:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/09/05 16:03:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/09/05 15:52:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\btwhidcs.dll
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 22:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/08/20 09:40:46 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110821.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/20 09:40:46 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110821.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/19 18:57:52 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110819.030_efc\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/12 23:21:56 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001_e9a\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/02 17:27:31 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/02 14:47:04 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/02 14:47:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/06 16:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 22:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/05/18 09:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ftdibus.sys -- (FTDIBUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]

IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\CYA\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/08/20 13:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2011/06/20 15:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYA\AppData\Roaming\Mozilla\Extensions
[2011/08/20 11:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions
[2011/08/10 09:19:42 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/08/19 15:44:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/10 11:29:41 | 000,000,000 | ---D | M] (Burn4Free DB Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/08/20 08:22:06 | 000,000,000 | ---D | M] (VDownloader Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\[email protected]
[2011/08/20 08:22:21 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\wecarereminder@bryan
[2011/08/20 08:22:07 | 000,002,394 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\askcom.xml
[2011/08/10 09:19:44 | 000,002,263 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\bing-zugo.xml
[2011/08/10 12:35:06 | 000,002,376 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\search.xml
File not found (No name found) --
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011/08/20 13:23:00 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN

O1 HOSTS File: ([2011/06/11 04:15:30 | 000,395,221 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13649 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {276C5A67-1916-DB0F-5D5B-4393787FB8CD} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found.
O2 - BHO: (no name) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - No CLSID value found.
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\CYA\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CYA\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/22 03:43:54 | 000,000,074 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 18:23:02 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/08/20 14:58:50 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/20 12:35:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/20 12:35:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/20 11:08:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/20 11:08:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/20 11:08:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/20 11:07:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/20 10:33:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/20 09:44:10 | 000,000,000 | ---D | C] -- C:\4e4418e410e5bbd38ecce24d0852a8
[2011/08/20 01:48:48 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\uTorrent
[2011/08/20 01:42:33 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\VDownloader
[2011/08/20 01:42:33 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\VDownloader
[2011/08/20 01:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/08/20 00:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2011/08/19 16:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/19 16:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/08/19 16:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/08/19 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\Tific
[2011/08/19 15:41:47 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\Symantec
[2011/08/16 16:00:53 | 000,000,000 | ---D | C] -- C:\Users\CYA\Desktop\New Folder (2)
[2011/08/13 23:28:09 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011/08/13 23:24:54 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2011/08/13 23:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011/08/13 23:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/08/13 23:23:02 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/08/11 20:57:36 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\ElevatedDiagnostics
[2011/08/11 19:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011/08/11 17:24:59 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\InstallShield
[2011/08/11 15:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/08/11 01:45:46 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\.minecraft
[2011/08/10 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\CrashDumps
[2011/08/10 10:45:36 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\GlarySoft
[2011/08/10 10:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Glarysoft
[2011/08/10 10:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/08/10 02:54:31 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\VS Revo Group
[2011/08/10 02:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/08/10 02:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/08/09 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2011/08/09 23:45:16 | 000,000,000 | ---D | C] -- C:\Users\CYA\Documents\Image-Line
[2011/08/09 23:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011/08/09 23:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011/08/04 15:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/02 17:27:08 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symtdiv.sys
[2011/08/02 17:27:07 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.sys
[2011/08/02 17:27:07 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symnets.sys
[2011/08/02 17:27:06 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.sys
[2011/08/02 17:27:06 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.sys
[2011/08/02 17:27:05 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.sys
[2011/08/02 17:27:05 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\ironx86.sys
[2011/08/02 17:24:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1206000.01D
[2011/08/02 14:16:14 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/08/02 14:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/02 14:14:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011/08/02 14:14:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011/08/02 14:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/08/02 14:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/08/02 14:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/08/02 14:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/07/31 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\Solid State Networks
[2011/07/27 17:18:28 | 003,325,832 | ---- | C] (Ask) -- C:\Program Files\Common Files\APNToolbarInstaller.exe
[2011/07/27 17:18:28 | 000,108,424 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\APNStub.exe
[2011/07/27 12:06:52 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\PackageAware
[2011/07/23 19:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
[2011/07/23 19:04:31 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011/07/23 19:04:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/03/23 20:53:47 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/21 19:11:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/21 07:26:31 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/08/21 07:23:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/21 07:23:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/21 07:23:07 | 3152,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/21 07:22:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/21 07:20:01 | 000,000,632 | RHS- | M] () -- C:\Users\CYA\ntuser.pol
[2011/08/21 07:10:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/20 17:51:21 | 000,013,824 | ---- | M] () -- C:\Users\CYA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/20 17:36:14 | 000,000,678 | ---- | M] () -- C:\Users\CYA\Desktop\avenger.exe - Shortcut.lnk
[2011/08/20 17:34:41 | 000,000,536 | ---- | M] () -- C:\Users\CYA\Desktop\avenger (1).zip - Shortcut.lnk
[2011/08/20 17:32:58 | 000,001,053 | ---- | M] () -- C:\Users\CYA\Desktop\avenger - Shortcut.lnk
[2011/08/20 17:14:52 | 000,000,514 | ---- | M] () -- C:\Users\CYA\Desktop\avenger.zip - Shortcut.lnk
[2011/08/20 17:12:19 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/20 17:12:19 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/20 14:56:30 | 000,001,189 | ---- | M] () -- C:\Users\CYA\Desktop\OTM.exe - Shortcut (2).lnk
[2011/08/20 14:55:06 | 000,002,211 | ---- | M] () -- C:\Users\CYA\Desktop\OTM.exe - Shortcut.lnk
[2011/08/20 11:58:53 | 000,001,228 | ---- | M] () -- C:\Users\CYA\Desktop\ComboFix (1) - Shortcut.lnk
[2011/08/20 11:33:04 | 282,064,908 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/19 16:21:14 | 000,267,624 | ---- | M] () -- C:\Users\CYA\Documents\Wounded Warrior Event.pdf
[2011/08/19 15:50:54 | 000,293,174 | ---- | M] () -- C:\Users\CYA\Documents\Attachments_2011_08_19.zip
[2011/08/16 02:32:35 | 001,285,269 | ---- | M] () -- C:\Users\CYA\Desktop\untitled.mp3
[2011/08/13 23:28:10 | 000,000,935 | ---- | M] () -- C:\Users\CYA\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/08/13 23:24:48 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2011/08/11 19:35:01 | 002,207,052 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011/08/11 19:22:31 | 000,006,944 | ---- | M] () -- C:\Users\CYA\AppData\Local\d3d9caps.dat
[2011/08/11 17:39:22 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF8303Q4Z_E480576-003_4A_I30D1_SQuanta_V85.26_F.34_T110322_WV3-2_L409_M3007_J250_7AMD_8F82_92.00_#090731_N10DE054C;168C001C_(FE694UA#ABA)_XMOBILE_CN10_Z.MRK
[2011/08/11 10:53:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/11 10:53:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/10 21:47:56 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/10 21:28:17 | 000,000,943 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/10 21:17:36 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/10 21:17:36 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/10 21:17:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/10 19:39:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/03 12:23:44 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/08/02 17:27:31 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/08/02 17:27:31 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/08/02 17:27:31 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/07/27 17:18:29 | 000,001,684 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk
[2011/07/27 17:18:29 | 000,001,660 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk
[2011/07/25 13:22:24 | 003,558,998 | ---- | M] () -- C:\Users\CYA\Desktop\Dr Dre - Murder Ink.mp3
[2011/07/25 01:05:36 | 006,555,930 | ---- | M] () -- C:\Users\CYA\Desktop\Mos Def - Summertime.mp3
[2011/07/25 01:03:46 | 006,503,894 | ---- | M] () -- C:\Users\CYA\Desktop\Mos Def- Sunshine.mp3
[2011/07/25 01:02:33 | 005,720,221 | ---- | M] () -- C:\Users\CYA\Desktop\Dre & Snoop Doggy Dog - aint nothing but a g-thang.mp3
[2011/07/25 01:01:24 | 005,290,141 | ---- | M] () -- C:\Users\CYA\Desktop\Dr. Dre -Ackrite.mp3
[2011/07/24 00:20:49 | 006,804,034 | ---- | M] () -- C:\Users\CYA\Desktop\RUFFNECK (FLEX) - SKRILLEX.mp3
[2011/07/24 00:16:00 | 007,084,275 | ---- | M] () -- C:\Users\CYA\Desktop\Feed Me - Strange Behaviour (ft. Tasha Baxter).mp3
[2011/07/23 04:01:13 | 004,367,287 | ---- | M] () -- C:\Users\CYA\Desktop\Doctor P - Sweet Shop (Friction vs Camo & Krooked Remix).mp3
[2011/07/23 03:58:01 | 200,486,951 | ---- | M] () -- C:\Users\CYA\Desktop\Skrillex - Rock n Roll (Will Take You to the Mountain).mp4
[2011/07/23 03:53:51 | 005,765,361 | ---- | M] () -- C:\Users\CYA\Desktop\'Still Gettin It' Foreign Beggars feat Skrillex.mp3
[2011/07/23 03:48:06 | 025,659,988 | ---- | M] () -- C:\Users\CYA\Desktop\FIRST OF THE YEAR (EQUINOX) - SKRILLEX.mp4
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/21 07:10:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/20 17:36:14 | 000,000,678 | ---- | C] () -- C:\Users\CYA\Desktop\avenger.exe - Shortcut.lnk
[2011/08/20 17:30:50 | 000,001,053 | ---- | C] () -- C:\Users\CYA\Desktop\avenger - Shortcut.lnk
[2011/08/20 17:30:10 | 000,000,536 | ---- | C] () -- C:\Users\CYA\Desktop\avenger (1).zip - Shortcut.lnk
[2011/08/20 17:13:53 | 000,000,514 | ---- | C] () -- C:\Users\CYA\Desktop\avenger.zip - Shortcut.lnk
[2011/08/20 14:55:21 | 000,001,189 | ---- | C] () -- C:\Users\CYA\Desktop\OTM.exe - Shortcut (2).lnk
[2011/08/20 14:55:06 | 000,002,211 | ---- | C] () -- C:\Users\CYA\Desktop\OTM.exe - Shortcut.lnk
[2011/08/20 11:53:04 | 000,001,228 | ---- | C] () -- C:\Users\CYA\Desktop\ComboFix (1) - Shortcut.lnk
[2011/08/20 11:08:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/20 11:08:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/20 11:08:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/20 11:08:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/20 11:08:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/20 01:42:26 | 000,000,174 | ---- | C] () -- C:\Users\Public\Desktop\Amazon.url
[2011/08/19 16:21:14 | 000,267,624 | ---- | C] () -- C:\Users\CYA\Documents\Wounded Warrior Event.pdf
[2011/08/19 16:17:05 | 000,293,174 | ---- | C] () -- C:\Users\CYA\Documents\Attachments_2011_08_19.zip
[2011/08/16 02:27:30 | 001,285,269 | ---- | C] () -- C:\Users\CYA\Desktop\untitled.mp3
[2011/08/13 23:28:10 | 000,000,935 | ---- | C] () -- C:\Users\CYA\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/08/13 23:24:52 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2011/08/11 17:39:22 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF8303Q4Z_E480576-003_4A_I30D1_SQuanta_V85.26_F.34_T110322_WV3-2_L409_M3007_J250_7AMD_8F82_92.00_#090731_N10DE054C;168C001C_(FE694UA#ABA)_XMOBILE_CN10_Z.MRK
[2011/08/11 15:30:08 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2011/08/11 10:53:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/08/11 10:53:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/08/10 21:47:55 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/10 21:28:16 | 000,000,943 | ---- | C] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/10 21:17:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/04 15:07:19 | 3152,986,112 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/03 12:22:05 | 282,064,908 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/03 12:21:13 | 002,207,052 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011/08/02 17:27:07 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.cat
[2011/08/02 17:27:07 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.cat
[2011/08/02 17:27:07 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.inf
[2011/08/02 17:27:07 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.inf
[2011/08/02 17:27:06 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.cat
[2011/08/02 17:27:06 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.cat
[2011/08/02 17:27:06 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.inf
[2011/08/02 17:27:06 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.inf
[2011/08/02 17:27:06 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.inf
[2011/08/02 17:27:05 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.cat
[2011/08/02 17:27:05 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.inf
[2011/08/02 17:27:03 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.cat
[2011/08/02 17:27:03 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.inf
[2011/08/02 17:25:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.cat
[2011/08/02 17:24:56 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\isolate.ini
[2011/08/02 14:16:14 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/08/02 14:16:14 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/08/02 14:15:53 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/07/25 01:05:20 | 006,555,930 | ---- | C] () -- C:\Users\CYA\Desktop\Mos Def - Summertime.mp3
[2011/07/25 01:03:24 | 006,503,894 | ---- | C] () -- C:\Users\CYA\Desktop\Mos Def- Sunshine.mp3
[2011/07/25 01:02:17 | 005,720,221 | ---- | C] () -- C:\Users\CYA\Desktop\Dre & Snoop Doggy Dog - aint nothing but a g-thang.mp3
[2011/07/25 01:01:06 | 005,290,141 | ---- | C] () -- C:\Users\CYA\Desktop\Dr. Dre -Ackrite.mp3
[2011/07/25 00:57:54 | 003,558,998 | ---- | C] () -- C:\Users\CYA\Desktop\Dr Dre - Murder Ink.mp3
[2011/07/23 04:00:59 | 004,367,287 | ---- | C] () -- C:\Users\CYA\Desktop\Doctor P - Sweet Shop (Friction vs Camo & Krooked Remix).mp3
[2011/07/23 03:58:01 | 200,486,951 | ---- | C] () -- C:\Users\CYA\Desktop\Skrillex - Rock n Roll (Will Take You to the Mountain).mp4
[2011/07/23 03:55:18 | 007,084,275 | ---- | C] () -- C:\Users\CYA\Desktop\Feed Me - Strange Behaviour (ft. Tasha Baxter).mp3
[2011/07/23 03:53:30 | 005,765,361 | ---- | C] () -- C:\Users\CYA\Desktop\'Still Gettin It' Foreign Beggars feat Skrillex.mp3
[2011/07/23 03:50:23 | 006,804,034 | ---- | C] () -- C:\Users\CYA\Desktop\RUFFNECK (FLEX) - SKRILLEX.mp3
[2011/07/23 03:48:06 | 025,659,988 | ---- | C] () -- C:\Users\CYA\Desktop\FIRST OF THE YEAR (EQUINOX) - SKRILLEX.mp4
[2011/06/25 14:45:40 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/20 15:12:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/20 01:31:57 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/04/13 15:49:45 | 000,176,780 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/16 20:03:03 | 000,006,944 | ---- | C] () -- C:\Users\CYA\AppData\Local\d3d9caps.dat
[2010/03/16 20:29:11 | 000,000,171 | -H-- | C] () -- C:\Users\CYA\AppData\Local\rahistory.xml
[2009/10/08 20:30:01 | 000,130,920 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009/10/08 20:30:01 | 000,008,252 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2009/09/24 06:51:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 06:51:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/11 21:25:10 | 000,000,078 | -H-- | C] () -- C:\Users\CYA\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/31 23:03:37 | 000,013,824 | ---- | C] () -- C:\Users\CYA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 21:19:27 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 20:49:09 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/31 17:08:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/22 04:40:04 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/22 04:36:25 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/22 03:58:40 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/22 02:52:26 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,387,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/24 11:04:14 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ftdiunin.exe
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/08/11 01:55:38 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\.minecraft
[2010/10/31 12:48:00 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Amazon
[2011/04/19 09:40:19 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\AVG10
[2010/01/03 15:20:54 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\funkitron
[2011/08/10 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\GlarySoft
[2011/06/11 03:22:42 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\ICAClient
[2011/07/10 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Macroplant, LLC
[2010/01/02 15:08:09 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Magic Academy
[2009/12/25 16:09:18 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Oberonv1002
[2010/06/29 22:20:10 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\PlayFirst
[2010/06/15 21:09:59 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Smith Micro
[2009/08/11 21:25:26 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Template
[2011/08/19 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Tific
[2010/06/14 20:03:17 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Titanium Gears
[2011/08/20 13:23:14 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\uTorrent
[2011/08/20 01:42:36 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\VDownloader
[2009/08/08 19:10:35 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\WildTangent
[2011/08/21 07:22:01 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C8A26DAA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CF2C26D2

< End of report >
  • 0

#18
Gammo
Posted 22 August 2011 - 06:54 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Services

:OTL
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - Reg Error: Key error. File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
[2011/08/10 09:19:42 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/08/10 11:29:41 | 000,000,000 | ---D | M] (Burn4Free DB Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/08/10 09:19:44 | 000,002,263 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\bing-zugo.xml
[2011/08/10 12:35:06 | 000,002,376 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\search.xml
File not found (No name found) -- C:\PROGRAM FILES\OBJECT\FACETHEME
O2 - BHO: (no name) - {276C5A67-1916-DB0F-5D5B-4393787FB8CD} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
O2 - BHO: (no name) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found.
O2 - BHO: (no name) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - No CLSID value found.
O3 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

:Reg

:Files
C:\Program Files\Viewpoint
C:\Program Files\Object
C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\bing-zugo.xml
C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\search.xml

:Commands
[emptytemp]
[emptyflash]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.





ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#19
mojoanna1
Posted 22 August 2011 - 07:21 AM

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Good Morning Gammo,
Already have Malwarebytes on computer. Tried to update but it won't update as it says there is a program error updating ,5,0 file updating. Access denied. What now.
  • 0

#20
Gammo
Posted 22 August 2011 - 08:34 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Download this file, run it and follow the on-screen instructions. That manually updates Malwarebytes' Anti-Malware.

Run Malwarebytees' Anti-Malware
  • Once the program has loaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#21
mojoanna1
Posted 22 August 2011 - 07:14 PM

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hey Gammo,
I have the log that you requested from Eset but I can not copy it for some reason. It removed 7 trojans though that the other software didn't pickup on. What now. I still have the log but I cant seem to do anything with it. Susanna
  • 0

#22
Gammo
Posted 23 August 2011 - 06:45 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please post the Malwarebytes' Anti-Malware (MBAM) log as well as the ESET Online Scanner log file. The MBAM log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

If you can't post the ESET log file (and MBAM log file), then you can try attaching them to a reply.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP