Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox browser hijacks and wont update [Solved]

Started by zuggalo , Aug 20 2012 07:03 PM

  • This topic is locked This topic is locked

#1
zuggalo
Posted 20 August 2012 - 07:03 PM

zuggalo

    Member

  • Member
  • PipPip
  • 84 posts
So yea basically at the title said the browser on this comp gets taken to random pages. Also firefox gives me a error saying something is stopping it from updating securely. Im also guessing it came from a fake facebook app someone used on here.

Thanks in advance for the help
Brad

OTL logfile created on: 21/08/2012 10:52:09 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Anne\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.75 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 50.15% Memory free
3.74 Gb Paging File | 2.85 Gb Available in Paging File | 76.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.95 Gb Total Space | 78.14 Gb Free Space | 56.64% Space Free | Partition Type: NTFS
Drive D: | 11.09 Gb Total Space | 1.85 Gb Free Space | 16.65% Space Free | Partition Type: NTFS

Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 10:50:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Downloads\OTL.exe
PRC - [2012/08/15 16:13:14 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/14 10:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/10/07 02:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2005/08/05 22:15:04 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM305_STI.EXE


========== Modules (No Company Name) ==========

MOD - [2012/08/15 16:13:13 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/07/14 10:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/04/11 16:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/09/24 10:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2012/08/15 16:13:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/22 10:10:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/10/07 02:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/23 20:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/01/02 12:26:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/10 05:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/25 08:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/21 12:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/18 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 10:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/05/08 17:24:24 | 000,391,688 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM305.sys -- (ZSMC0305)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {A52B0B98-1171-4F46-8D39-AD2A29508E72}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A52B0B98-1171-4F46-8D39-AD2A29508E72}: "URL" = http://slirsredirect...hpcnnbie7-en-au

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.a...kyp&ocid=skydhp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 9F DE 86 CB EA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {A52B0B98-1171-4F46-8D39-AD2A29508E72}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A52B0B98-1171-4F46-8D39-AD2A29508E72}: "URL" = http://slirsredirect...hpcnnbie7-en-au
IE - HKCU\..\SearchScopes\{C022FCB8-1798-4ACA-9CA9-EF3628228D2A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/21 09:09:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/21 10:23:42 | 000,000,000 | ---D | M]

[2010/01/10 02:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\Mozilla\Extensions
[2012/06/10 03:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\bf7tkf3h.default\extensions
[2010/05/06 03:49:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\bf7tkf3h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/30 21:29:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\bf7tkf3h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/04 18:15:13 | 000,001,819 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\bf7tkf3h.default\searchplugins\bing.xml
[2012/08/21 09:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/13 03:20:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/10 03:38:23 | 000,019,623 | ---- | M] () (No name found) -- C:\USERS\ANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BF7TKF3H.DEFAULT\EXTENSIONS\[email protected]
[2012/07/14 10:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 10:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 10:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BigDog305] C:\Windows\VM305_STI.EXE (Vimicro)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE6EEC7A-6638-48F4-AF0B-B0F7728F92FE}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{06953820-f296-11de-a06a-001f16ea204d}\Shell - "" = AutoRun
O33 - MountPoints2\{06953820-f296-11de-a06a-001f16ea204d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{06953821-f296-11de-a06a-001f16ea204d}\Shell - "" = AutoRun
O33 - MountPoints2\{06953821-f296-11de-a06a-001f16ea204d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{0695382d-f296-11de-a06a-001f16ea204d}\Shell - "" = AutoRun
O33 - MountPoints2\{0695382d-f296-11de-a06a-001f16ea204d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{0695382f-f296-11de-a06a-001f16ea204d}\Shell - "" = AutoRun
O33 - MountPoints2\{0695382f-f296-11de-a06a-001f16ea204d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{06953e23-f296-11de-a06a-001f16ea204d}\Shell - "" = AutoRun
O33 - MountPoints2\{06953e23-f296-11de-a06a-001f16ea204d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2448f29d-f55f-11de-a0ed-001f16ea204d}\Shell\Auto\command - "" = I:\Automatic.sos
O33 - MountPoints2\{2448f29d-f55f-11de-a0ed-001f16ea204d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Automatic.sos
O33 - MountPoints2\{2448f29f-f55f-11de-a0ed-001f16ea204d}\Shell\Auto\command - "" = K:\Automatic.sos
O33 - MountPoints2\{2448f29f-f55f-11de-a0ed-001f16ea204d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Automatic.sos
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 10:28:32 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\pak
[2012/08/21 10:23:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/21 10:20:50 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{06E0669F-7B67-43AD-895C-26DC45FC801A}
[2012/08/19 04:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/13 11:47:33 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{E99D7E40-18B2-44AF-980A-918A10D58C77}
[2012/08/11 03:10:40 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\music
[2012/08/09 10:34:19 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{86743735-2262-4CFF-89A7-E5CF643A1256}
[2012/07/29 10:32:22 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{D9CFFA1C-F57A-45DD-9406-F36F27AE31BE}
[2012/07/29 10:32:01 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{E4EEAB11-8025-44D5-BF8A-41CB07A4D650}
[2012/07/28 00:53:42 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{29771C9C-0B23-4C69-9320-831E829E069A}
[2012/07/28 00:53:01 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{7AEE5DED-6CDC-4E96-BF50-26A82766B383}
[2012/07/27 12:52:37 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{EC191A25-C501-4841-B73A-BC79945A19F1}
[2012/07/27 00:59:31 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{AE016EB3-99A1-4D1B-8603-9DF6D81C9BDF}
[2012/07/26 12:57:04 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{51FDA4BF-0DDC-4DEE-BE5D-B8D87EFBE1FE}
[2012/07/26 12:56:29 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{064F0DD5-EB87-4DA6-A009-B163B99FCA3B}
[2012/07/26 00:56:10 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{D576A313-3E41-49A5-86C2-3409AA58AA71}
[2012/07/26 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{46275AEC-665C-4AF4-A363-EF76F617FE50}
[2012/07/25 12:55:34 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{B75F1D76-674E-4CB2-9ACC-DF0CB1C6E53C}
[2012/07/25 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{682BB221-9663-4703-9429-CDC3B4FF2B2F}
[2012/07/25 00:54:58 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{84270E97-96DC-4C35-98FF-53841DEFD84E}
[2012/07/25 00:54:42 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{F05192E1-29F1-485A-BAC0-F2EB97203526}
[2012/07/24 12:53:16 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{A3A278DB-B21D-4AE8-BB88-A88AAEB55CF0}
[2012/07/24 12:52:59 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{DEAAF247-3BF5-4C33-9850-17E92CA1EF7E}
[2012/07/23 09:13:07 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

========== Files - Modified Within 30 Days ==========

[2012/08/21 10:47:26 | 000,679,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/21 10:47:26 | 000,142,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/21 10:43:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 10:43:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 10:43:14 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/08/21 10:43:06 | 000,542,754 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/08/21 10:43:05 | 000,542,754 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/08/21 10:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/21 10:35:32 | 000,196,608 | ---- | M] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/21 10:20:14 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAnne.job
[2012/08/21 09:09:42 | 000,000,870 | ---- | M] () -- C:\Users\Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/19 18:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/08 17:36:30 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

========== Files Created - No Company Name ==========

[2012/08/21 10:34:05 | 888,676,352 | ---- | C] () -- C:\Users\Anne\Desktop\Evil.Dead.The.Musical.2003.VHSRip.XviD-CG.avi
[2012/08/21 09:09:42 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/22 11:32:02 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
[2012/07/22 11:31:53 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@
[2012/07/22 11:31:53 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
[2012/07/22 11:31:48 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
[2012/07/22 11:31:14 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@
[2012/07/22 11:31:14 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@
[2012/06/14 15:28:01 | 000,126,912 | ---- | C] () -- C:\Users\Anne\Tim and Michael.jpg
[2012/06/14 15:27:58 | 000,451,756 | ---- | C] () -- C:\Users\Anne\Metro Football Club 110217.pdf
[2012/01/14 03:32:01 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2012/01/14 03:32:01 | 000,002,048 | -HS- | C] () -- C:\Users\Anne\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011/12/26 08:37:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/02/01 10:55:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/02 07:50:27 | 000,007,808 | ---- | C] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat
[2009/12/30 19:28:48 | 000,542,754 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/30 17:15:56 | 000,542,754 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/27 16:14:51 | 000,196,608 | ---- | C] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 10:30:24 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2010/10/25 09:48:16 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Azureus
[2010/11/01 07:53:20 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\FloodLightGames
[2012/06/02 12:13:14 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\go
[2010/09/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\iWin
[2010/09/07 05:12:14 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\muvee Technologies
[2009/12/27 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Vodafone
[2009/12/25 20:47:09 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\WildTangent
[2012/08/21 10:25:41 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Dakeyras
Posted 21 August 2012 - 04:37 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is a variant of the extremely severe Zero Access Rootkit plus undoubtedly other comprising malware!

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course I strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Next:

I can attempt to clean this machine(anything I try may not be successful and the machine may loose internet connectivity) but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0

#3
zuggalo
Posted 21 August 2012 - 04:56 PM

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thanks for the news. Not so bad though this is basically a laptop plugged into my tv to watch vids on so nothing to back up ect.

So yea guess ill go with the format and reinstall. Only question i have is how to format?

Thanks again
Brad
  • 0

#4
Dakeyras
Posted 21 August 2012 - 05:10 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thanks for the news

You're welcome.

Not so bad though this is basically a laptop plugged into my tv to watch vids on so nothing to back up ect.

Fair play.

So yea guess ill go with the format and reinstall. Only question i have is how to format?

Do you have a Vista Installation DVD? Noticed some HP related software installed so if your machine is a HP, inform myself the exact make/modal(regardless if a HP or not) as evidence may be what is known as a Recovery Partition that could be invoked for example.

Next:

Answer the above for me as best able and I in turn will provide the appropriate advice.
  • 0

#5
zuggalo
Posted 21 August 2012 - 06:19 PM

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Says its a compc(q?) on the actual comp. The bottom says HP presario CQ06. Model #CQ06-416AU. Dont know about the vista CD but ive got all the serial ect. And yes it is partitioned with a recovery drive.

Any more info just ask

Thanks again
Brad
  • 0

#6
Dakeyras
Posted 22 August 2012 - 05:47 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Says its a compc(q?) on the actual comp. The bottom says HP presario CQ06. Model #CQ06-416AU. Dont know about the vista CD but ive got all the serial ect. And yes it is partitioned with a recovery drive.

OK, Compaq/HP are both one company now if I recall.

Anyway this article has the information you require:-

Recover Windows Vista Operating System Using HP Recovery

Once on the page, scroll down to:-

Restore the PC to its original condition with the HP Recovery Manager from within Windows Vista

And follow the instructions etc. Let myself know if a successful outcome and I can also provide some advice about what to install security wise afterwards if you so wish.
  • 0

#7
Dakeyras
Posted 25 August 2012 - 06:12 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
Dakeyras
Posted 03 September 2012 - 03:50 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Topic re-opened at OP's request.

--------------

What further assistance do you require? :)
  • 0

#9
zuggalo
Posted 04 September 2012 - 10:01 PM

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thanks for all your help so far and sorry about the delay in the reply.

Im just trying to finish updating my comp ill get back to u with more info in the next 12 hours.
  • 0

#10
zuggalo
Posted 04 September 2012 - 10:48 PM

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
OTL logfile created on: 5/09/2012 2:37:23 PM - Run 3
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\brad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.75 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 36.07% Memory free
3.74 Gb Paging File | 2.66 Gb Available in Paging File | 71.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.95 Gb Total Space | 108.24 Gb Free Space | 78.46% Space Free | Partition Type: NTFS
Drive D: | 11.09 Gb Total Space | 1.80 Gb Free Space | 16.18% Space Free | Partition Type: NTFS

Computer Name: BRAD-PC | User Name: brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 12:55:58 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\brad\Downloads\OTL.exe
PRC - [2012/06/22 23:55:48 | 000,265,952 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/10/07 02:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2012/09/01 12:19:09 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/25 12:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/22 23:55:48 | 000,265,952 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/10/07 02:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/10 05:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/25 08:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 23:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/21 12:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/18 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 10:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {A52B0B98-1171-4F46-8D39-AD2A29508E72}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{A52B0B98-1171-4F46-8D39-AD2A29508E72}: "URL" = http://slirsredirect...hpcnnbie7-en-au

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://klit.startnow...ion=6.0-x86-SP1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}
IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow...eferrer:source}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{A52B0B98-1171-4F46-8D39-AD2A29508E72}: "URL" = http://slirsredirect...hpcnnbie7-en-au
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.5.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..keyword.URL: "http://klit.startnow...6.0-x86-SP1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/01 12:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/01 12:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brad\AppData\Roaming\Mozilla\Extensions
[2012/09/01 13:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\z14hn40z.default\extensions
[2012/09/01 13:51:01 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\z14hn40z.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/09/01 13:41:43 | 000,001,390 | ---- | M] () -- C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\z14hn40z.default\searchplugins\yahoo-zugo.xml
[2012/09/05 11:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 11:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/08/25 12:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/25 12:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/25 12:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18FEF002-9138-4C1F-9607-1E6DEACDF28B}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/05 14:21:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/09/05 14:21:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/09/05 14:21:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/09/05 13:47:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/09/05 11:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/05 11:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/04 15:19:43 | 000,000,000 | ---D | C] -- C:\Users\brad\Documents\My Received Files
[2012/09/03 10:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/03 09:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/09/02 00:15:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/09/01 23:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/09/01 23:42:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/01 23:39:23 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee
[2012/09/01 23:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\muvee Technologies
[2012/09/01 23:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2012/09/01 23:34:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/09/01 23:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012/09/01 23:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2012/09/01 23:34:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftStylus
[2012/09/01 23:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\SoftStylus
[2012/09/01 23:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2012/09/01 23:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2012/09/01 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/09/01 23:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/09/01 23:24:51 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2012/09/01 23:24:51 | 000,376,832 | ---- | C] (Atheros) -- C:\Windows\System32\S64CPA.exe
[2012/09/01 23:24:51 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2012/09/01 23:24:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2012/09/01 23:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012/09/01 23:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012/09/01 23:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/09/01 23:23:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/01 23:16:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/09/01 13:42:11 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Roaming\Media Player Classic
[2012/09/01 13:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2012/09/01 13:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/09/01 13:41:20 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012/09/01 13:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/09/01 12:56:56 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Local\Adobe
[2012/09/01 12:40:42 | 000,000,000 | ---D | C] -- C:\Users\brad\Tracing
[2012/09/01 12:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2012/09/01 12:39:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/09/01 12:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/09/01 12:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/09/01 12:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/09/01 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012/09/01 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012/09/01 12:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/09/01 12:34:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/09/01 12:21:25 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Local\Macromedia
[2012/09/01 12:08:54 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Roaming\Mozilla
[2012/09/01 12:08:54 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Local\Mozilla
[2012/09/01 12:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/01 12:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/01 12:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/01 10:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/09/01 10:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/09/01 10:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/09/01 10:20:29 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Local\Microsoft Help
[2012/09/01 09:29:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/09/01 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/09/01 08:03:41 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Roaming\Macromedia
[2012/09/01 08:03:27 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Roaming\Adobe
[2012/09/01 07:34:20 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Local\WindowsUpdate
[2012/09/01 06:59:40 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Local\Hewlett-Packard
[2012/09/01 06:59:37 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Roaming\Hewlett-Packard
[2012/09/01 06:58:55 | 000,000,000 | R--D | C] -- C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/01 06:58:55 | 000,000,000 | R--D | C] -- C:\Users\brad\Searches
[2012/09/01 06:58:55 | 000,000,000 | R--D | C] -- C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/01 06:58:48 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Roaming\Identities
[2012/09/01 06:58:44 | 000,000,000 | R--D | C] -- C:\Users\brad\Contacts
[2012/09/01 06:52:51 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Roaming\HP TCS
[2012/09/01 06:52:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2012/09/01 06:49:56 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Local\VirtualStore
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\AppData\Local\Temporary Internet Files
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\Templates
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\Start Menu
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\SendTo
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\Recent
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\PrintHood
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\NetHood
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\Documents\My Videos
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\Documents\My Pictures
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\Documents\My Music
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\My Documents
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\Local Settings
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\AppData\Local\History
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\Cookies
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\Application Data
[2012/09/01 06:49:50 | 000,000,000 | -HSD | C] -- C:\Users\brad\AppData\Local\Application Data
[2012/09/01 06:49:49 | 000,000,000 | --SD | C] -- C:\Users\brad\AppData\Roaming\Microsoft
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\Videos
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\Saved Games
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\Pictures
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\Music
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\Links
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\Favorites
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\Downloads
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\Documents
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\Desktop
[2012/09/01 06:49:49 | 000,000,000 | R--D | C] -- C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/01 06:49:49 | 000,000,000 | -H-D | C] -- C:\Users\brad\AppData
[2012/09/01 06:49:49 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Local\Temp
[2012/09/01 06:49:49 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Local\Microsoft
[2012/09/01 06:49:49 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Roaming\Media Center Programs
[2012/09/01 06:49:49 | 000,000,000 | ---D | C] -- C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

========== Files - Modified Within 30 Days ==========

[2012/09/05 14:33:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/05 14:33:13 | 000,658,004 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/05 14:33:13 | 000,127,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/05 14:31:04 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/09/05 14:29:30 | 000,000,943 | ---- | M] () -- C:\Users\brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/05 14:29:19 | 000,202,862 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/05 14:29:19 | 000,202,862 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/05 14:28:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 14:28:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 14:25:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/05 14:25:43 | 000,380,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/05 14:24:59 | 1877,278,720 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/04 11:03:48 | 000,006,656 | ---- | M] () -- C:\Users\brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 10:12:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/01 23:46:28 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/09/01 23:28:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2012/09/01 23:20:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/09/01 12:08:47 | 000,000,870 | ---- | M] () -- C:\Users\brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/01 10:23:58 | 000,000,422 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/09/01 06:51:07 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE938VFG9_E508165-371_4A_I303C_SWistron_V08.60_F.3E_T090623_WV3-1_L409_M1790_J160_7AMD_8F31_92.10_#120901_N168C001C;10DE0760_(VW516PA#ABG)_XMOBILE_CN10_Z_2F.3E.MRK
[2012/08/18 04:00:00 | 000,112,640 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll

========== Files Created - No Company Name ==========

[2012/09/05 13:35:49 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/09/05 13:35:47 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/09/05 13:35:34 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/09/05 13:35:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/09/05 13:35:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/09/05 13:35:26 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/09/05 13:35:20 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/09/05 13:34:57 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/09/05 13:34:54 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/09/05 13:33:46 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/09/03 10:12:23 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/03 10:11:38 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/01 23:35:54 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012/09/01 23:35:48 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2012/09/01 23:30:54 | 006,416,928 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2012/09/01 23:28:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2012/09/01 23:26:15 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/09/01 23:26:01 | 000,002,016 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2012/09/01 23:20:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/09/01 23:16:58 | 1877,278,720 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/01 13:41:21 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/09/01 13:41:21 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/09/01 13:41:21 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2012/09/01 13:41:20 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/09/01 13:41:18 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/09/01 12:19:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/01 12:08:47 | 000,000,870 | ---- | C] () -- C:\Users\brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/01 12:08:47 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/01 09:28:23 | 000,202,862 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/09/01 09:17:00 | 000,202,862 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/09/01 08:33:50 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/09/01 08:33:50 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/09/01 08:33:49 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/09/01 07:54:11 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/09/01 07:31:07 | 000,000,943 | ---- | C] () -- C:\Users\brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/01 07:26:15 | 000,006,656 | ---- | C] () -- C:\Users\brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/01 06:58:56 | 000,000,949 | ---- | C] () -- C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/01 06:58:55 | 000,000,944 | ---- | C] () -- C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/09/01 06:58:44 | 000,000,915 | ---- | C] () -- C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/09/01 06:52:44 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012/09/01 06:52:34 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2012/09/01 06:51:07 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE938VFG9_E508165-371_4A_I303C_SWistron_V08.60_F.3E_T090623_WV3-1_L409_M1790_J160_7AMD_8F31_92.10_#120901_N168C001C;10DE0760_(VW516PA#ABG)_XMOBILE_CN10_Z_2F.3E.MRK
[2012/09/01 06:49:49 | 000,000,258 | ---- | C] () -- C:\Users\brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

========== LOP Check ==========

[2012/09/05 14:23:39 | 000,014,664 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#11
Dakeyras
Posted 05 September 2012 - 04:09 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thanks for all your help so far and sorry about the delay in the reply.

Not a problem and you're welcome!

Im just trying to finish updating my comp ill get back to u with more info in the next 12 hours.

OK, looks like you have invoked the Recovery Partition which is de-facto a reformat and reinstallation of the Windows Operating System. So basically you should be good to go.

Below is some generic advice....

Next:

Most new machines when shipped by the vendors tend to come with all kinds of dross pre-installed and if the inbuilt recovery partition is invoked like you just did with your, basically it is back as was when first booted up etc.

So this application here is worth both downloading and running.

--------------

Install all critical updates and relevant service packs via Windows Update. For Vista the latest is SP2, though this does appear to be installed now.

I would also ensure Internet Explorer is up-to date also. For Vista based machines it is IE9. Reason being even if you opt not to use IE as your main browser having a out of date version installed can leave any one machine vulnerable to malware.

The aforementioned should be available via Windows Update, if not can be downloaded from here.

Once the machine is updated and fully patched, I do advise visiting Windows Update periodically as Microsoft releases patches for Windows and other products regularly.

Plus check Automatic Updates is enabled.

--------------

I see you have already installed a Anti-Virus software solution, only ever have one of such installed and active in system memory at any one time.

Microsoft Security Essentials, automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this at least once per week.

--------------

Installing a specific Anti-Spyware application would be prudent, myself I recommend:-

Malwarebyte's Anti-Malware

During the installation process you will be offered the Malwarebytes' Anti-Malware Trial. Your choice to enable or not...

After installing, I advise check for updates and run a scan at least once per week.

--------------

Emergency Recovery Utility NT. I advice you consider installing this, as a means to keep a complete backup of your registry and restore it when needed. Instructions can be read here.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

--------------

A custom Host-File is a further layer of protection whilst browsing online.

Either of the below will suffice:-

Only use one of the above!

--------------

Consider installing WinPatrol. This application alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

--------------

Finally, periodically visit the Secunia Online Software Inspector to ensure all third party software is upto date. As many such as Adobe and Java related applications for example if out of date can be exploited by malware.
  • 0

#12
Dakeyras
Posted 11 September 2012 - 03:38 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP