Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

printer network sharing (error 0x00000002) [Solved]

Started by salvar774 , Mar 11 2013 11:44 PM

  • This topic is locked This topic is locked

#16
Dakeyras
Posted 20 March 2013 - 05:26 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thanks for the clarification, now it appears the actual motherboard in use with your machine can be problematic at times with regard too being able to boot via USB Drive, this certainly explains a lot.

Run through the procedure again please outlined here in post #10 but rather than continually depress/hit the F12 function key do so with the Esc key instead.

Let myself know the outcome and if the need I will have a word with my IT Tech colleague who was assisting you prior as these sorts of problems now are not really within my sphere of expertise/support if you will. Plus we may just need to consider a Malware Removal process until the time say the Optical Drive issue is rectified for example.
  • 0

Advertisements

#17
salvar774
Posted 20 March 2013 - 07:26 PM

salvar774

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I did three new scans with some new software . It found and removed 22 malware files and viruses and Trojans. I uesed the panda could cleaner and the emsisoft energency kit . I had run several anti-malware and anti-virus softwares but nothing had been found . Did my system integrity improve . I have not formatted or reinstalled windows . I have not been able to get it to boot from my flash drive . I am going to buy a new dvdrom drive and install it . I will be able to boot from my vista dvd soon and do the required reinstall.

Thank you for your help please let me know


OTL logfile created on: 3/20/2013 7:57:25 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 50.10% Memory free
5.98 Gb Paging File | 4.40 Gb Available in Paging File | 73.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.59 Gb Total Space | 77.98 Gb Free Space | 34.88% Space Free | Partition Type: NTFS
Drive D: | 9.29 Gb Total Space | 1.27 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive F: | 14.90 Gb Total Space | 9.75 Gb Free Space | 65.44% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 145.16 Gb Free Space | 31.17% Space Free | Partition Type: NTFS

Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Processes (SafeList) ==========

PRC - [2013/03/19 23:00:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
PRC - [2013/03/08 16:43:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/01 02:35:46 | 004,042,160 | ---- | M] (Emsisoft GmbH) -- F:\Run\a2emergencykit.exe
PRC - [2013/03/01 02:35:38 | 001,593,776 | ---- | M] (Emsisoft GmbH) -- F:\start.exe
PRC - [2013/02/13 10:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/08 16:14:16 | 000,122,032 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2012/11/08 16:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/11/08 16:01:30 | 001,516,680 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
PRC - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2012/04/30 19:56:50 | 000,836,480 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/08 16:43:37 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/03/01 09:54:27 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/02/13 04:11:17 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b9fe069cd0848273acf2ef4468bc1838\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/13 04:06:03 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/09 04:28:03 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:15:04 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 04:14:58 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/09 04:14:55 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 04:14:41 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 04:14:12 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 04:14:03 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\Simon\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/03/13 09:37:01 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 16:43:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/14 21:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/11/08 16:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/09/20 06:39:12 | 003,677,000 | ---- | M] (GFI Software) [Disabled | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/03/20 16:19:05 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A927BCA-E91F-4785-B0EA-610C8CB438EF}\MpKsl0b253446.sys -- (MpKsl0b253446)
DRV - [2013/03/01 09:54:26 | 000,055,448 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2013/03/01 09:54:16 | 000,316,984 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys -- (RapportCerberus_50414)
DRV - [2013/03/01 02:35:42 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:\Run\a2ddax86.sys -- (A2DDA)
DRV - [2013/02/14 00:40:20 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/02/13 10:19:12 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/02/13 10:19:12 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/02/13 10:19:12 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/01 13:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 07:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 07:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 21:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007/12/11 18:53:02 | 000,021,280 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- D:\PC-Doctor 5 for Win PE\pcd5srvc.pkms -- (PCD5SRVC{476DF190-667CD7B3-05040000})
DRV - [2007/10/26 18:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1401021

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 44 9D 1A 71 23 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7AURU_enUS501
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1401021
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Simon\AppData\Local\Roblox\Versions\version-e9bfa9d8c0b14dfb\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/23 09:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 20:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/23 09:55:06 | 000,000,000 | ---D | M]

[2012/10/20 10:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions
[2009/04/01 15:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/03/20 19:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4xigq62v.default\extensions
[2013/03/20 19:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4xigq62v.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/11/11 00:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 16:43:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/16 18:46:08 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2013/02/20 19:47:08 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/102
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/102
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Answers.com Toolbar) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Answers.com Toolbar) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Answers.com Toolbar) - {6341761B-BABE-406D-B0D6-8D99B81C2EE5} - C:\Program Files\Answers.com\tbAnsw.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Answers... - C:\Program Files\1-Click Answers\Html\atiemenu.htm ()
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641CF3EB-4C4F-4B37-BD29-7F4BC0203EED}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/03/01 02:35:34 | 000,000,112 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 14 Days ==========

[2013/03/20 19:56:22 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Old Firefox Data
[2013/03/20 15:15:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/19 23:00:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2013/03/17 19:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/03/16 22:29:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Spotify
[2013/03/12 23:59:00 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/03/12 23:57:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/12 23:57:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/12 23:57:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/12 23:57:43 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/12 23:57:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/12 23:57:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/12 23:57:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/12 23:57:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/08 23:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013/03/08 23:09:32 | 000,000,000 | ---D | C] -- C:\Brother
[2013/03/08 23:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2013/03/08 23:08:53 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2013/03/08 23:08:53 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2013/03/08 23:08:53 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2013/03/08 23:08:53 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2013/03/08 23:08:44 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2013/03/08 16:36:26 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\New Folder
[2009/01/02 23:41:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Simon\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 14 Days ==========

[2013/03/20 19:47:16 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/20 19:47:16 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/20 19:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 19:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/20 18:18:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 18:18:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 16:21:33 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 16:18:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 15:15:46 | 000,023,552 | ---- | M] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/19 23:28:57 | 000,016,984 | ---- | M] () -- C:\Users\Simon\Documents\Brother HL-2240D series.reg
[2013/03/19 23:00:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2013/03/18 13:33:14 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/03/18 13:33:14 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/03/17 23:35:03 | 000,001,356 | ---- | M] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat
[2013/03/17 22:48:07 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/03/16 22:29:56 | 000,001,717 | ---- | M] () -- C:\Users\Simon\Desktop\Spotify.lnk
[2013/03/14 01:45:16 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/13 09:37:01 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 09:37:00 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/07 01:27:13 | 000,001,159 | ---- | M] () -- C:\Users\Simon\Desktop\ROBLOX Player.lnk

========== Files Created - No Company Name ==========

[2013/03/19 23:25:27 | 000,016,984 | ---- | C] () -- C:\Users\Simon\Documents\Brother HL-2240D series.reg
[2013/03/17 19:48:19 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/03/16 22:29:56 | 000,001,717 | ---- | C] () -- C:\Users\Simon\Desktop\Spotify.lnk
[2013/03/13 23:39:30 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/03/13 23:39:30 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/02/28 23:33:18 | 000,000,004 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\skype.ini
[2012/11/02 20:25:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/11/02 20:25:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/11/02 20:25:08 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012/09/23 22:09:56 | 000,000,201 | ---- | C] () -- C:\Users\Simon\AppData\Local\p1.htm
[2012/09/15 10:56:36 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/09/14 14:25:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/09/14 14:25:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/09/12 19:55:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/12 19:07:40 | 000,023,552 | ---- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/12 18:43:57 | 000,157,639 | ---- | C] () -- C:\Windows\hpoins28.dat
[2012/09/12 18:43:57 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2012/09/11 23:20:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/05/28 18:23:24 | 000,302,425 | ---- | C] () -- C:\Users\Simon\AppData\Local\funmoods-speeddial.crx
[2012/01/17 17:01:50 | 000,008,499 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\5628f435
[2012/01/17 17:01:50 | 000,008,440 | ---- | C] () -- C:\Users\Simon\AppData\Local\8369c549
[2011/10/06 10:51:48 | 000,000,288 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\.backup.dm
[2011/08/30 23:32:50 | 000,000,000 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\9862140.exe
[2011/08/30 23:32:50 | 000,000,000 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\7842685.exe
[2011/08/30 23:32:49 | 000,000,000 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\4141646.exe
[2011/08/06 00:29:52 | 000,345,438 | ---- | C] () -- C:\Users\Simon\AppData\Local\census.cache
[2011/08/06 00:28:14 | 000,262,485 | ---- | C] () -- C:\Users\Simon\AppData\Local\ars.cache
[2010/01/06 18:23:09 | 000,000,036 | ---- | C] () -- C:\Users\Simon\AppData\Local\housecall.guid.cache
[2009/08/06 22:28:17 | 000,000,000 | ---- | C] () -- C:\Users\Simon\AppData\Local\rx_image.Cache
[2009/03/25 00:32:06 | 000,394,045 | ---- | C] () -- C:\Users\Simon\AppData\Local\p2.htm
[2009/03/23 14:04:04 | 000,000,035 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\SetValue.bat
[2009/03/23 14:04:03 | 000,000,691 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\GetValue.vbs
[2009/01/02 23:41:25 | 000,007,887 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\pcouffin.cat
[2009/01/02 23:41:25 | 000,001,144 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\pcouffin.inf
[2008/08/23 11:55:02 | 000,000,093 | ---- | C] () -- C:\Users\Simon\AppData\Local\fusioncache.dat
[2008/08/16 10:51:03 | 000,000,420 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\wklnhst.dat
[2008/08/14 13:57:43 | 000,001,356 | ---- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2013/02/28 23:07:49 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$15211f5ad641c7709d0451caca1c3a66\@
[2013/02/28 23:07:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$15211f5ad641c7709d0451caca1c3a66\L
[2013/02/28 23:07:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$15211f5ad641c7709d0451caca1c3a66\U
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\yoku.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\wistfull kill.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\When Thou Art Converted.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\war.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\walmart money card 10 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\virginia.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\userguide_bb8130_cdma.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\usana meeting.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\TX ac.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\trigos.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tribe wars.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tribe 2009.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tribalkills.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tresure island.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\treasue condo 06 18 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tomasa house keeping.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\temple.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\TECL.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\TDLR Home beto license.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint pay 08 15 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint pay 0556 05 20 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint pay 03 21 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint paty 09 15 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint 12 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint 0109.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\spirt pay 11 25 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\spirnt pay 02 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Simon Alvarado dba.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\siliva flora.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\silencer.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\SA ACCOUNT.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 06 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 05 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 04 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 03 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 02 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 01 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 12 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr acount.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\roy.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rock star gabi 06 18 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\RI_Secrets_Revealed.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rgv rr pay 11 10 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\read 87 lorayn.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\read 61.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\prices lux air.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ppl pay.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ppl pay 02 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\posada.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\pi sevice.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\pi service2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\patience.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Paradise lien.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\padres.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\oogs.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ocean motion 05 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Obama.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Motor Vehicle Bill of Sale.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\moto.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\moto 2009.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\moto 2.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\mota.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\mormon.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\moctezuma.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\mobi book buy 06 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\master license pay 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\LV Imagining.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\lv imagining 2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\lmwd pay 04 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\LDS Library.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\LDS Library 2009.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\kri.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\judy new.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\judy brooks.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\jade pay 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Invoice that calculates total1.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\huisache house.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\How to Develop your memory.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gtrrl trineal.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Greetings President Mata.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gemaie.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gabi ice maker.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gabi condesattion pump repar.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gabi 06 05 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gabi 05 28 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\fitness center.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\filters gabi 06 05 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\farms.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Electrical bid eduardo 06 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\electric contractor license.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\electric bill 06 23 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\edna.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\edna computor board job.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dtv coupon 02 28 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dolphin.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 12 19 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 10 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 09 08 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 04 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 11 10 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 0203 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish 06 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dis pay 05 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dillon science.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\deli job.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Deli ac for virginia Vega.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\deli ac 2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\DallasCowboys.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\CURSO DE FORMACIÓN PARA HOMBRES.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\confession of a half hearted home yeacher.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\charley brommer work.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\change out comp 02 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\change compre sot.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ced ac.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\caveman.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\CAve.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\cave enimies.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Camfrog.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\blackberry 2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\black berry.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\beto license.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\beto 10 08 09 license.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Bert.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Being There-the Most Important Thing in Home Teaching .pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\AWAKE_O_SLEEPER.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\APEX AIR ELECTRIC SERVICE.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\APEX AIR ELECTRIC SERVICE TECL-1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit poay 02 90.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 12c 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 11 25 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 09 18 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 08 25 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 07 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 04 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 01 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ActiveScan44.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ActiveScan 1.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\AC pi Clinic 01 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ac kicense.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ac island.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Ac golf pacific.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ac deli.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\A Halfhearted Home Teacher Repents .pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\2009 invite.txt:Roxio EMC Stream
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:D2F2F703

< End of report >
  • 0

#18
Dakeyras
Posted 21 March 2013 - 05:27 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I did three new scans with some new software . It found and removed 22 malware files and viruses and Trojans. I uesed the panda could cleaner and the emsisoft energency kit . I had run several anti-malware and anti-virus softwares but nothing had been found

Fair play and the machine is your property after all and that I respect.

However it would be best if you just follow my advice from this point forward please as otherwise it will merely hinder myself attempting to assist you etc.

Did my system integrity improve

I'm afraid not, your machine is still infected with the Zero Access Rootkit.

I am going to buy a new dvdrom drive and install it . I will be able to boot from my vista dvd soon and do the required reinstall.

OK.

Thank you for your help please let me know

You're most welcome and lets proceed as follows shall we...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
Posted Image

  • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
Posted Image

  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed here.

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate downloads are here or here.

  • Quit all running programs.
  • Right-click on RogueKiller.exe and select Run as Administrator to start the application.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image

  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.
  • 0

#19
salvar774
Posted 21 March 2013 - 01:20 PM

salvar774

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Simon [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/21/2013 14:18:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 11 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 184 / Fail 0
My documents: Success 666 / Fail 666
My favorites: Success 28 / Fail 0
My pictures: Success 22 / Fail 0
My music: Success 607 / Fail 0
My videos: Success 2 / Fail 0
Local drives: Success 18863 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume3 -- 0x3 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[3]_SC_03212013_02d1418.txt >>
RKreport[1]_S_03212013_02d1408.txt ; RKreport[2]_D_03212013_02d1412.txt ; RKreport[3]_SC_03212013_02d1418.txt
  • 0

#20
salvar774
Posted 21 March 2013 - 01:21 PM

salvar774

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Simon [Admin rights]
Mode : Remove -- Date : 03/21/2013 14:12:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] Hoolapp For Android : C:\Users\Simon\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE /Check [x] -> DELETED
[TASK][SUSP PATH] Hoolapp Init : C:\Users\Simon\AppData\Roaming\HoolappForAndroid\Hoolapp.exe /Minimized [x] -> DELETED
[TASK][SUSP PATH] Simon1 : C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe "C:\Users\Simon\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Simon1.nji" [-] -> DELETED
[TASK][SUSP PATH] Simon1 Merge : "C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe" "C:\Users\Simon\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Simon1 Merge.nji" [-] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$15211f5ad641c7709d0451caca1c3a66\@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$15211f5ad641c7709d0451caca1c3a66\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1657747751-3264058371-3563766162-1000\$15211f5ad641c7709d0451caca1c3a66\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$15211f5ad641c7709d0451caca1c3a66\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1657747751-3264058371-3563766162-1000\$15211f5ad641c7709d0451caca1c3a66\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725025GLA SCSI Disk Device +++++
--- User ---
[MBR] 830ea510bbff712366aa5f5e7a49eb44
[BSP] b6be6e9d0f0336d35e5e33756ce073f7 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228957 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468905220 | Size: 9515 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Seagate Backup+ BK USB Device +++++
--- User ---
[MBR] 2caeca48d024adfd212f71eb5f9a9446
[BSP] fc0ecf24d2d9b04f40428953629ca9a1 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] de5364e9dd29d6bb39a2307295362046
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15264 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_03212013_02d1412.txt >>
RKreport[1]_S_03212013_02d1408.txt ; RKreport[2]_D_03212013_02d1412.txt
  • 0

#21
salvar774
Posted 21 March 2013 - 01:24 PM

salvar774

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Simon [Admin rights]
Mode : Scan -- Date : 03/21/2013 14:08:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] Hoolapp For Android : C:\Users\Simon\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND
[TASK][SUSP PATH] Hoolapp Init : C:\Users\Simon\AppData\Roaming\HoolappForAndroid\Hoolapp.exe /Minimized [x] -> FOUND
[TASK][SUSP PATH] Simon1 : C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe "C:\Users\Simon\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Simon1.nji" [-] -> FOUND
[TASK][SUSP PATH] Simon1 Merge : "C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe" "C:\Users\Simon\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Simon1 Merge.nji" [-] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$15211f5ad641c7709d0451caca1c3a66\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$15211f5ad641c7709d0451caca1c3a66\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1657747751-3264058371-3563766162-1000\$15211f5ad641c7709d0451caca1c3a66\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$15211f5ad641c7709d0451caca1c3a66\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1657747751-3264058371-3563766162-1000\$15211f5ad641c7709d0451caca1c3a66\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725025GLA SCSI Disk Device +++++
--- User ---
[MBR] 830ea510bbff712366aa5f5e7a49eb44
[BSP] b6be6e9d0f0336d35e5e33756ce073f7 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228957 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468905220 | Size: 9515 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Seagate Backup+ BK USB Device +++++
--- User ---
[MBR] 2caeca48d024adfd212f71eb5f9a9446
[BSP] fc0ecf24d2d9b04f40428953629ca9a1 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] de5364e9dd29d6bb39a2307295362046
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15264 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_03212013_02d1408.txt >>
RKreport[1]_S_03212013_02d1408.txt
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725025GLA SCSI Disk Device +++++
--- User ---
[MBR] 830ea510bbff712366aa5f5e7a49eb44
[BSP] b6be6e9d0f0336d35e5e33756ce073f7 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228957 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468905220 | Size: 9515 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Seagate Backup+ BK USB Device +++++
--- User ---
[MBR] 2caeca48d024adfd212f71eb5f9a9446
[BSP] fc0ecf24d2d9b04f40428953629ca9a1 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] de5364e9dd29d6bb39a2307295362046
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15264 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_03212013_02d1412.txt >>
RKreport[1]_S_03212013_02d1408.txt ; RKreport[2]_D_03212013_02d1412.txt
  • 0

#22
Dakeyras
Posted 22 March 2013 - 04:01 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Download/Run ComboFix:

Please visit this web-page for download links, and instructions for running the tool:

How to use ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a trained Anti-Malware helper.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered ?
  • ComboFix Log.

  • 0

#23
salvar774
Posted 23 March 2013 - 12:38 AM

salvar774

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
ComboFix 13-03-21.02 - Simon 03/23/2013 1:16.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1717 [GMT -5:00]
Running from: c:\users\Simon\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Simon\AppData\Roaming\4141646.exe
c:\users\Simon\AppData\Roaming\5628f435
c:\users\Simon\AppData\Roaming\7842685.exe
c:\users\Simon\AppData\Roaming\9862140.exe
c:\users\Simon\AppData\Roaming\GetValue.vbs
c:\users\Simon\AppData\Roaming\skype.ini
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\._msige61\GoogleEarth.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemyext.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\earthps.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\ge_expat.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\googleearth.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\icudt.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGCore.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGMath.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGOpt.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGUtils.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\msvcp100.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\msvcr100.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\QtCore4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\QtGui4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\wavdest.ax
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\earthps.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\icudt.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))
.
.
2013-03-23 06:31 . 2013-03-23 06:32 -------- d-----w- c:\users\Simon\AppData\Local\temp
2013-03-23 06:31 . 2013-03-23 06:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-23 06:02 . 2013-03-23 06:02 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD6C4B90-5102-4B08-AF80-E42CA8867185}\MpKsl095a2da4.sys
2013-03-22 19:41 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD6C4B90-5102-4B08-AF80-E42CA8867185}\mpengine.dll
2013-03-21 19:04 . 2012-11-28 08:08 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D72B883-B854-4FD2-AD67-740A8B796809}\gapaengine.dll
2013-03-21 19:01 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-21 18:58 . 2013-03-21 18:58 -------- d-----w- C:\RegBackup
2013-03-21 18:58 . 2013-03-21 18:58 -------- d-----w- c:\program files\Tweaking.com
2013-03-21 02:34 . 2013-03-21 02:34 -------- d-----w- C:\0
2013-03-20 20:15 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-17 03:29 . 2013-03-17 03:30 -------- d-----w- c:\users\Simon\AppData\Local\Spotify
2013-03-13 04:59 . 2013-03-13 04:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-09 04:09 . 2013-03-09 04:09 -------- d-----w- C:\Brother
2013-03-09 04:09 . 2013-03-09 19:11 -------- d-----w- c:\program files\Browny02
2013-03-09 04:08 . 2010-08-03 02:57 217088 ------w- c:\windows\system32\NSSearch.dll
2013-03-09 04:08 . 2010-03-16 01:56 2560 ------w- c:\windows\system32\BrDctF2S.dll
2013-03-09 04:08 . 2010-03-16 01:45 73728 ------w- c:\windows\system32\BrDctF2.dll
2013-03-09 04:08 . 2007-12-14 04:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2013-03-09 04:08 . 2010-02-05 17:42 180224 ------w- c:\windows\system32\BroSNMP.dll
2013-03-01 12:39 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2013-03-01 04:30 . 2013-03-01 06:05 -------- d-----w- c:\users\Simon\AppData\Roaming\Yontoo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 14:37 . 2012-09-13 00:22 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 14:37 . 2012-09-13 00:22 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 05:40 . 2013-02-05 23:54 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-02-14 05:40 . 2013-02-05 23:54 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-13 15:19 . 2013-02-13 15:19 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-01-30 10:53 . 2012-09-12 03:46 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 21:59 . 2013-01-20 21:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 21:59 . 2012-03-21 03:44 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:26 . 2013-02-12 20:04 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-12 20:04 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-12 20:04 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:55 . 2013-02-12 20:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-04 01:38 . 2013-02-12 20:04 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 21:43 . 2012-09-13 02:30 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6341761b-babe-406d-b0d6-8d99b81c2ee5}"= "c:\program files\Answers.com\tbAnsw.dll" [2009-07-15 2224152]
.
[HKEY_CLASSES_ROOT\clsid\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
2009-07-15 18:09 2224152 ----a-w- c:\program files\Answers.com\tbAnsw.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6341761b-babe-406d-b0d6-8d99b81c2ee5}"= "c:\program files\Answers.com\tbAnsw.dll" [2009-07-15 2224152]
.
[HKEY_CLASSES_ROOT\clsid\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6341761B-BABE-406D-B0D6-8D99B81C2EE5}"= "c:\program files\Answers.com\tbAnsw.dll" [2009-07-15 2224152]
.
[HKEY_CLASSES_ROOT\clsid\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Uploader"="c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2012-11-08 122032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2012-05-01 836480]
"DBAgent"="c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2012-11-08 1516680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^1-Click Answers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\1-Click Answers.lnk
backup=c:\windows\pss\1-Click Answers.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Road Runner Safe Storage.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Road Runner Safe Storage.lnk
backup=c:\windows\pss\Road Runner Safe Storage.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2012-12-11 23:20 542104 ----a-w- c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 20:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-06-10 19:42 2621440 ----a-r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2012-02-01 17:36 50592 ----a-w- c:\users\Simon\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-29 06:49 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 09:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 09:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xmarks]
2012-03-07 22:33 1122848 ----a-w- c:\program files\Xmarks\IE Extension\xmarkssync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop]
2013-02-02 00:31 42784 ------w- c:\users\Simon\AppData\Roaming\Yontoo\YontooDesktop.exe
.
R4 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL095A2DA4
*Deregistered* - FileOpenWebPublisherScreenHookDriver
*Deregistered* - RapportIaso
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 06:38 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 14:37]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-13 00:23]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-13 00:23]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Answers... - file://c:\program files\1-Click Answers\Html\atiemenu.htm
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\hxihw4zn.default-1363827374521\
FF - ExtSQL: 2013-01-23 08:55; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\mssecex.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-23 01:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PCD5SRVC{476DF190-667CD7B3-05040000}]
"ImagePath"="\??\d:\pc-doc~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-23 01:35:33
ComboFix-quarantined-files.txt 2013-03-23 06:35
ComboFix2.txt 2011-10-27 02:07
ComboFix3.txt 2011-08-12 15:36
ComboFix4.txt 2011-07-08 16:47
ComboFix5.txt 2013-03-23 06:13
.
Pre-Run: 80,019,144,704 bytes free
Post-Run: 79,665,115,136 bytes free
.
- - End Of File - - 95BC64762D8596E6E76220FEED30BF4D
  • 0

#24
Dakeyras
Posted 23 March 2013 - 05:13 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I would also like to see a list of presently installed programs, so please do this:

Click on Start(Vista Orb) >> Run... then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open. Post the contents of that file in your next reply.
  • 0

#25
salvar774
Posted 23 March 2013 - 07:58 AM

salvar774

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
1-Click Answers
32 Bit HP CIO Components Installer
AC3Filter (remove only)
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Amazon Kindle
Answers.com Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AudibleManager
Avery Template
BlackBerry Desktop Software 7.1
Bonjour
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
D3DX10
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DVD Shrink 3.2
e-Sword
eSupportQFolder
F4200
F4200_Help
FileOpen Client
FrostWire 5.4.0
Google Chrome
Google Earth
Google Update Helper
GPBaseService
HL-2240D
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
iTunes
Java 7 Update 7
Java Auto Updater
jZip
KGBT Hurricane Tracker
LDS Library 2006
LDS Library 2009
magicJack
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office XP Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MiPony 2.0.4
Mobipocket Reader 6.2
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MPlayer (remove only)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
Panda ActiveScan 2.0
Panda Cloud Cleaner
PSSWCORE
QuickTime
Rapport
Realtek High Definition Audio Driver
ROBLOX Player for Simon
Scan
Seagate Dashboard 2.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Segoe UI
Shop for HP Supplies
SmartWebPrintingOC
Soft Data Fax Modem with SmartCP
SolutionCenter
Spotify
Spybot - Search & Destroy
Status
The Ultimate Troubleshooter
Toolbox
TrayApp
Tweaking.com - Registry Backup
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
WeatherBug
WebReg
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
Xmarks for IE
Yontoo 2.04
  • 0

Advertisements

#26
Dakeyras
Posted 23 March 2013 - 09:14 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Uninstall the following please as apart from not being particularly effective will be causing a system conflict with Microsoft Security Essentials and actually lesson overall online protection etc.

Now please go to Start(Vista Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Ad-Aware Antivirus
Ad-Aware Browsing Protection

To do so click once on each of the above to highlight, then click on Uninstall/Change etc and follow the prompts.

Peer to Peer Advice:

I see FrostWire 5.4.0 is installed . If you have used this recently, you can be fairly confident this is a principal reason your computer became infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like FrostWire, utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

My friendly advice would be to uninstall the aforementioned. However if you opt not to...please refrain from using it for the duration of the malware removal process, thank you.

Custom ComboFix Script:

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below(do not copy the word quote):

KillAll::

ADS::

ClearJavaCache::

DirLook::
C:\0

Folder::
c:\users\Simon\AppData\Roaming\Yontoo

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yontoo 2.04]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xmarks]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

SecCenter::
{E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
{D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
{5BB89C30-6480-BC7C-9F17-199BD76F557A}

ReBoot::

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Caution: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM's executable and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Delete tab >> follow the prompts and reboot your machine if not advised to.
  • Please post the contents of the log file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • ComboFix Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
  • AdwCleaner Log.

  • 0

#27
salvar774
Posted 25 March 2013 - 03:18 AM

salvar774

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
ComboFix 13-03-21.02 - Simon 03/25/2013 3:51.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1675 [GMT -5:00]
Running from: c:\users\Simon\Desktop\ComboFix.exe
Command switches used :: c:\users\Simon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Simon\AppData\Roaming\Yontoo
c:\users\Simon\AppData\Roaming\Yontoo\dat\Desktop.OS.dll
c:\users\Simon\AppData\Roaming\Yontoo\dat\HeartBeat.dat
c:\users\Simon\AppData\Roaming\Yontoo\PlugIns.cache
c:\users\Simon\AppData\Roaming\Yontoo\YontooDesktop.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-25 to 2013-03-25 )))))))))))))))))))))))))))))))
.
.
2013-03-25 09:04 . 2013-03-25 09:10 -------- d-----w- c:\users\Simon\AppData\Local\temp
2013-03-25 09:04 . 2013-03-25 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-25 06:52 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48FB1B38-4073-46C1-9D46-76E1943CB32E}\mpengine.dll
2013-03-24 06:51 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-21 19:04 . 2012-11-28 08:08 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D72B883-B854-4FD2-AD67-740A8B796809}\gapaengine.dll
2013-03-21 18:58 . 2013-03-21 18:58 -------- d-----w- C:\RegBackup
2013-03-21 18:58 . 2013-03-21 18:58 -------- d-----w- c:\program files\Tweaking.com
2013-03-21 02:34 . 2013-03-21 02:34 -------- d-----w- C:\0
2013-03-20 20:15 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-17 03:29 . 2013-03-17 03:30 -------- d-----w- c:\users\Simon\AppData\Local\Spotify
2013-03-13 04:59 . 2013-03-13 04:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-09 04:09 . 2013-03-09 04:09 -------- d-----w- C:\Brother
2013-03-09 04:09 . 2013-03-09 19:11 -------- d-----w- c:\program files\Browny02
2013-03-09 04:08 . 2010-08-03 02:57 217088 ------w- c:\windows\system32\NSSearch.dll
2013-03-09 04:08 . 2010-03-16 01:56 2560 ------w- c:\windows\system32\BrDctF2S.dll
2013-03-09 04:08 . 2010-03-16 01:45 73728 ------w- c:\windows\system32\BrDctF2.dll
2013-03-09 04:08 . 2007-12-14 04:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2013-03-09 04:08 . 2010-02-05 17:42 180224 ------w- c:\windows\system32\BroSNMP.dll
2013-03-01 12:39 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 14:37 . 2012-09-13 00:22 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 14:37 . 2012-09-13 00:22 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 05:40 . 2013-02-05 23:54 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-02-14 05:40 . 2013-02-05 23:54 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-13 15:19 . 2013-02-13 15:19 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-01-30 10:53 . 2012-09-12 03:46 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 21:59 . 2013-01-20 21:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 21:59 . 2012-03-21 03:44 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:26 . 2013-02-12 20:04 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-12 20:04 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-12 20:04 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:55 . 2013-02-12 20:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-04 01:38 . 2013-02-12 20:04 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 21:43 . 2012-09-13 02:30 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\0 ----
.
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900810630626}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900805698691}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900801412670}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900796736492}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900791894652}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900785323001}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900780015822}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900775366378}.ini
2013-03-21 02:37 . 2013-03-21 02:37 32104 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900768149999}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900758473448}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900753570088}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900748527726}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900743192700}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900737168141}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900732283870}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900726392174}.ini
2013-03-21 02:37 . 2013-03-21 02:37 410 ----a-w- c:\0\RUN\HiJackFree\Clsid\{4135390072128073}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900715867341}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900711054861}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{4135390070685388}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900701311475}.ini
2013-03-21 02:37 . 2013-03-21 02:37 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900696640365}.ini
2013-03-21 02:36 . 2013-03-21 02:37 4066 ----a-w- c:\0\RUN\HiJackFree\Clsid\index.ini
2013-03-21 02:36 . 2013-03-21 02:36 158 ----a-w- c:\0\RUN\HiJackFree\Clsid\{41353900691647173}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900656111239}.ini
2013-03-21 02:36 . 2013-03-21 02:36 310 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900650666893}.ini
2013-03-21 02:36 . 2013-03-21 02:36 102 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900645588052}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900640259581}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900634254205}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900628241165}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900622672359}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900617555196}.ini
2013-03-21 02:36 . 2013-03-21 02:36 296 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900612574052}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900607576674}.ini
2013-03-21 02:36 . 2013-03-21 02:36 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900600729647}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900595547867}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900590131864}.ini
2013-03-21 02:36 . 2013-03-21 02:36 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900585190299}.ini
2013-03-21 02:36 . 2013-03-21 02:36 530 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900579469226}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900574365642}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900568931488}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900563131457}.ini
2013-03-21 02:36 . 2013-03-21 02:36 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900558483708}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900552836589}.ini
2013-03-21 02:36 . 2013-03-21 02:36 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900548525448}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900542357035}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900536922747}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900531767295}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900526719391}.ini
2013-03-21 02:36 . 2013-03-21 02:36 316 ----a-w- c:\0\RUN\HiJackFree\Process\{4135390052016029}.ini
2013-03-21 02:36 . 2013-03-21 02:36 102 ----a-w- c:\0\RUN\HiJackFree\Process\{4135390051396716}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{4135390050849349}.ini
2013-03-21 02:36 . 2013-03-21 02:36 110 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900502814139}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900497681703}.ini
2013-03-21 02:36 . 2013-03-21 02:36 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900491881887}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900486434129}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900480049392}.ini
2013-03-21 02:36 . 2013-03-21 02:36 100 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900474774082}.ini
2013-03-21 02:36 . 2013-03-21 02:36 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900469243683}.ini
2013-03-21 02:36 . 2013-03-21 02:36 1046 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900463961202}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900457238160}.ini
2013-03-21 02:36 . 2013-03-21 02:36 114 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900451680588}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900446879551}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900442510653}.ini
2013-03-21 02:36 . 2013-03-21 02:36 98 ----a-w- c:\0\RUN\HiJackFree\Process\{4135390043725978}.ini
2013-03-21 02:36 . 2013-03-21 02:36 110 ----a-w- c:\0\RUN\HiJackFree\Process\{4135390043047632}.ini
2013-03-21 02:36 . 2013-03-21 02:36 132 ----a-w- c:\0\RUN\HiJackFree\Process\{4135390042518035}.ini
2013-03-21 02:36 . 2013-03-21 02:36 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900419274640}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900414373968}.ini
2013-03-21 02:36 . 2013-03-21 02:36 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900408560976}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900402515594}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900391528518}.ini
2013-03-21 02:36 . 2013-03-21 02:36 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900385649815}.ini
2013-03-21 02:36 . 2013-03-21 02:36 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900379857679}.ini
2013-03-21 02:36 . 2013-03-21 02:36 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353900372817745}.ini
2013-03-21 02:35 . 2013-03-21 02:35 1548 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899915626812}.ini
2013-03-21 02:35 . 2013-03-21 02:35 276 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899909715706}.ini
2013-03-21 02:35 . 2013-03-21 02:35 1234 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899904517436}.ini
2013-03-21 02:35 . 2013-03-21 02:35 2394 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899899696079}.ini
2013-03-21 02:35 . 2013-03-21 02:35 218 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899894354368}.ini
2013-03-21 02:35 . 2013-03-21 02:35 918 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899888727318}.ini
2013-03-21 02:35 . 2013-03-21 02:35 236 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899883516123}.ini
2013-03-21 02:35 . 2013-03-21 02:35 244 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899878587718}.ini
2013-03-21 02:35 . 2013-03-21 02:35 1674 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899873528002}.ini
2013-03-21 02:35 . 2013-03-21 02:35 2178 ----a-w- c:\0\RUN\HiJackFree\Autorun\index.ini
2013-03-21 02:35 . 2013-03-21 02:35 3606 ----a-w- c:\0\RUN\HiJackFree\Autorun\{41353899868762892}.ini
2013-03-21 02:35 . 2013-03-21 02:35 92 ----a-w- c:\0\RUN\HiJackFree\Port\{4135389986129364}.ini
2013-03-21 02:35 . 2013-03-21 02:35 92 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899856228783}.ini
2013-03-21 02:35 . 2013-03-21 02:35 92 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899851468937}.ini
2013-03-21 02:35 . 2013-03-21 02:35 236 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899845886470}.ini
2013-03-21 02:35 . 2013-03-21 02:35 90 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899840558928}.ini
2013-03-21 02:35 . 2013-03-21 02:35 90 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899835278419}.ini
2013-03-21 02:35 . 2013-03-21 02:35 92 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899830191359}.ini
2013-03-21 02:35 . 2013-03-21 02:35 278 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899824614364}.ini
2013-03-21 02:35 . 2013-03-21 02:35 286 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899819319770}.ini
2013-03-21 02:35 . 2013-03-21 02:35 90 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899814174957}.ini
2013-03-21 02:35 . 2013-03-21 02:35 2 ----a-w- c:\0\RUN\HiJackFree\Port\Trust
2013-03-21 02:35 . 2013-03-21 02:35 92 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899809377404}.ini
2013-03-21 02:35 . 2013-03-21 02:35 92 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899802798893}.ini
2013-03-21 02:35 . 2013-03-21 02:35 92 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899797470535}.ini
2013-03-21 02:35 . 2013-03-21 02:35 92 ----a-w- c:\0\RUN\HiJackFree\Port\{413538997919760}.ini
2013-03-21 02:35 . 2013-03-21 02:35 2112 ----a-w- c:\0\RUN\HiJackFree\Port\index.ini
2013-03-21 02:35 . 2013-03-21 02:35 92 ----a-w- c:\0\RUN\HiJackFree\Port\{41353899786533871}.ini
2013-03-21 02:34 . 2013-03-21 02:34 354 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899185868483}.ini
2013-03-21 02:34 . 2013-03-21 02:34 126 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899128127902}.ini
2013-03-21 02:34 . 2013-03-21 02:34 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899123182567}.ini
2013-03-21 02:34 . 2013-03-21 02:34 300 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899122324665}.ini
2013-03-21 02:34 . 2013-03-21 02:34 828 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899116946602}.ini
2013-03-21 02:34 . 2013-03-21 02:34 1892 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899111595319}.ini
2013-03-21 02:34 . 2013-03-21 02:34 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899111332949}.ini
2013-03-21 02:34 . 2013-03-21 02:34 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899107016262}.ini
2013-03-21 02:34 . 2013-03-21 02:34 4052 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899106157332}.ini
2013-03-21 02:34 . 2013-03-21 02:34 1892 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899105130664}.ini
2013-03-21 02:34 . 2013-03-21 02:34 530 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899099850996}.ini
2013-03-21 02:34 . 2013-03-21 02:34 530 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899095071798}.ini
2013-03-21 02:34 . 2013-03-21 02:34 4454 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899094988168}.ini
2013-03-21 02:34 . 2013-03-21 02:34 100 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899094949527}.ini
2013-03-21 02:34 . 2013-03-21 02:34 4454 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899090584417}.ini
2013-03-21 02:34 . 2013-03-21 02:34 100 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899089677232}.ini
2013-03-21 02:34 . 2013-03-21 02:34 698 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899085569767}.ini
2013-03-21 02:34 . 2013-03-21 02:34 100 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899084032792}.ini
2013-03-21 02:34 . 2013-03-21 02:34 100 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389908408589}.ini
2013-03-21 02:34 . 2013-03-21 02:34 296 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899080277466}.ini
2013-03-21 02:34 . 2013-03-21 02:34 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899078536790}.ini
2013-03-21 02:34 . 2013-03-21 02:34 296 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899078529569}.ini
2013-03-21 02:34 . 2013-03-21 02:34 100 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899078467616}.ini
2013-03-21 02:34 . 2013-03-21 02:34 128 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899072224378}.ini
2013-03-21 02:34 . 2013-03-21 02:34 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899068799837}.ini
2013-03-21 02:34 . 2013-03-21 02:34 1226 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899066864405}.ini
2013-03-21 02:34 . 2013-03-21 02:34 102 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899063791728}.ini
2013-03-21 02:34 . 2013-03-21 02:34 510 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899063695545}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899061629329}.ini
2013-03-21 02:34 . 2013-03-21 02:34 102 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899060859285}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389905615972}.ini
2013-03-21 02:34 . 2013-03-21 02:34 386 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899055068108}.ini
2013-03-21 02:34 . 2013-03-21 02:34 386 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899053584085}.ini
2013-03-21 02:34 . 2013-03-21 02:34 378 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899053420603}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389905117056}.ini
2013-03-21 02:34 . 2013-03-21 02:34 378 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899048755750}.ini
2013-03-21 02:34 . 2013-03-21 02:34 132 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899048147479}.ini
2013-03-21 02:34 . 2013-03-21 02:34 606 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389904608201}.ini
2013-03-21 02:34 . 2013-03-21 02:34 100 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899043870810}.ini
2013-03-21 02:34 . 2013-03-21 02:34 132 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899043277048}.ini
2013-03-21 02:34 . 2013-03-21 02:34 344 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899042642567}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899038165065}.ini
2013-03-21 02:34 . 2013-03-21 02:34 344 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899038077447}.ini
2013-03-21 02:34 . 2013-03-21 02:34 162 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899036737223}.ini
2013-03-21 02:34 . 2013-03-21 02:34 102 ----a-w- c:\0\RUN\HiJackFree\Process\{413538990331964}.ini
2013-03-21 02:34 . 2013-03-21 02:34 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899031416179}.ini
2013-03-21 02:34 . 2013-03-21 02:34 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899028159293}.ini
2013-03-21 02:34 . 2013-03-21 02:34 116 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899027631869}.ini
2013-03-21 02:34 . 2013-03-21 02:34 326 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899026667165}.ini
2013-03-21 02:34 . 2013-03-21 02:34 326 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389902332167}.ini
2013-03-21 02:34 . 2013-03-21 02:34 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899020927292}.ini
2013-03-21 02:34 . 2013-03-21 02:34 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899018850080}.ini
2013-03-21 02:34 . 2013-03-21 02:34 120 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899015320258}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899012814350}.ini
2013-03-21 02:34 . 2013-03-21 02:34 1036 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899010286104}.ini
2013-03-21 02:34 . 2013-03-21 02:34 412 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899007714105}.ini
2013-03-21 02:34 . 2013-03-21 02:34 634 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389900553137}.ini
2013-03-21 02:34 . 2013-03-21 02:34 100 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389900552029}.ini
2013-03-21 02:34 . 2013-03-21 02:34 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353899002082727}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389899980}.ini
2013-03-21 02:34 . 2013-03-21 02:34 306 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898996888793}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898996449252}.ini
2013-03-21 02:34 . 2013-03-21 02:34 0 ----a-w- c:\0\RUN\HiJackFree\Process\Trust
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898991497645}.ini
2013-03-21 02:34 . 2013-03-21 02:34 1168 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898991377275}.ini
2013-03-21 02:34 . 2013-03-21 02:34 120 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898986528729}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898986487433}.ini
2013-03-21 02:34 . 2013-03-21 02:34 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898981514918}.ini
2013-03-21 02:34 . 2013-03-21 02:34 550 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898981248176}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898976527902}.ini
2013-03-21 02:34 . 2013-03-21 02:34 124 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898974882567}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898972124665}.ini
2013-03-21 02:34 . 2013-03-21 02:34 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898967746602}.ini
2013-03-21 02:34 . 2013-03-21 02:34 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898967332949}.ini
2013-03-21 02:34 . 2013-03-21 02:34 606 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898961516262}.ini
2013-03-21 02:34 . 2013-03-21 02:34 106 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898961330664}.ini
2013-03-21 02:34 . 2013-03-21 02:34 1036 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898955871798}.ini
2013-03-21 02:34 . 2013-03-21 02:34 102 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898955784417}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898951169767}.ini
2013-03-21 02:34 . 2013-03-21 02:34 116 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898945832792}.ini
2013-03-21 02:34 . 2013-03-21 02:34 144 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898941277466}.ini
2013-03-21 02:34 . 2013-03-21 02:34 140 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898940136790}.ini
2013-03-21 02:34 . 2013-03-21 02:34 628 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898936491728}.ini
2013-03-21 02:34 . 2013-03-21 02:34 102 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898934929329}.ini
2013-03-21 02:34 . 2013-03-21 02:34 108 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389892965972}.ini
2013-03-21 02:34 . 2013-03-21 02:34 102 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898926184085}.ini
2013-03-21 02:34 . 2013-03-21 02:34 758 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389892417056}.ini
2013-03-21 02:34 . 2013-03-21 02:34 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898917247479}.ini
2013-03-21 02:34 . 2013-03-21 02:34 276 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389891068201}.ini
2013-03-21 02:34 . 2013-03-21 02:34 2348 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898909442567}.ini
2013-03-21 02:34 . 2013-03-21 02:34 300 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898904637223}.ini
2013-03-21 02:34 . 2013-03-21 02:34 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898902916179}.ini
2013-03-21 02:34 . 2013-03-21 02:34 632 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898896531869}.ini
2013-03-21 02:34 . 2013-03-21 02:34 98 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898892267165}.ini
2013-03-21 02:34 . 2013-03-21 02:34 1916 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898885327292}.ini
2013-03-21 02:34 . 2013-03-21 02:34 140 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898877520258}.ini
2013-03-21 02:34 . 2013-03-21 02:34 104 ----a-w- c:\0\RUN\HiJackFree\Process\{41353898864486104}.ini
2013-03-21 02:34 . 2013-03-21 02:34 120 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389885743137}.ini
2013-03-21 02:34 . 2013-03-21 02:36 17388 ----a-w- c:\0\RUN\HiJackFree\Process\index.ini
2013-03-21 02:34 . 2013-03-21 02:34 100 ----a-w- c:\0\RUN\HiJackFree\Process\{4135389884930}.ini
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6341761b-babe-406d-b0d6-8d99b81c2ee5}"= "c:\program files\Answers.com\tbAnsw.dll" [2009-07-15 2224152]
.
[HKEY_CLASSES_ROOT\clsid\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
2009-07-15 18:09 2224152 ----a-w- c:\program files\Answers.com\tbAnsw.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6341761b-babe-406d-b0d6-8d99b81c2ee5}"= "c:\program files\Answers.com\tbAnsw.dll" [2009-07-15 2224152]
.
[HKEY_CLASSES_ROOT\clsid\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6341761B-BABE-406D-B0D6-8D99B81C2EE5}"= "c:\program files\Answers.com\tbAnsw.dll" [2009-07-15 2224152]
.
[HKEY_CLASSES_ROOT\clsid\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Uploader"="c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2012-11-08 122032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2012-05-01 836480]
"DBAgent"="c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2012-11-08 1516680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^1-Click Answers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\1-Click Answers.lnk
backup=c:\windows\pss\1-Click Answers.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Road Runner Safe Storage.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Road Runner Safe Storage.lnk
backup=c:\windows\pss\Road Runner Safe Storage.lnk.CommonStartup
backupExtension=.CommonStartup
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 06:38 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 14:37]
.
2013-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-13 00:23]
.
2013-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-13 00:23]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Answers... - file://c:\program files\1-Click Answers\Html\atiemenu.htm
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\hxihw4zn.default-1363827374521\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-25 04:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PCD5SRVC{476DF190-667CD7B3-05040000}]
"ImagePath"="\??\d:\pc-doc~1\PCD5SRVC.pkms"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileOpen\Services\FileOpenManagerSvc32.exe
c:\windows\system32\locator.exe
c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-03-25 04:16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-25 09:16
ComboFix2.txt 2013-03-23 06:35
ComboFix3.txt 2011-10-27 02:07
ComboFix4.txt 2011-08-12 15:36
ComboFix5.txt 2013-03-25 08:49
.
Pre-Run: 79,836,889,088 bytes free
Post-Run: 79,971,266,560 bytes free
.
- - End Of File - - B45CE778C8DEE7ECA076A5CEF449605F
  • 0

#28
Dakeyras
Posted 25 March 2013 - 05:06 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Acknowledged...post the further two logs I requested when ready please, thank you. :)
  • 0

#29
salvar774
Posted 25 March 2013 - 07:58 AM

salvar774

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.25.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Simon :: SIMON-PC [administrator]

3/25/2013 4:20:46 AM
mbam-log-2013-03-25 (04-20-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 372847
Time elapsed: 3 hour(s), 24 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#30
salvar774
Posted 25 March 2013 - 08:52 AM

salvar774

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
# AdwCleaner v2.115 - Logfile created 03/25/2013 at 09:50:44
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Simon - SIMON-PC
# Boot Mode : Normal
# Running from : C:\Users\Simon\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : Yontoo Desktop Updater

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Users\Simon\AppData\Local\funmoods-speeddial.crx
Folder Found : C:\Program Files\adawaretb
Folder Found : C:\Program Files\Answers.com
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Simon\AppData\Local\Conduit
Folder Found : C:\Users\Simon\AppData\LocalLow\adawaretb
Folder Found : C:\Users\Simon\AppData\LocalLow\Answers.com
Folder Found : C:\Users\Simon\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Simon\AppData\LocalLow\Conduit
Folder Found : C:\Users\Simon\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Simon\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\Simon\AppData\LocalLow\SmartShopper

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Answers.com
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Answers.com Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6341761B-BABE-406D-B0D6-8D99B81C2EE5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6341761B-BABE-406D-B0D6-8D99B81C2EE5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Answers.com
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0C840AC7-0EE1-43BE-8E76-E89CF71B4A24}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6341761B-BABE-406D-B0D6-8D99B81C2EE5}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6341761B-BABE-406D-B0D6-8D99B81C2EE5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Answers.com Toolbar
Key Found : HKLM\Software\PIP
Key Found : HKU\S-1-5-21-1657747751-3264058371-3563766162-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Found : HKU\S-1-5-21-1657747751-3264058371-3563766162-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6341761B-BABE-406D-B0D6-8D99B81C2EE5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6341761B-BABE-406D-B0D6-8D99B81C2EE5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6341761B-BABE-406D-B0D6-8D99B81C2EE5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6341761B-BABE-406D-B0D6-8D99B81C2EE5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\hxihw4zn.default-1363827374521\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.8] : homepage = "hxxp://www.searchnu.com/102",
Found [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/102", "hxxp://www.google.com/" ]
Found [l.42] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=100&systemid=102&sr=0&q={searchTerms}",
Found [l.1339] : homepage = "hxxp://www.searchnu.com/102",
Found [l.1647] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/102", "hxxp://www.google.com/" ]

*************************

AdwCleaner[R1].txt - [5244 octets] - [25/03/2013 09:50:44]

########## EOF - C:\AdwCleaner[R1].txt - [5304 octets] ##########
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP