Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect


  • This topic is locked This topic is locked
10 replies to this topic

#1 javajunkie9

javajunkie9

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 04 September 2011 - 10:01 PM

About a week ago I noticed my Google searches were being redirected to ad sites. I did some research and saw that this was a common problem and that it meant I was infected with something. I've been avoiding Google searches and trying to read up on different forums to see what I can do about it. I've downloaded a half dozen virus scanners and nothing is picking up on the infection and from what I've seen it looks like it hits everyone a little bit differently. Avoiding google was working for a little while but I'm starting to run into other infections and my internet is running noticeably slower.
I have no idea how to read a log so I have no way of tracking this thing down. I'm smart enough to know when I'm in over my head so I figured I put this out there and see if anyone could help me.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:15 AM

Posted 06 September 2011 - 12:10 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 javajunkie9

javajunkie9
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 06 September 2011 - 10:01 AM

I tried following the prep guide but I'm not able to produce logs for either DDS or GMER

I downloaded DDS but I can't get it to launch properly. It opens for a split second before it closes itself.

I was able to run GMER but when I get to the main screen, everything above the services box is gray and not selectable. I tried running the scan anyway but it comes up telling me that it found absolutely nothing and the log it produces is completely blank.

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:15 AM

Posted 09 September 2011 - 03:15 PM

Hi javajunkie9, and welcome to Bleeping Computer.

Please try running this program:
Download OTL.com by OldTimer to your Desktop.

  • Close all windows and double click OTL.com.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 javajunkie9

javajunkie9
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 09 September 2011 - 09:44 PM

I tried running it a few time but i keep only getting one log; the OTL.txt one. I ran OTL a few days ago and got both scans so for the EXTRA log I'm gonna have to give you the old one its from 9/2.
heres OTL first.

OTL logfile created on: 9/9/2011 10:35:32 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Nick&Nika\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 49.34% Memory free
7.49 Gb Paging File | 5.49 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.42 Gb Total Space | 283.82 Gb Free Space | 62.59% Space Free | Partition Type: NTFS

Computer Name: NICHOLE1 | User Name: Nick&Nika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Nick&Nika\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSND&bmod=TSND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSND&bmod=TSND
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 09:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/09 19:12:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}: C:\Users\Nick&Nika\AppData\Local\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}\ [2011/08/25 03:27:13 | 000,000,000 | ---D | M]

[2010/10/31 15:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick&Nika\AppData\Roaming\Mozilla\Extensions
[2011/09/07 21:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick&Nika\AppData\Roaming\Mozilla\Firefox\Profiles\4jtiylsk.default\extensions
[2011/09/02 10:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/31 18:42:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/05/18 21:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/24 21:31:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/25 03:27:13 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\NICK&NIKA\APPDATA\LOCAL\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}
() (No name found) -- C:\USERS\NICK&NIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4JTIYLSK.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2011/09/08 09:05:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C757F8E0-7578-464D-B474-B90B3B546CCE}: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352EE89-74A4-4150-8547-37C6B0F7411E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3f22138f-c28c-11df-a040-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3f22138f-c28c-11df-a040-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{d31b74d1-344e-11e0-9929-88ae1de6ecfe}\Shell - "" = AutoRun
O33 - MountPoints2\{d31b74d1-344e-11e0-9929-88ae1de6ecfe}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 13:09:38 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\AppData\Roaming\Inspiration Software
[2011/09/07 13:09:27 | 000,090,112 | ---- | C] (MindVision Software) -- C:\windows\unvise32.exe
[2011/09/07 13:09:15 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\AppData\Roaming\Softland
[2011/09/07 13:09:10 | 000,028,488 | ---- | C] (Softland) -- C:\windows\SysNative\novamnk7.dll
[2011/09/07 13:09:10 | 000,020,808 | ---- | C] (Softland) -- C:\windows\SysNative\novamik7.dll
[2011/09/07 13:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\novaPDF 7
[2011/09/07 13:09:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GdiPlus.dll
[2011/09/07 13:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2011/09/07 13:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inspiration 9
[2011/09/06 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/09/06 08:55:32 | 000,000,000 | ---D | C] -- C:\rsit
[2011/09/06 08:25:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Nick&Nika\Desktop\dds.scr
[2011/09/02 12:12:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/02 10:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/09/02 10:47:55 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nick&Nika\Desktop\TDSSKiller.exe
[2011/09/02 09:56:01 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\Desktop\GooredFix Backups
[2011/09/01 09:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/01 09:14:54 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/01 09:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/01 09:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/09/01 09:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/08/25 03:27:13 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\AppData\Local\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}

========== Files - Modified Within 30 Days ==========

[2011/09/09 21:47:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/09 20:23:07 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/09/09 20:23:07 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/09/09 20:23:07 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/09/09 20:09:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/09/09 16:00:00 | 000,000,312 | ---- | M] () -- C:\windows\tasks\At2.job
[2011/09/09 16:00:00 | 000,000,312 | ---- | M] () -- C:\windows\tasks\At1.job
[2011/09/09 12:47:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/09 09:41:03 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/09 09:41:03 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 09:24:53 | 000,074,749 | ---- | M] () -- C:\Users\Nick&Nika\Desktop\mkparkmaplarge.jpg
[2011/09/07 23:04:28 | 000,133,904 | ---- | M] () -- C:\Users\Nick&Nika\Documents\Computers in Education.isf
[2011/09/07 21:38:22 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 13:08:57 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Inspiration 9.lnk
[2011/09/06 13:23:14 | 000,259,050 | ---- | M] () -- C:\Users\Nick&Nika\Desktop\Mountain Bike Trail Map.pdf
[2011/09/06 12:47:52 | 000,002,299 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/09/06 08:28:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Nick&Nika\Desktop\dds.scr
[2011/09/06 08:22:53 | 000,000,000 | ---- | M] () -- C:\Users\Nick&Nika\defogger_reenable
[2011/09/06 08:22:12 | 000,050,477 | ---- | M] () -- C:\Users\Nick&Nika\Desktop\Defogger.exe
[2011/09/02 10:18:32 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/01 09:14:54 | 000,002,995 | ---- | M] () -- C:\Users\Nick&Nika\Desktop\HiJackThis.lnk
[2011/09/01 09:09:49 | 000,001,273 | ---- | M] () -- C:\Users\Nick&Nika\Desktop\Spybot - Search & Destroy.lnk
[2011/08/26 18:08:44 | 000,000,000 | ---- | M] () -- C:\Users\Nick&Nika\AppData\Local\Ugayu.bin
[2011/08/26 18:08:43 | 000,001,034 | ---- | M] () -- C:\Users\Nick&Nika\AppData\Local\Qjepebirita.dat
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nick&Nika\Desktop\TDSSKiller.exe
[2011/08/12 07:10:45 | 000,001,606 | -HS- | M] () -- C:\Users\Nick&Nika\AppData\Local\75pg32uc86hns2rqtr4c

========== Files Created - No Company Name ==========

[2011/09/08 09:24:51 | 000,074,749 | ---- | C] () -- C:\Users\Nick&Nika\Desktop\mkparkmaplarge.jpg
[2011/09/07 13:58:16 | 000,133,904 | ---- | C] () -- C:\Users\Nick&Nika\Documents\Computers in Education.isf
[2011/09/07 13:09:10 | 000,007,549 | ---- | C] () -- C:\windows\SysNative\novak7.ctm
[2011/09/07 13:08:57 | 000,001,018 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inspiration 9.lnk
[2011/09/07 13:08:57 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Inspiration 9.lnk
[2011/09/06 13:23:14 | 000,259,050 | ---- | C] () -- C:\Users\Nick&Nika\Desktop\Mountain Bike Trail Map.pdf
[2011/09/06 12:47:52 | 000,002,299 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/09/06 12:42:26 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/06 12:42:25 | 000,000,900 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/06 10:14:07 | 000,302,592 | ---- | C] () -- C:\Users\Nick&Nika\Desktop\gmer.exe
[2011/09/06 08:22:53 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\defogger_reenable
[2011/09/06 08:22:11 | 000,050,477 | ---- | C] () -- C:\Users\Nick&Nika\Desktop\Defogger.exe
[2011/09/02 10:18:31 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/02 10:18:31 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/01 09:14:54 | 000,002,995 | ---- | C] () -- C:\Users\Nick&Nika\Desktop\HiJackThis.lnk
[2011/09/01 09:09:49 | 000,001,273 | ---- | C] () -- C:\Users\Nick&Nika\Desktop\Spybot - Search & Destroy.lnk
[2011/08/25 03:27:18 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\Ugayu.bin
[2011/08/25 03:27:14 | 000,001,034 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\Qjepebirita.dat
[2011/08/08 09:02:25 | 000,001,606 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\75pg32uc86hns2rqtr4c
[2011/08/08 09:02:25 | 000,001,538 | -HS- | C] () -- C:\ProgramData\75pg32uc86hns2rqtr4c
[2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\vrqb.exe
[2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\mpjb.exe
[2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\iufy.exe
[2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\hnri.exe
[2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\hhhy.exe
[2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\gtpt.exe
[2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\dgui.exe
[2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\avsd.exe
[2011/07/16 08:13:50 | 000,001,642 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\807k7g44ekx
[2011/07/16 08:13:50 | 000,001,642 | -HS- | C] () -- C:\ProgramData\807k7g44ekx
[2011/05/25 23:06:50 | 000,001,614 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\bvc487bk682w74h1c31i8a
[2011/05/25 23:06:50 | 000,001,614 | -HS- | C] () -- C:\ProgramData\bvc487bk682w74h1c31i8a
[2011/05/12 08:52:03 | 000,003,866 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\n52m2u8uhc556n1g65pbr2eb41hr811ol256vxi675bcm4
[2011/05/12 08:52:03 | 000,003,866 | -HS- | C] () -- C:\ProgramData\n52m2u8uhc556n1g65pbr2eb41hr811ol256vxi675bcm4
[2011/05/05 01:28:10 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/04/20 15:26:04 | 000,010,898 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
[2011/04/20 15:26:04 | 000,010,898 | -HS- | C] () -- C:\ProgramData\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
[2011/01/15 09:49:20 | 000,000,010 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Roaming\install_pal
[2011/01/15 09:48:40 | 000,000,008 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Roaming\uid_pal
[2010/10/31 20:53:16 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2010/10/31 20:53:16 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2010/10/31 18:56:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/31 15:57:06 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/09/17 14:44:08 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2010/09/17 14:39:25 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/17 14:36:58 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/07/23 12:46:04 | 001,345,184 | ---- | C] () -- C:\windows\ROnce.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 07:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/07/23 12:45:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/09/07 21:38:22 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 21:38:27 | 4022,005,760 | -HS- | M] () -- C:\pagefile.sys
[2011/09/02 10:49:03 | 000,065,844 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_02.09.2011_10.48.07_log.txt
[2011/09/06 10:08:08 | 000,065,844 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_06.09.2011_10.07.04_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >


here's my old EXTRA log

OTL Extras logfile created on: 9/2/2011 11:06:55 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Nick&Nika\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 55.16% Memory free
7.49 Gb Paging File | 5.65 Gb Available in Paging File | 75.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.42 Gb Total Space | 285.20 Gb Free Space | 62.90% Space Free | Partition Type: NTFS

Computer Name: NICHOLE1 | User Name: Nick&Nika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ABF311C-6AA8-B234-196A-6DEE5A43E34A}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4044201A-8576-2999-1166-96C5593F3CFF}" = ATI Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AD569236-7D43-BB31-BC99-E51E2DD85328}" = AMD Fuel
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{418D5410-7A7B-315F-0CF9-A76BC6C131DC}" = Catalyst Control Center InstallProxy
"{4213BB83-E435-E9EF-13FF-0D1397328A15}" = Application Profiles
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6201BACA-81B5-8AB0-3B93-0F76BB6F4389}" = CCC Help English
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{720E93BE-744E-225B-786F-227C2677352F}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C4284E5-0F17-4883-AA0D-577B4FB0A920}" = CourseSmart Bookshelf
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E975F19C-C852-5DF8-BC76-E88359CB82DF}" = AMD VISION Engine Control Center
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ESET Online Scanner" = ESET Online Scanner v3
"iJoysoft MP4 to MP3 Converter" = iJoysoft MP4 to MP3 Converter
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2011 1:01:49 PM | Computer Name = nichole1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7439188

Error - 9/1/2011 1:01:49 PM | Computer Name = nichole1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7439188

Error - 9/2/2011 9:03:41 AM | Computer Name = nichole1 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 9/2/2011 9:48:11 AM | Computer Name = nichole1 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 9/2/2011 10:07:30 AM | Computer Name = nichole1 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 9/2/2011 10:14:24 AM | Computer Name = nichole1 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 9/2/2011 10:24:20 AM | Computer Name = nichole1 | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 9/2/2011 10:38:34 AM | Computer Name = nichole1 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 9/2/2011 10:51:53 AM | Computer Name = nichole1 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Nick&Nika\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 9/2/2011 10:52:07 AM | Computer Name = nichole1 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Nick&Nika\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

[ System Events ]
Error - 5/5/2011 7:15:39 AM | Computer Name = nichole1 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:14:17 AM on ?5/?5/?2011 was unexpected.

Error - 5/5/2011 8:42:58 AM | Computer Name = nichole1 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:56:28 AM on ?5/?5/?2011 was unexpected.

Error - 5/5/2011 8:49:27 AM | Computer Name = nichole1 | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 5/5/2011 1:15:55 PM | Computer Name = nichole1 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:14:18 PM on ?5/?5/?2011 was unexpected.

Error - 5/5/2011 8:31:04 PM | Computer Name = nichole1 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:42:01 PM on ?5/?5/?2011 was unexpected.

Error - 5/6/2011 8:17:38 AM | Computer Name = nichole1 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:05:47 AM on ?5/?6/?2011 was unexpected.

Error - 5/9/2011 8:17:30 AM | Computer Name = nichole1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/9/2011 8:17:30 AM | Computer Name = nichole1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/9/2011 8:17:31 AM | Computer Name = nichole1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/9/2011 8:17:32 AM | Computer Name = nichole1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >


Thank you for looking into this for me. If it's possible that I'm doing something wrong to produce only one log let me know and i'll fix it and post an updated one

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:15 AM

Posted 10 September 2011 - 01:16 PM

Hi again javajunkie9!!.. :)

I ran OTL a few days ago and got both scans so for the EXTRA log I'm gonna have to give you the old one its from 9/2.

The Extras.txt logfile is generated with the first OTL run only - the program settings need to be changed to have that log generated in subsequent runs...

However, I'm not sure why you ran the OTL program before... Did you run it on your own or maybe you were getting malware removal help elsewhere??.. I see you already ran a script of some sort with OTL... :huh: Such scripts are always based on information in the logs - so they are computer specific, and it's not a good idea to use somebody else's script...

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}: C:\Users\Nick&Nika\AppData\Local\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}\ [2011/08/25 03:27:13 | 000,000,000 | ---D | M]
    [2011/08/25 03:27:13 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\NICK&NIKA\APPDATA\LOCAL\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    [2011/08/25 03:27:13 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\AppData\Local\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}
    [2011/08/26 18:08:44 | 000,000,000 | ---- | M] () -- C:\Users\Nick&Nika\AppData\Local\Ugayu.bin
    [2011/08/26 18:08:43 | 000,001,034 | ---- | M] () -- C:\Users\Nick&Nika\AppData\Local\Qjepebirita.dat
    [2011/08/12 07:10:45 | 000,001,606 | -HS- | M] () -- C:\Users\Nick&Nika\AppData\Local\75pg32uc86hns2rqtr4c
    [2011/08/08 09:02:25 | 000,001,538 | -HS- | C] () -- C:\ProgramData\75pg32uc86hns2rqtr4c
    [2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\vrqb.exe
    [2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\mpjb.exe
    [2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\iufy.exe
    [2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\hnri.exe
    [2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\hhhy.exe
    [2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\gtpt.exe
    [2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\dgui.exe
    [2011/08/08 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\avsd.exe
    [2011/07/16 08:13:50 | 000,001,642 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\807k7g44ekx
    [2011/07/16 08:13:50 | 000,001,642 | -HS- | C] () -- C:\ProgramData\807k7g44ekx
    [2011/05/25 23:06:50 | 000,001,614 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\bvc487bk682w74h1c31i8a
    [2011/05/25 23:06:50 | 000,001,614 | -HS- | C] () -- C:\ProgramData\bvc487bk682w74h1c31i8a
    [2011/05/12 08:52:03 | 000,003,866 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\n52m2u8uhc556n1g65pbr2eb41hr811ol256vxi675bcm4
    [2011/05/12 08:52:03 | 000,003,866 | -HS- | C] () -- C:\ProgramData\n52m2u8uhc556n1g65pbr2eb41hr811ol256vxi675bcm4
    [2011/04/20 15:26:04 | 000,010,898 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
    [2011/04/20 15:26:04 | 000,010,898 | -HS- | C] () -- C:\ProgramData\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
    [2011/01/15 09:49:20 | 000,000,010 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Roaming\install_pal
    [2011/01/15 09:48:40 | 000,000,008 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Roaming\uid_pal
    :Files
    C:\windows\tasks\At*.job
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
I do not see an antivirus program running on your computer (though, I see some remnants of Norton/Symantec)... Without an AV, you have no protection and risk being quickly re-infected... Please install an antivirus program of your choice, run a full system scan with it, and post a log (if possible)... You may want to install one of the antivirus applications I recommend on my site: link


Information to post in your next post:
- OTL fix logfile...
- what antivirus program you've decided to install (+ results of the system scan, if possible)
- what problems with the computer remain...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 javajunkie9

javajunkie9
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 10 September 2011 - 06:44 PM

Hi Snemelk,
I ran OTL earlier because I was trying to follow someone else's thread to find the problem. I didn't try to fix anything but I ran about a half dozen scans to try to atleast locate the problem. I'm glad now that I didn't try to go any further on my own and will make sure I leave this stuff to people who know what they're doing from now on. here is the info you asked for:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}: C:\Users\Nick&Nika\AppData\Local\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}\ not found.
C:\USERS\NICK&NIKA\APPDATA\LOCAL\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}\chrome\content folder moved successfully.
C:\USERS\NICK&NIKA\APPDATA\LOCAL\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}\chrome folder moved successfully.
C:\USERS\NICK&NIKA\APPDATA\LOCAL\{B536F66B-BF47-470B-86B0-7FC0778AF8FF} folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Folder C:\Users\Nick&Nika\AppData\Local\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}\ not found.
C:\Users\Nick&Nika\AppData\Local\Ugayu.bin moved successfully.
C:\Users\Nick&Nika\AppData\Local\Qjepebirita.dat moved successfully.
C:\Users\Nick&Nika\AppData\Local\75pg32uc86hns2rqtr4c moved successfully.
C:\ProgramData\75pg32uc86hns2rqtr4c moved successfully.
C:\ProgramData\vrqb.exe moved successfully.
C:\ProgramData\mpjb.exe moved successfully.
C:\ProgramData\iufy.exe moved successfully.
C:\Users\Nick&Nika\AppData\Local\hnri.exe moved successfully.
C:\Users\Nick&Nika\AppData\Local\hhhy.exe moved successfully.
C:\Users\Nick&Nika\AppData\Local\gtpt.exe moved successfully.
C:\Users\Nick&Nika\AppData\Local\dgui.exe moved successfully.
C:\ProgramData\avsd.exe moved successfully.
C:\Users\Nick&Nika\AppData\Local\807k7g44ekx moved successfully.
C:\ProgramData\807k7g44ekx moved successfully.
C:\Users\Nick&Nika\AppData\Local\bvc487bk682w74h1c31i8a moved successfully.
C:\ProgramData\bvc487bk682w74h1c31i8a moved successfully.
C:\Users\Nick&Nika\AppData\Local\n52m2u8uhc556n1g65pbr2eb41hr811ol256vxi675bcm4 moved successfully.
C:\ProgramData\n52m2u8uhc556n1g65pbr2eb41hr811ol256vxi675bcm4 moved successfully.
C:\Users\Nick&Nika\AppData\Local\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6 moved successfully.
C:\ProgramData\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6 moved successfully.
C:\Users\Nick&Nika\AppData\Roaming\install_pal moved successfully.
C:\Users\Nick&Nika\AppData\Roaming\uid_pal moved successfully.
========== FILES ==========
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nick&Nika
->Temp folder emptied: 588505 bytes
->Temporary Internet Files folder emptied: 20544311 bytes
->Java cache emptied: 1971130 bytes
->FireFox cache emptied: 61180674 bytes
->Flash cache emptied: 9358 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3040 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
RecycleBin emptied: 213264814 bytes

Total Files Cleaned = 284.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Nick&Nika
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09102011_173458

Files\Folders moved on Reboot...
C:\Users\Nick&Nika\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



I downloaded Avast and have it installed. I ran a full system scan and it came up with a few errors that say Error:Archive is password protected (42056). I couldn't find a way to copy the log of the errors so I could post it here. Under the Summary tab it says that my system is fully protected.

From what I can see, the problem seems to be fixed. I tried searching a bunch of things on google and didn't get redirected at all. My connection also seems to be running back at normal speed again.

Thank you so much for your help. I was in way over my head and I will make sure that from now on I will ask for help before trying to do things on my own. what should I do next?

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:15 AM

Posted 11 September 2011 - 09:26 AM

Hi again javajunkie9!!.. :)

I ran a full system scan and it came up with a few errors that say Error:Archive is password protected (42056).

When a file (an archive) is password protected, antivirus program cannot open it to have it scanned - it's a normal thing, nothing to worry about...

From what I can see, the problem seems to be fixed. I tried searching a bunch of things on google and didn't get redirected at all. My connection also seems to be running back at normal speed again.

I'm glad to see it!.. :thumbup2:
There was a malicious Add-on for Firefox installed - it was removed with the OTL script...

I was in way over my head and I will make sure that from now on I will ask for help before trying to do things on my own.

If general system scans don't solve the problem, it usually means that either it's a new variant of an infection, it's a very complex infection or the problem lies elsewhere (like hardware related problems)... It's certainly a good idea to ask for help if standard scans don't help... :)

Please do the following:

Firstly,
Open Notepad and copy and paste next present in the quotebox:

@echo off
regedit /e C:\look.txt "HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions"
notepad C:\look.txt
del C:\look.txt
del %0


Save this as look.bat , choose to save as *all files and place it on your Desktop.
It should look like this: Posted Image
Doubleclick on it and Notepad should open.
Copy and paste the contents of it in your next reply.

Secondly,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 9.3 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 26

Then,
  • Download the latest version of Java Runtime Environment (JRE) 7.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 7".
  • Click the Download button under "JRE".
  • In the Window that opens, check the box that says: "Accept License Agreement".
  • Click on the link: jre-7-windows-i586.exe to download an offline installer for Windows x86. Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your Desktop double-click on the file that you've downloaded to install the newest version.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

- run Windows Update (Start --> All programs --> Windows Update) - check if there are new critical/important updates to install; if yes, please install them... Take a look at optional updates, I recommend you install them as well - this includes Internet Explorer 9.0 (even if you use Firefox on daily basis, it's a good idea to have IE up-to-date as well)...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 javajunkie9

javajunkie9
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 11 September 2011 - 08:45 PM

Hi snemelk,

I took all the steps you asked for in your last post. Here is what look file shows pops up as:


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions]
"{B536F66B-BF47-470B-86B0-7FC0778AF8FF}"="C:\\Users\\Nick&Nika\\AppData\\Local\\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}\\"

Let me know if there is anything else i should do.

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:15 AM

Posted 12 September 2011 - 05:06 AM

Hi again javajunkie9!!.. :)

If no problem remains, this is the last set of instructions:

Firstly,
Please run Notepad and paste the following text into a new file:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions]
"{B536F66B-BF47-470B-86B0-7FC0778AF8FF}"=-


Save the file to the Desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the Desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Secondly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Thirdly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.


Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:15 AM

Posted 25 September 2011 - 11:02 AM

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users