Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect and security suite viruses


  • This topic is locked This topic is locked
7 replies to this topic

#1 robinson9

robinson9

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 12 December 2011 - 09:13 PM

My wife recently acquired a virus somewhere and asked me to take care of it for her. At first I noticed the security suite virus so I ran Rkill and MBAM and got rid of it. Unfortunately, it looks like the bigger issue is the google redirect and it keeps downloading the security suite virus again. For the time being I have downloaded the free version of Avast to block more viruses from coming in but I'm aware that I'm probably better off paying for a more proactive antivirus once this problem is fixed. This is definitely above my head so I'm turning here for help...

I tried running dds and it simply won't run. At first I thought Avast was blocking it but that doesn't seem like the case. I also ran GMER, but it didn't produce the logs that the instructions thread says it's supposed to come up with, instead it just says "GMER did not detect any modifications".

What should I do next?

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 15 December 2011 - 01:04 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 18 December 2011 - 03:03 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 robinson9

robinson9
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 20 December 2011 - 08:21 AM

Hi Gringo,


I'm very sorry about the delayed response, I'll make sure I reply faster in the future.


Here is the log you requested:
OTL logfile created on: 12/20/2011 8:11:57 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick&Nika\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.65% Memory free
7.49 Gb Paging File | 5.58 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.42 Gb Total Space | 270.99 Gb Free Space | 59.77% Space Free | Partition Type: NTFS

Computer Name: NICHOLE1 | User Name: Nick&Nika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nick&Nika\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2677925283-3587276015-2245756309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKU\S-1-5-21-2677925283-3587276015-2245756309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2677925283-3587276015-2245756309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKU\S-1-5-21-2677925283-3587276015-2245756309-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2677925283-3587276015-2245756309-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/11/21 08:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/11/21 08:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/11 20:56:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/21 08:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/21 08:18:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}: C:\Users\Nick&Nika\AppData\Local\{B536F66B-BF47-470B-86B0-7FC0778AF8FF}\

[2010/10/31 14:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick&Nika\AppData\Roaming\Mozilla\Extensions
[2011/10/14 11:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick&Nika\AppData\Roaming\Mozilla\Firefox\Profiles\4jtiylsk.default\extensions
[2011/11/25 14:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/31 17:42:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/12/11 20:56:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\NICK&NIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4JTIYLSK.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2011/11/10 11:41:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/11 19:34:07 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/10 11:41:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 11:41:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2677925283-3587276015-2245756309-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2677925283-3587276015-2245756309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-2677925283-3587276015-2245756309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C757F8E0-7578-464D-B474-B90B3B546CCE}: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352EE89-74A4-4150-8547-37C6B0F7411E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 13:15:46 | 000,036,352 | ---- | C] (TWX Corp.) -- C:\windows\SysWow64\1ru8uwt.exe
[2011/12/16 13:07:39 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/12/16 13:07:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/12/16 13:07:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/12/16 13:07:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/12/16 13:07:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/12/16 13:07:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/12/16 13:07:35 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2011/12/16 13:07:35 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2011/12/16 13:07:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2011/12/16 13:07:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011/12/16 13:07:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011/12/15 17:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/15 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/15 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/15 17:36:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2011/12/15 17:36:20 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2011/12/15 17:36:20 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2011/12/11 20:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/11 20:57:15 | 000,024,408 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2011/12/11 20:57:13 | 000,304,472 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2011/12/11 20:56:56 | 000,042,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2011/12/11 20:56:52 | 000,058,712 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2011/12/11 20:56:46 | 000,591,192 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/12/11 20:56:43 | 000,066,904 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2011/12/11 20:56:24 | 000,199,816 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011/12/11 20:56:24 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/12/11 16:37:27 | 000,000,000 | ---D | C] -- C:\windows\system64
[2011/12/08 16:28:29 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\AppData\Local\{B7B8541B-F2C9-40AF-AFBA-E0BA62CC751F}
[2011/11/21 08:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2011/11/21 08:35:55 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\AppData\Roaming\Visan
[2011/11/21 08:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/11/21 08:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/11/21 08:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2011/11/21 08:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2011/11/21 08:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2011/11/21 08:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/11/21 08:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2011/11/21 08:18:14 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\AppData\Roaming\HpUpdate
[2011/11/21 08:17:49 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\SysNative\HPDiscoPM8e11.dll
[2011/11/21 08:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/11/21 08:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/11/21 08:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/11/21 08:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/21 08:16:31 | 000,000,000 | ---D | C] -- C:\Users\Nick&Nika\AppData\Local\HP

========== Files - Modified Within 30 Days ==========

[2011/12/20 07:56:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/20 07:53:46 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/12/20 07:53:46 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/12/20 07:53:46 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At8.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At6.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At48.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At46.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At44.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At42.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At40.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At4.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At38.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At36.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At34.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At32.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At2.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At16.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At14.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At12.job
[2011/12/20 07:52:32 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At10.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At9.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At7.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At5.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At47.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At45.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At43.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At41.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At39.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At37.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At35.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At33.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At31.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At3.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At15.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At13.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At11.job
[2011/12/20 07:52:32 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At1.job
[2011/12/20 07:52:32 | 000,000,332 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2011/12/20 07:52:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/19 14:44:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At30.job
[2011/12/19 14:44:00 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At29.job
[2011/12/19 13:56:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/19 13:44:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At28.job
[2011/12/19 13:44:00 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At27.job
[2011/12/19 12:44:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At26.job
[2011/12/19 12:44:00 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At25.job
[2011/12/19 11:44:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At24.job
[2011/12/19 11:44:00 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At23.job
[2011/12/19 10:44:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At22.job
[2011/12/19 10:44:00 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At21.job
[2011/12/19 09:44:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At20.job
[2011/12/19 09:44:00 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At19.job
[2011/12/19 08:44:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At18.job
[2011/12/19 08:44:00 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At17.job
[2011/12/19 08:07:39 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 08:07:39 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 11:11:26 | 004,857,688 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/17 11:10:17 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 13:37:18 | 000,000,112 | ---- | M] () -- C:\ProgramData\Or5Vs7b2.dat
[2011/12/16 13:15:35 | 000,036,352 | ---- | M] (TWX Corp.) -- C:\windows\SysWow64\1ru8uwt.exe
[2011/12/15 17:43:17 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/15 17:38:12 | 000,001,245 | ---- | M] () -- C:\windows\SysNative\mapisvc.inf
[2011/12/15 16:41:50 | 000,008,752 | -HS- | M] () -- C:\Users\Nick&Nika\AppData\Local\122677m6s337x050g433o4kda1a3
[2011/12/15 16:41:50 | 000,008,752 | -HS- | M] () -- C:\ProgramData\122677m6s337x050g433o4kda1a3
[2011/12/11 20:57:22 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/11 20:56:43 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/12/11 20:36:20 | 000,005,394 | -HS- | M] () -- C:\Users\Nick&Nika\AppData\Local\51q1x325g7yxn5t42h4wy
[2011/12/11 20:36:20 | 000,005,394 | -HS- | M] () -- C:\ProgramData\51q1x325g7yxn5t42h4wy
[2011/12/11 17:50:27 | 000,008,954 | -HS- | M] () -- C:\ProgramData\5o42hc3l58u034
[2011/12/11 17:50:26 | 000,008,954 | -HS- | M] () -- C:\Users\Nick&Nika\AppData\Local\5o42hc3l58u034
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011/11/28 13:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2011/11/21 08:35:30 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2011/11/21 08:17:47 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Plus B210 series.lnk
[2011/11/21 08:17:47 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart Plus B210 series.lnk
[2011/11/21 08:17:47 | 000,001,263 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Plus B210 series Scan.lnk

========== Files Created - No Company Name ==========

[2011/12/16 13:16:18 | 000,000,112 | ---- | C] () -- C:\ProgramData\Or5Vs7b2.dat
[2011/12/16 13:16:16 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At48.job
[2011/12/16 13:16:16 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At47.job
[2011/12/16 13:16:15 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At46.job
[2011/12/16 13:16:15 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At45.job
[2011/12/16 13:16:14 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At44.job
[2011/12/16 13:16:13 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At43.job
[2011/12/16 13:16:12 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At42.job
[2011/12/16 13:16:12 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At41.job
[2011/12/16 13:16:11 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At40.job
[2011/12/16 13:16:11 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At39.job
[2011/12/16 13:16:10 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At38.job
[2011/12/16 13:16:10 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At37.job
[2011/12/16 13:16:09 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At36.job
[2011/12/16 13:16:08 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At34.job
[2011/12/16 13:16:08 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At35.job
[2011/12/16 13:16:07 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At32.job
[2011/12/16 13:16:07 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At33.job
[2011/12/16 13:16:06 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At31.job
[2011/12/16 13:16:05 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At30.job
[2011/12/16 13:16:04 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At28.job
[2011/12/16 13:16:04 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At29.job
[2011/12/16 13:16:03 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At27.job
[2011/12/16 13:16:02 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At26.job
[2011/12/16 13:16:01 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At25.job
[2011/12/16 13:16:00 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At24.job
[2011/12/16 13:15:59 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At22.job
[2011/12/16 13:15:59 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At23.job
[2011/12/16 13:15:58 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At21.job
[2011/12/16 13:15:57 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At20.job
[2011/12/16 13:15:57 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At19.job
[2011/12/16 13:15:56 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At18.job
[2011/12/16 13:15:56 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At17.job
[2011/12/16 13:15:55 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At16.job
[2011/12/16 13:15:54 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At14.job
[2011/12/16 13:15:54 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At15.job
[2011/12/16 13:15:53 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At13.job
[2011/12/16 13:15:52 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At12.job
[2011/12/16 13:15:52 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At11.job
[2011/12/16 13:15:51 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At10.job
[2011/12/16 13:15:51 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At9.job
[2011/12/16 13:15:50 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At8.job
[2011/12/16 13:15:50 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At7.job
[2011/12/16 13:15:49 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At6.job
[2011/12/16 13:15:49 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At5.job
[2011/12/16 13:15:48 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At4.job
[2011/12/16 13:15:47 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At2.job
[2011/12/16 13:15:47 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At3.job
[2011/12/16 13:15:46 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At1.job
[2011/12/15 17:43:17 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/15 16:25:30 | 000,008,752 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\122677m6s337x050g433o4kda1a3
[2011/12/15 16:25:30 | 000,008,752 | -HS- | C] () -- C:\ProgramData\122677m6s337x050g433o4kda1a3
[2011/12/12 19:24:09 | 000,302,592 | ---- | C] () -- C:\Users\Nick&Nika\Desktop\gmer.exe
[2011/12/11 20:57:22 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/11 20:35:14 | 000,005,394 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\51q1x325g7yxn5t42h4wy
[2011/12/11 20:35:14 | 000,005,394 | -HS- | C] () -- C:\ProgramData\51q1x325g7yxn5t42h4wy
[2011/12/11 16:37:17 | 000,008,954 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\5o42hc3l58u034
[2011/12/11 16:37:17 | 000,008,954 | -HS- | C] () -- C:\ProgramData\5o42hc3l58u034
[2011/11/21 08:35:31 | 000,000,332 | ---- | C] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2011/11/21 08:18:55 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/11/21 08:18:26 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2011/11/21 08:17:47 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Plus B210 series.lnk
[2011/11/21 08:17:47 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart Plus B210 series.lnk
[2011/11/21 08:17:47 | 000,001,263 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Plus B210 series Scan.lnk
[2011/10/03 09:17:34 | 000,003,584 | ---- | C] () -- C:\Users\Nick&Nika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 00:28:10 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2010/10/31 19:53:16 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2010/10/31 19:53:16 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2010/10/31 17:56:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/31 14:57:06 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/09/17 13:44:08 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2010/09/17 13:39:25 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/17 13:36:58 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/07/23 11:46:04 | 001,345,184 | ---- | C] () -- C:\windows\ROnce.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

< End of report >









I haven't had any major problems lately except that Avast has begun blocking more and more viruses. It's at the point now where I will get a notification of a blocked trojan at least every 5 minutes.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 20 December 2011 - 01:31 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2011/12/11 16:37:27 | 000,000,000 | ---D | C] -- C:\windows\system64
    [2011/12/15 16:41:50 | 000,008,752 | -HS- | M] () -- C:\Users\Nick&Nika\AppData\Local\122677m6s337x050g433o4kda1a3
    [2011/12/15 16:41:50 | 000,008,752 | -HS- | M] () -- C:\ProgramData\122677m6s337x050g433o4kda1a3
    [2011/12/11 20:36:20 | 000,005,394 | -HS- | M] () -- C:\Users\Nick&Nika\AppData\Local\51q1x325g7yxn5t42h4wy
    [2011/12/11 20:36:20 | 000,005,394 | -HS- | M] () -- C:\ProgramData\51q1x325g7yxn5t42h4wy
    [2011/12/11 17:50:27 | 000,008,954 | -HS- | M] () -- C:\ProgramData\5o42hc3l58u034
    [2011/12/11 17:50:26 | 000,008,954 | -HS- | M] () -- C:\Users\Nick&Nika\AppData\Local\5o42hc3l58u034
    [2011/12/15 16:25:30 | 000,008,752 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\122677m6s337x050g433o4kda1a3
    [2011/12/15 16:25:30 | 000,008,752 | -HS- | C] () -- C:\ProgramData\122677m6s337x050g433o4kda1a3
    [2011/12/11 20:35:14 | 000,005,394 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\51q1x325g7yxn5t42h4wy
    [2011/12/11 20:35:14 | 000,005,394 | -HS- | C] () -- C:\ProgramData\51q1x325g7yxn5t42h4wy
    [2011/12/11 16:37:17 | 000,008,954 | -HS- | C] () -- C:\Users\Nick&Nika\AppData\Local\5o42hc3l58u034
    [2011/12/11 16:37:17 | 000,008,954 | -HS- | C] () -- C:\ProgramData\5o42hc3l58u034
      
    :files
    C:\windows\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 23 December 2011 - 11:46 AM

Hello




Happy Holidays, It has been a couple of days since I have you heard from you so I came by to check on you



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 27 December 2011 - 12:47 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 31 December 2011 - 01:27 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users