Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with my computer....can anyone tell me what my OTL log means?


  • This topic is locked This topic is locked

#1
mojoanna1

mojoanna1

    Member

  • Member
  • PipPip
  • 30 posts
I ran OTL on my computer because it kept shutting down on me. This is the log the scan produced. Can anyone tell me what I need to do to fix it. Also, I have a re-direct virus that is driving me crazy. Here is the log from OTL:


OTL logfile created on: 10/16/2011 4:55:28 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\CYA\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 50.24% Memory free
6.09 Gb Paging File | 4.52 Gb Available in Paging File | 74.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.05 Gb Total Space | 133.93 Gb Free Space | 60.59% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: CYA | User Name: CYA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\CYA\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Users\CYA\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe ()
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\System32\btwhidcs.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LPDSVC) -- C:\WINDOWS\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110901.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110901.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110831.030\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001_e9a\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (PCTAppEvent) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (SymDS) -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (pctgntdi) -- C:\WINDOWS\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctplfw) -- C:\WINDOWS\System32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctNdisMP) -- C:\WINDOWS\System32\drivers\pctNdis.sys (PC Tools)
DRV - (pctNdis) -- C:\WINDOWS\System32\drivers\pctNdis.sys (PC Tools)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (FTSER2K) -- C:\WINDOWS\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\System32\drivers\ftdibus.sys (FTDI Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\CYA\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/08/20 13:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/15 20:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2011/06/20 15:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYA\AppData\Roaming\Mozilla\Extensions
[2011/10/15 20:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions
[2011/09/29 02:32:44 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(175)
[2011/08/23 01:01:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/08/19 15:44:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/10 11:29:41 | 000,000,000 | ---D | M] (Burn4Free DB Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/08/20 08:22:06 | 000,000,000 | ---D | M] (VDownloader Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\[email protected]
[2011/08/20 08:22:21 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\[email protected]
[2011/08/20 08:22:07 | 000,002,394 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\askcom.xml
[2011/08/10 09:19:44 | 000,002,263 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\bing-zugo.xml
[2011/08/31 11:25:56 | 000,000,923 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\conduit.xml
[2011/08/10 12:35:06 | 000,002,376 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\search.xml
[2011/10/15 20:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/15 20:03:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/20 13:23:00 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/28 20:26:50 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/09/28 20:26:50 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/09/28 20:26:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/09/28 20:26:50 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/11 04:15:30 | 000,395,221 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13649 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {276C5A67-1916-DB0F-5D5B-4393787FB8CD} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found.
O2 - BHO: (no name) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll File not found
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B189A06B-19D7-43EF-89D5-B80E0C722A9E}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\CYA\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CYA\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/22 03:43:54 | 000,000,074 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\NPE
[2011/10/15 20:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/15 17:54:56 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\PC Cleaners
[2011/10/15 17:54:47 | 005,356,304 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/15 17:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2011/10/15 17:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2011/10/15 17:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaners
[2011/10/01 09:09:31 | 000,000,000 | ---D | C] -- C:\Users\CYA\Documents\My Games
[2011/10/01 09:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/10/01 02:08:39 | 000,000,000 | ---D | C] -- C:\Program Files(x86)
[2011/09/24 09:24:28 | 000,000,000 | ---D | C] -- C:\System Recovery Files
[2011/09/21 01:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/09/21 01:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/09/18 19:20:26 | 000,000,000 | ---D | C] -- C:\Users\CYA\Documents\Freecorder
[2011/09/18 19:20:26 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\FLVService
[2011/09/18 19:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
[2011/09/18 19:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2011/07/27 17:18:28 | 003,325,832 | ---- | C] (Ask) -- C:\Program Files\Common Files\APNToolbarInstaller.exe
[2011/07/27 17:18:28 | 000,108,424 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\APNStub.exe
[2010/03/23 20:53:47 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/16 15:51:54 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2011/10/16 15:50:33 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/10/16 15:48:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 15:48:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 15:48:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/16 15:48:19 | 3152,949,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/15 22:17:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/15 22:14:01 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/15 22:14:01 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/15 21:58:07 | 000,000,949 | ---- | M] () -- C:\Users\CYA\Desktop\Norton Installation Files.lnk
[2011/10/15 20:03:58 | 000,000,870 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/15 20:03:57 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/15 18:31:24 | 000,000,466 | ---- | M] () -- C:\Users\CYA\Desktop\Shortcut to System Recovery files.lnk
[2011/10/15 17:54:18 | 005,356,304 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/15 17:17:28 | 000,000,943 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2011/10/01 02:38:40 | 000,022,372 | ---- | M] () -- C:\Users\CYA\Desktop\resume, references, salary req.zip
[2011/09/21 07:44:46 | 000,001,079 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/21 07:44:46 | 000,001,055 | ---- | M] () -- C:\Users\CYA\Desktop\Spybot - Search & Destroy.lnk
[2011/09/18 18:24:29 | 311,008,280 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/15 21:45:04 | 000,000,949 | ---- | C] () -- C:\Users\CYA\Desktop\Norton Installation Files.lnk
[2011/10/15 20:03:57 | 000,000,870 | ---- | C] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/15 20:03:55 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/15 20:03:52 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/15 17:17:28 | 000,000,943 | ---- | C] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2011/09/24 09:24:42 | 000,000,466 | ---- | C] () -- C:\Users\CYA\Desktop\Shortcut to System Recovery files.lnk
[2011/08/21 07:10:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/20 11:08:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/20 11:08:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/20 11:08:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/20 11:08:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/20 11:08:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/25 14:45:40 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/20 15:12:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/20 01:31:57 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/04/13 15:49:45 | 000,176,780 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/16 20:03:03 | 000,006,944 | ---- | C] () -- C:\Users\CYA\AppData\Local\d3d9caps.dat
[2010/03/16 20:29:11 | 000,000,171 | -H-- | C] () -- C:\Users\CYA\AppData\Local\rahistory.xml
[2009/10/08 20:30:01 | 000,130,920 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009/10/08 20:30:01 | 000,008,252 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2009/09/24 06:51:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 06:51:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/11 21:25:10 | 000,000,078 | -H-- | C] () -- C:\Users\CYA\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/31 23:03:37 | 000,013,824 | ---- | C] () -- C:\Users\CYA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 21:19:27 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 20:49:09 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/31 17:08:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/22 04:40:04 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/22 04:36:25 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/22 03:58:40 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/22 02:52:26 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,387,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,617,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/24 11:04:14 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ftdiunin.exe
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/08/11 01:55:38 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\.minecraft
[2010/10/31 12:48:00 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Amazon
[2011/04/19 09:40:19 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\AVG10
[2010/01/03 15:20:54 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\funkitron
[2011/08/10 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\GlarySoft
[2011/06/11 03:22:42 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\ICAClient
[2011/09/12 10:19:48 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Image-Line
[2011/07/10 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Macroplant, LLC
[2010/01/02 15:08:09 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Magic Academy
[2009/12/25 16:09:18 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Oberonv1002
[2011/10/15 17:54:56 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\PC Cleaners
[2011/09/03 11:06:07 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\PCToolsFirewallPlus
[2010/06/29 22:20:10 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\PlayFirst
[2010/06/15 21:09:59 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Smith Micro
[2009/08/11 21:25:26 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Template
[2011/08/19 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Tific
[2010/06/14 20:03:17 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Titanium Gears
[2011/08/20 13:23:14 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\uTorrent
[2009/08/08 19:10:35 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\WildTangent
[2011/10/15 11:44:44 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PCToolsFirewallPlus
[2011/10/15 22:17:07 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 600 bytes -> C:\Users\CYA\Documents\pic.eml:OECustomProperty
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C8A26DAA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello mojoanna1 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
    IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
    FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
    FF - prefs.js..network.proxy.type: 0
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {276C5A67-1916-DB0F-5D5B-4393787FB8CD} - No CLSID value found.
    O2 - BHO: (no name) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
    O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
    [2011/10/15 18:31:24 | 000,000,466 | ---- | M] () -- C:\Users\CYA\Desktop\Shortcut to System Recovery files.lnk

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
mojoanna1

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello maliprog and thank you for helping me with this problem. Below you will find the log from OTL that you requested.


All processes killed
========== OTL ==========
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Prefs.js: "localho,t,127.0.0.1,*.local" removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{276C5A67-1916-DB0F-5D5B-4393787FB8CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{276C5A67-1916-DB0F-5D5B-4393787FB8CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cbc5b60a-aa4d-45f6-84c2-d086f320299a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbc5b60a-aa4d-45f6-84c2-d086f320299a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
File C:\Program Files\StartNow Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper deleted successfully.
C:\Users\CYA\Desktop\Shortcut to System Recovery files.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\users\cya\downloads\cmd.bat deleted successfully.
c:\users\cya\downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CYA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1161977607 bytes
->Java cache emptied: 27145514 bytes
->FireFox cache emptied: 42640688 bytes
->Apple Safari cache emptied: 11316224 bytes
->Flash cache emptied: 885 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 2836 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Devon
->Temp folder emptied: 100640 bytes
->Temporary Internet Files folder emptied: 41521 bytes
->FireFox cache emptied: 7388134 bytes
->Flash cache emptied: 456 bytes

User: Devon(240)

User: Guest
->Temp folder emptied: 52780 bytes
->Temporary Internet Files folder emptied: 299408 bytes
->FireFox cache emptied: 87911 bytes
->Flash cache emptied: 2836 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18134532 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 9216938 bytes

Total Files Cleaned = 1,219.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10172011_202225

Files\Folders moved on Reboot...
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\channels[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\fw-nonplayer-banner[2].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\fw-nonplayer-banner[3].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\fw-nonplayer-banner[4].htm moved successfully.
File\Folder C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\fw-nonplayer-banner[5].htm not found!
File\Folder C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\fw-nonplayer-banner[6].htm not found!
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\iframe[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\login_status[4].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\pixel[10].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTWPDY8E\reform-school-vs[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2GN8IXI\companion[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2GN8IXI\emily[3].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2GN8IXI\login_status[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2GN8IXI\xd_receiver[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2GN8IXI\xd_receiver[2].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QL4PZ4Z9\aceUACping[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QL4PZ4Z9\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QL4PZ4Z9\pixel[2].htm moved successfully.
File\Folder C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY9Q6E97\01[1].htm not found!
File\Folder C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY9Q6E97\fw-nonplayer-banner[1].htm not found!
File\Folder C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY9Q6E97\fw-nonplayer-banner[2].htm not found!
File\Folder C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY9Q6E97\fw-nonplayer-banner[3].htm not found!
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY9Q6E97\top-5-greatest-fights-in-baseball[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVNOP3R1\afr[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVNOP3R1\pixel[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP9N4LYZ\01[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP9N4LYZ\[email protected][1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP9N4LYZ\aceUACping[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP9N4LYZ\fw-nonplayer-banner[6].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP9N4LYZ\login_status[3].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP9N4LYZ\pixel[8].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP9N4LYZ\xd_receiver[3].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8IL10GT\adme-299023-10-14-2011[1].mp4 moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8IL10GT\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8IL10GT\fw-nonplayer-banner[2].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8IL10GT\login_status[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3B5K2XZ\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3B5K2XZ\fw-nonplayer-banner[2].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3B5K2XZ\iframe[3].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3B5K2XZ\pixel[6].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3B5K2XZ\xd_receiver[1].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
mojoanna1

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello again maliprog. After I ran OTL I downloaded Combofix and let the scan run uninterrupted. At the end of the scan, it posted a message as follows:

Administrator. Combofix- Find 3M
Preparing Log Report. Do not run any programs until Combofix has finished.

This application has requested the Runtime to terminate it in an unusual way. Please contact the applications support team for more information.


Another window came up from Windows/computer with this message:

PEV.exe has stopped working correctly. Windows will close the program and notify you if a solution is available.


Now what?

Mojoanna1
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi mojoanna1,

Try to find combofix log in C:\Comgbofix.txt and post it here to me.

If you can't find it then try to run Combofix in Safe mode.

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#6
mojoanna1

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Maliprog,

Here is the log you requested. Let me know what I need to do next. Thanks for all your help!!!


Mojoanna1



ComboFix 11-10-17.02 - CYA 10/18/2011 8:54.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2524 [GMT -4:00]
Running from: c:\users\CYA\Downloads\ComboFix.exe
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\users\CYA\AppData\Local\Windows Server
c:\users\CYA\AppData\Local\Windows Server\flags.ini
c:\users\CYA\AppData\Local\Windows Server\uses32.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 13:02 . 2011-10-18 13:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-18 13:02 . 2011-10-18 13:02 -------- d-----w- c:\users\Devon\AppData\Local\temp
2011-10-18 13:02 . 2011-10-18 13:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-17 15:32 . 2011-10-17 15:32 -------- d-----w- c:\users\Devon\AppData\Roaming\Apple Computer
2011-10-17 15:32 . 2011-10-17 15:32 -------- d-----w- c:\users\Devon\Bluetooth Software
2011-10-17 15:31 . 2011-10-17 15:32 -------- d-----w- c:\users\Devon\AppData\Roaming\PCToolsFirewallPlus
2011-10-17 15:31 . 2011-10-17 15:31 -------- d-----w- c:\users\Devon\AppData\Local\VirtualStore
2011-10-17 15:06 . 2011-10-17 15:06 -------- d-----w- C:\Temp
2011-10-16 02:11 . 2009-06-12 10:18 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-16 01:48 . 2011-10-16 02:27 -------- d-----w- c:\users\CYA\AppData\Local\NPE
2011-10-15 21:54 . 2011-10-15 21:54 -------- d-----w- c:\users\CYA\AppData\Roaming\PC Cleaners
2011-10-15 21:54 . 2011-10-15 21:54 5356304 ----a-w- c:\windows\uninst.exe
2011-10-15 21:54 . 2011-10-15 22:03 -------- d-----w- c:\program files\PC Cleaners
2011-10-15 21:54 . 2011-10-15 21:54 -------- d-----w- c:\programdata\PC1Data
2011-10-15 13:07 . 2011-10-15 15:44 -------- d-----w- c:\users\Guest
2011-10-15 10:57 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4984E3CF-DE9A-4163-92D0-33A4C35EA170}\mpengine.dll
2011-10-01 13:08 . 2011-10-01 13:08 -------- d-----w- c:\program files\Microsoft XNA
2011-10-01 06:08 . 2011-10-16 03:41 -------- d-----w- C:\Program Files(x86)
2011-09-26 15:06 . 2011-10-15 08:10 -------- d-----w- c:\users\Devon\AppData\Local\FLVService
2011-09-24 13:24 . 2011-10-15 22:31 -------- d-----w- C:\System Recovery Files
2011-09-21 05:48 . 2011-10-15 08:12 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-09-21 05:45 . 2011-09-25 03:40 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-09-18 23:20 . 2011-10-18 12:03 -------- d-----w- c:\users\CYA\AppData\Local\FLVService
2011-09-18 23:20 . 2011-10-15 08:12 -------- d-----w- c:\program files\Freecorder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 19:29 . 2011-08-11 19:29 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-08-11 19:29 . 2011-08-11 19:29 315392 ----a-w- c:\windows\HideWin.exe
2011-08-11 01:17 . 2011-08-11 01:17 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-11 01:17 . 2011-08-11 01:17 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-08-11 01:17 . 2011-08-11 01:17 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-11 01:17 . 2011-08-11 01:17 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-11 01:17 . 2011-08-11 01:17 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-11 01:17 . 2011-08-11 01:17 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-11 01:17 . 2011-08-11 01:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-11 01:17 . 2011-08-11 01:17 367104 ----a-w- c:\windows\system32\html.iec
2011-08-11 01:17 . 2011-08-11 01:17 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-11 01:17 . 2011-08-11 01:17 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 01:17 . 2011-08-11 01:17 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-11 01:17 . 2011-08-11 01:17 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-11 01:17 . 2011-08-11 01:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-11 01:17 . 2011-08-11 01:17 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-11 01:17 . 2011-08-11 01:17 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-11 01:17 . 2011-08-11 01:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-11 01:17 . 2011-08-11 01:17 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-11 01:17 . 2011-08-11 01:17 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-08-11 01:17 . 2011-08-11 01:17 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-11 01:17 . 2011-08-11 01:17 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-11 01:17 . 2011-08-11 01:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-23 17:03 . 2011-07-27 21:18 108424 ----a-w- c:\program files\Common Files\APNStub.exe
2011-03-23 16:26 . 2011-07-27 21:18 3325832 ----a-w- c:\program files\Common Files\APNToolbarInstaller.exe
2010-02-10 20:18 . 2010-03-24 00:53 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-01-26 15:11 . 2011-06-20 05:31 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-09-29 06:53 . 2011-10-16 00:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
c:\program files\ConduitEngine\ConduitEngin0.dll [BU]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-12-25 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-856919484-758718920-2567828494-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2011-01-17 251560]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-03-02 160576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-01-12 89472]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [2010-07-08 57536]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-07-08 57536]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2011-01-17 125248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{276C5A67-1916-DB0F-5D5B-4393787FB8CD} - (no file)
BHO-{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - (no file)
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-facetheme - c:\program files\Object\facetheme_uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 09:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-856919484-758718920-2567828494-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,06,65,ef,36,9b,ad,92,57,e6,36,8c,cb,41,fe,6d,bd,dd,55,3c,19,
07,1c,73,a0,eb,ba,93,77,f7,92,b4,6e,b7,16,6b,15,e4,68,c7,2f,94,3d,92,26,a9,\
"rkeysecu"=hex:3f,c1,a9,54,1e,90,3b,e7,ce,88,78,fd,64,7c,bd,0f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-18 09:05:23
ComboFix-quarantined-files.txt 2011-10-18 13:05
ComboFix2.txt 2011-08-20 16:35
.
Pre-Run: 179,251,662,848 bytes free
Post-Run: 179,331,686,400 bytes free
.
- - End Of File - - 9A9AE6340AF14D06FEA9930EED21DFED
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi mojoanna1,

How is your system now? Any problems?
  • 0

#8
mojoanna1

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Maliprog,

System is running better! Still have the re-direct virus though. Any thoughts? Thank you for all your help with this sh...!



Mojoanna1
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's see what we have there.

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the "Scan All User" checkbox
  • Change "Extra Registry" option to "SafeList"
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.

  • 0

#10
mojoanna1

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Maliprog,

Here is the log you requested. It only created 1 log. Is it suppose to generate 2?


OTL logfile created on: 10/19/2011 9:02:03 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = c:\users\cya\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 54.99% Memory free
6.07 Gb Paging File | 4.83 Gb Available in Paging File | 79.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.05 Gb Total Space | 162.09 Gb Free Space | 73.33% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.93% Space Free | Partition Type: NTFS
Drive E: | 3.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CYA | User Name: CYA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Users\CYA\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\System32\btwhidcs.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LPDSVC) -- C:\WINDOWS\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (PCTAppEvent) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctplfw) -- C:\WINDOWS\System32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctNdisMP) -- C:\WINDOWS\System32\drivers\pctNdis.sys (PC Tools)
DRV - (pctNdis) -- C:\WINDOWS\System32\drivers\pctNdis.sys (PC Tools)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (FTSER2K) -- C:\WINDOWS\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\System32\drivers\ftdibus.sys (FTDI Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\CYA\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/15 20:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2011/06/20 15:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYA\AppData\Roaming\Mozilla\Extensions
[2011/10/15 20:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions
[2011/09/29 02:32:44 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(175)
[2011/08/23 01:01:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/08/19 15:44:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/10 11:29:41 | 000,000,000 | ---D | M] (Burn4Free DB Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/08/20 08:22:06 | 000,000,000 | ---D | M] (VDownloader Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\[email protected]
[2011/08/20 08:22:21 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\[email protected]
[2011/08/20 08:22:07 | 000,002,394 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\askcom.xml
[2011/08/10 09:19:44 | 000,002,263 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\bing-zugo.xml
[2011/08/31 11:25:56 | 000,000,923 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\conduit.xml
[2011/08/10 12:35:06 | 000,002,376 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\search.xml
[2011/10/15 20:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/17 20:50:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll File not found
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B189A06B-19D7-43EF-89D5-B80E0C722A9E}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\CYA\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CYA\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/22 03:43:54 | 000,000,074 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2008/01/19 16:00:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/19 03:08:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/18 09:05:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/18 09:05:25 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\temp
[2011/10/18 09:04:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/17 11:06:37 | 000,000,000 | ---D | C] -- C:\Temp
[2011/10/15 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\NPE
[2011/10/15 20:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/15 17:54:56 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\PC Cleaners
[2011/10/15 17:54:47 | 005,356,304 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/15 17:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2011/10/15 17:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2011/10/15 17:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaners
[2011/10/01 09:09:31 | 000,000,000 | ---D | C] -- C:\Users\CYA\Documents\My Games
[2011/10/01 09:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/10/01 02:08:39 | 000,000,000 | ---D | C] -- C:\Program Files(x86)
[2011/09/24 09:24:28 | 000,000,000 | ---D | C] -- C:\System Recovery Files
[2011/09/21 01:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/09/21 01:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/07/27 17:18:28 | 003,325,832 | ---- | C] (Ask) -- C:\Program Files\Common Files\APNToolbarInstaller.exe
[2011/07/27 17:18:28 | 000,108,424 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\APNStub.exe
[2010/03/23 20:53:47 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/19 08:45:23 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/10/19 07:29:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/19 07:29:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/19 03:29:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/19 03:29:35 | 3152,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/19 03:28:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/19 03:09:45 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/19 03:09:45 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/18 08:46:50 | 157,555,524 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/17 20:50:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/17 19:03:26 | 001,413,612 | ---- | M] () -- C:\Users\CYA\Documents\IMGP1508.JPG
[2011/10/17 18:57:05 | 001,421,348 | ---- | M] () -- C:\Users\CYA\Documents\IMGP1502.JPG
[2011/10/16 22:41:18 | 000,001,189 | ---- | M] () -- C:\Users\CYA\Desktop\OTM.exe - Shortcut.lnk
[2011/10/16 15:51:54 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2011/10/15 21:58:07 | 000,000,949 | ---- | M] () -- C:\Users\CYA\Desktop\Norton Installation Files.lnk
[2011/10/15 20:03:58 | 000,000,870 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/15 20:03:57 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/15 17:54:18 | 005,356,304 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/15 17:17:28 | 000,000,943 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2011/10/01 02:38:40 | 000,022,372 | ---- | M] () -- C:\Users\CYA\Desktop\resume, references, salary req.zip
[2011/09/21 07:44:46 | 000,001,079 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/21 07:44:46 | 000,001,055 | ---- | M] () -- C:\Users\CYA\Desktop\Spybot - Search & Destroy.lnk
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/18 09:08:03 | 3152,986,112 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/17 19:03:22 | 001,413,612 | ---- | C] () -- C:\Users\CYA\Documents\IMGP1508.JPG
[2011/10/17 18:56:57 | 001,421,348 | ---- | C] () -- C:\Users\CYA\Documents\IMGP1502.JPG
[2011/10/15 21:45:04 | 000,000,949 | ---- | C] () -- C:\Users\CYA\Desktop\Norton Installation Files.lnk
[2011/10/15 20:03:57 | 000,000,870 | ---- | C] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/15 20:03:55 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/15 20:03:52 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/15 17:17:28 | 000,000,943 | ---- | C] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2011/08/21 07:10:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/20 11:08:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/20 11:08:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/20 11:08:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/20 11:08:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/20 11:08:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/25 14:45:40 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/20 15:12:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/20 01:31:57 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/04/13 15:49:45 | 000,176,780 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/16 20:03:03 | 000,006,944 | ---- | C] () -- C:\Users\CYA\AppData\Local\d3d9caps.dat
[2010/03/16 20:29:11 | 000,000,171 | -H-- | C] () -- C:\Users\CYA\AppData\Local\rahistory.xml
[2009/10/08 20:30:01 | 000,130,920 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009/10/08 20:30:01 | 000,008,252 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2009/09/24 06:51:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 06:51:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/11 21:25:10 | 000,000,078 | -H-- | C] () -- C:\Users\CYA\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/31 23:03:37 | 000,013,824 | ---- | C] () -- C:\Users\CYA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 21:19:27 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 20:49:09 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/31 17:08:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/22 04:40:04 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/22 04:36:25 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/22 03:58:40 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/22 02:52:26 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,387,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,617,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/24 11:04:14 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ftdiunin.exe
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 600 bytes -> C:\Users\CYA\Documents\pic.eml:OECustomProperty
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C8A26DAA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I see some leftovers. Please test your system for redirections after these steps and report here to me.

Step 1

Please disable TeaTimer for now until you are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    [HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Update your Malwarebytes and do Quick Scan. Post log after the scan.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#12
mojoanna1

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok, here is the Moved Files from OTL. I will post Malewarebytes in separate reply.


All processes killed
========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\users\cya\downloads\cmd.bat deleted successfully.
c:\users\cya\downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CYA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 227816973 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37443549 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Devon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Devon(240)
->Temp folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11377984 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 264.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10192011_093108

Files\Folders moved on Reboot...
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNS7TL6N\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNS7TL6N\fw-nonplayer-banner[2].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNS7TL6N\fw-nonplayer-banner[3].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZSQMZA2\pixel[4].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIJMIJZF\companion[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R36GK62L\thisweekincombatsports_mevio_com[1].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LS865QN\emily[2].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LS865QN\xd_receiver[2].htm moved successfully.
C:\Users\CYA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GXHE46B\login_status[1].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#13
mojoanna1

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is the bytes log Maliprog.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7980

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/19/2011 10:10:13 AM
mbam-log-2011-10-19 (10-10-13).txt

Scan type: Quick scan
Objects scanned: 218710
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
mojoanna1

mojoanna1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hey Maliprog, it is still re-directing even with malwarebytes removal of a bug but it is not as bad. Computer is running much better by the way.


Mojoanna1
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We will do deeper scans now and try to find this bugger.

Step 1

Please answer these questions for me so we can narrow the problem.

  • Do you use router to to access internet?
  • Do you have any other PCs connected to that router and does they get redirected?
  • Do you get redirected in all browsers you use or this redirection only effect one browser?

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 5

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • OTL fix log
It would be helpful if you could post each log in separate post
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP