247fixes PC Help Forum: [Resolved] Url Search Redirected To Yahoo - 247fixes PC Help Forum

Jump to content

Welcome to 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates
  • Add events to our community calendar
  • Get your own profile and make new friends
  • Customize your experience here
Guest Message © 2010 DevFuse
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

[Resolved] Url Search Redirected To Yahoo

#1 User is offline   theatredan 

  • Full Member
  • PipPip
  • Group: Member+
  • Posts: 14
  • Joined: 15-November 09

Posted 25 January 2010 - 04:48 PM

Anything I search from the URL location bar in Internet Explorer is redirected to Yahoo, when it used to go to Google. Is this malware or a virus?

Any help would be greatly appreciated.

Thanks in advance!

Here is my HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:16 AM, on 1/25/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\Common\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7370 bytes
0

#2 User is offline   schrauber 

  • Mr.Mechanic
  • Icon
  • Group: Malware Remover
  • Posts: 194
  • Joined: 15-April 09
  • Gender:Male
  • Location:Germany

Posted 26 January 2010 - 06:18 PM

Hello and :welcome: to 247Fixes.com

My name is Thomas and I will be helping you. (Tom is fine, if you like.)



You may want to keep the link to this topic in your favourites. Alternatively, you can click the http://i517.photobucket.com/albums/u338/Eextremeboy/watch247pic.jpg button at the top bar of this topic and choose the notification you wish and click Proceed. Your subscription will be added and the topics you are subscribed/tracked to can be found in your Control Panel on this page

Please take note of the following guidelines:

  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Old topics are closed after 3-5 days with no reply, and working topics are closed after 5-7 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Finally, please reply using the http://i517.photobucket.com/albums/u338/Eextremeboy/addreply_icon247.jpg button in the lower left hand corner of your screen.






  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

0

#3 User is offline   theatredan 

  • Full Member
  • PipPip
  • Group: Member+
  • Posts: 14
  • Joined: 15-November 09

Posted 27 January 2010 - 03:11 AM

OTL did not produce a file named 'Extras.txt'.

Here is the other file log.

OTL logfile created on: 1/26/2010 9:32:47 PM - Run 2
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Dan&Amber4ever\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 914.78 Gb Free Space | 98.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUILT42
Current User Name: Dan&Amber4ever
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/25 11:55:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Dan&Amber4ever\Desktop\OTL.exe
PRC - [2010/01/24 13:35:39 | 00,557,056 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2010/01/23 10:59:07 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/23 10:59:06 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/01/23 10:59:04 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/01/23 10:59:02 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/12 14:41:00 | 03,168,216 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/09 14:20:14 | 00,818,432 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
PRC - [2009/10/27 22:31:14 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/04 17:29:54 | 00,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 00,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/03/02 14:06:16 | 00,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2008/07/30 10:47:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/05/02 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/05/13 21:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/03/14 21:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe


========== Modules (SafeList) ==========

MOD - [2010/01/25 11:55:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Dan&Amber4ever\Desktop\OTL.exe
MOD - [2009/07/13 20:15:36 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009/07/13 20:15:21 | 00,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009/07/13 20:15:21 | 00,093,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
MOD - [2009/07/13 20:15:07 | 00,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2008/05/02 02:49:54 | 00,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/01/23 10:59:04 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/23 10:59:02 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/09 14:20:14 | 00,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/08/04 17:29:54 | 00,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/13 22:20:14 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 22:20:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 15:30:11 | 00,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 15:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/03/02 14:06:16 | 00,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/07/30 10:47:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/01/22 11:13:26 | 00,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/13 21:54:36 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 82 73 CC 75 9B CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 16:00:26 | 00,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - Startup: C:\Users\Dan&Amber4ever\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\Common\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a9c31884-077a-11df-a74d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a9c31884-077a-11df-a74d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/25 11:55:42 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Dan&Amber4ever\Desktop\OTL.exe
[2010/01/24 15:09:58 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/01/24 15:09:42 | 00,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/01/24 15:09:42 | 00,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/01/24 15:09:41 | 00,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/01/24 15:09:41 | 00,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/01/24 15:09:33 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/01/24 15:09:33 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/01/24 15:09:30 | 00,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/01/24 15:09:27 | 00,176,640 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll
[2010/01/24 14:42:25 | 00,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/01/24 14:42:20 | 00,000,000 | ---D | C] -- C:\Intel
[2010/01/24 14:19:02 | 00,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\kemutb.dll
[2010/01/24 14:19:02 | 00,232,976 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemUtil.dll
[2010/01/24 14:19:02 | 00,158,736 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemWnd.dll
[2010/01/24 14:19:02 | 00,095,760 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemXML.dll
[2010/01/24 14:18:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/01/24 14:18:25 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010/01/24 13:54:07 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010/01/24 13:35:35 | 00,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/01/24 13:35:29 | 00,000,000 | ---D | C] -- C:\Temp
[2010/01/24 13:34:15 | 00,016,384 | ---- | C] (BitLeader) -- C:\Windows\SysWow64\lgfwunis.exe
[2010/01/24 13:30:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/01/24 12:22:26 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/01/24 12:10:10 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/01/23 10:59:16 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/23 10:59:15 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/01/23 10:59:11 | 00,470,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/01/23 10:59:11 | 00,422,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/01/23 10:59:10 | 00,034,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/01/23 10:59:10 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/01/23 10:58:58 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/01/22 13:06:52 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Contacts
[2010/01/22 13:06:48 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Videos
[2010/01/22 13:06:48 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Saved Games
[2010/01/22 13:06:48 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Pictures
[2010/01/22 13:06:48 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Music
[2010/01/22 13:06:48 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Links
[2010/01/22 13:06:48 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Favorites
[2010/01/22 13:06:48 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Downloads
[2010/01/22 13:06:48 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Documents
[2010/01/22 13:06:48 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Desktop
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\Templates
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\Start Menu
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\SendTo
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\Recent
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\PrintHood
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\NetHood
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\Documents\My Videos
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\Documents\My Pictures
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\Documents\My Music
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\My Documents
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\Local Settings
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\Cookies
[2010/01/22 13:06:48 | 00,000,000 | -HSD | C] -- C:\Users\Dan&Amber4ever\Application Data
[2010/01/22 13:06:48 | 00,000,000 | -H-D | C] -- C:\Users\Dan&Amber4ever\AppData
[2010/01/22 13:06:38 | 00,000,000 | -HSD | C] -- C:\Recovery
[2010/01/22 13:06:35 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/01/22 12:22:37 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/01/22 12:22:12 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2010/01/22 12:21:24 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2010/01/22 10:27:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/22 10:27:05 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/22 10:27:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/22 10:25:24 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/22 10:24:20 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/01/22 10:20:28 | 00,218,056 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/01/22 10:20:27 | 00,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/01/22 10:20:27 | 00,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/01/22 10:20:18 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/22 10:20:17 | 00,095,504 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2010/01/22 10:20:17 | 00,081,584 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis64.sys
[2010/01/22 10:20:17 | 00,042,456 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2010/01/22 10:20:16 | 00,164,496 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2010/01/22 10:07:06 | 00,000,000 | R--D | C] -- C:\Users\Dan&Amber4ever\Searches

========== Files - Modified Within 14 Days ==========

[2010/01/26 21:32:21 | 00,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 21:32:21 | 00,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 21:31:53 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/26 21:31:53 | 00,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/26 21:31:53 | 00,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/26 21:27:56 | 00,001,342 | ---- | M] () -- C:\Users\Dan&Amber4ever\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/01/26 21:25:53 | 01,048,576 | -HS- | M] () -- C:\Users\Dan&Amber4ever\NTUSER.DAT
[2010/01/26 21:25:41 | 00,000,330 | ---- | M] () -- C:\Windows\lgfwup.ini
[2010/01/26 21:25:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/26 21:25:14 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/26 21:25:09 | 16,094,24896 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/26 18:47:45 | 54,696,184 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/01/25 21:56:45 | 01,419,045 | -H-- | M] () -- C:\Users\Dan&Amber4ever\AppData\Local\IconCache.db
[2010/01/25 11:55:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Dan&Amber4ever\Desktop\OTL.exe
[2010/01/25 11:41:00 | 00,002,093 | ---- | M] () -- C:\Users\Dan&Amber4ever\Desktop\HijackThis.lnk
[2010/01/24 16:31:15 | 00,057,560 | ---- | M] () -- C:\Users\Dan&Amber4ever\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/24 15:20:32 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
[2010/01/24 15:17:49 | 00,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2010/01/24 14:21:45 | 00,000,760 | ---- | M] () -- C:\Users\Dan&Amber4ever\AppData\Roaming\setup_ldm.iss
[2010/01/24 14:19:53 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/01/24 14:19:48 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/01/24 14:19:06 | 00,001,845 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/01/24 14:19:06 | 00,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/01/24 13:40:21 | 00,000,355 | ---- | M] () -- C:\Users\Dan&Amber4ever\Desktop\Computer - Shortcut.lnk
[2010/01/24 13:36:13 | 00,016,384 | ---- | M] (BitLeader) -- C:\Windows\SysWow64\lgfwunis.exe
[2010/01/24 13:31:49 | 00,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2010/01/24 13:31:35 | 00,002,742 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2010/01/24 13:25:48 | 00,002,080 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink DVD Suite.lnk
[2010/01/24 11:35:16 | 00,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/23 10:59:15 | 00,470,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/01/23 10:59:15 | 00,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/01/23 10:59:15 | 00,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/01/23 10:59:15 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/01/23 10:59:15 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/23 10:59:11 | 00,422,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/01/23 10:59:10 | 06,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/01/23 10:59:10 | 00,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/01/23 10:59:10 | 00,034,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/01/22 13:06:48 | 00,000,020 | -HS- | M] () -- C:\Users\Dan&Amber4ever\ntuser.ini
[2010/01/22 12:24:46 | 00,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/01/22 12:24:46 | 00,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/01/22 10:27:09 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/22 10:25:20 | 00,001,033 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/22 10:25:15 | 00,007,412 | ---- | M] () -- C:\Windows\SysNative\drivers\PCTAppEvent.cat
[2010/01/22 10:20:35 | 00,524,288 | -HS- | M] () -- C:\Users\Dan&Amber4ever\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/01/22 10:20:35 | 00,524,288 | -HS- | M] () -- C:\Users\Dan&Amber4ever\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/01/22 10:20:35 | 00,065,536 | -HS- | M] () -- C:\Users\Dan&Amber4ever\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/01/22 10:10:09 | 00,000,473 | ---- | M] () -- C:\Users\Dan&Amber4ever\Desktop\SimpleDrive (E) - Shortcut.lnk
[2010/01/13 11:59:28 | 00,164,496 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys

========== Files Created - No Company Name ==========

[2010/01/26 21:27:56 | 00,001,342 | ---- | C] () -- C:\Users\Dan&Amber4ever\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/01/25 11:41:00 | 00,002,093 | ---- | C] () -- C:\Users\Dan&Amber4ever\Desktop\HijackThis.lnk
[2010/01/24 15:20:32 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
[2010/01/24 14:40:58 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/01/24 14:21:45 | 00,000,760 | ---- | C] () -- C:\Users\Dan&Amber4ever\AppData\Roaming\setup_ldm.iss
[2010/01/24 14:19:53 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/01/24 14:19:48 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/01/24 14:19:06 | 00,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/01/24 14:19:06 | 00,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/01/24 13:40:21 | 00,000,355 | ---- | C] () -- C:\Users\Dan&Amber4ever\Desktop\Computer - Shortcut.lnk
[2010/01/24 13:34:18 | 00,000,330 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/01/24 13:31:49 | 00,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2010/01/24 13:31:35 | 00,002,742 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2010/01/24 13:25:48 | 00,002,080 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink DVD Suite.lnk
[2010/01/23 10:59:15 | 54,696,184 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/01/23 10:59:15 | 00,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/01/23 10:59:15 | 00,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/01/23 10:59:15 | 00,001,854 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/23 10:59:10 | 06,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/01/23 10:59:10 | 00,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/01/22 13:06:48 | 01,048,576 | -HS- | C] () -- C:\Users\Dan&Amber4ever\NTUSER.DAT
[2010/01/22 13:06:48 | 00,524,288 | -HS- | C] () -- C:\Users\Dan&Amber4ever\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/01/22 13:06:48 | 00,524,288 | -HS- | C] () -- C:\Users\Dan&Amber4ever\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/01/22 13:06:48 | 00,065,536 | -HS- | C] () -- C:\Users\Dan&Amber4ever\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/01/22 13:06:48 | 00,000,020 | -HS- | C] () -- C:\Users\Dan&Amber4ever\ntuser.ini
[2010/01/22 12:22:12 | 16,094,24896 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/22 10:27:09 | 00,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/22 10:25:20 | 00,001,033 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/22 10:25:15 | 00,007,412 | ---- | C] () -- C:\Windows\SysNative\drivers\PCTAppEvent.cat
[2010/01/22 10:20:28 | 00,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/01/22 10:20:27 | 00,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/01/22 10:20:17 | 00,007,405 | ---- | C] () -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.cat
[2010/01/22 10:20:17 | 00,007,382 | ---- | C] () -- C:\Windows\SysNative\drivers\pctNdis-DNS64.cat
[2010/01/22 10:20:16 | 00,007,366 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplfw64.cat
[2010/01/22 10:10:09 | 00,000,473 | ---- | C] () -- C:\Users\Dan&Amber4ever\Desktop\SimpleDrive (E) - Shortcut.lnk
[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/07/14 00:08:49 | 00,004,376 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C31F31E6
< End of report >
0

#4 User is offline   schrauber 

  • Mr.Mechanic
  • Icon
  • Group: Malware Remover
  • Posts: 194
  • Joined: 15-April 09
  • Gender:Male
  • Location:Germany

Posted 27 January 2010 - 07:43 PM

Hi,

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

0

#5 User is offline   theatredan 

  • Full Member
  • PipPip
  • Group: Member+
  • Posts: 14
  • Joined: 15-November 09

Posted 27 January 2010 - 11:18 PM

I wanted to tell you before I did the scan that when I start GMER it gives me a warning message saying that 'C:\Windows\system32\config\system: The system cannot find the file specified.'

I checked the location and the file is there. What should I do?
0

#6 User is offline   schrauber 

  • Mr.Mechanic
  • Icon
  • Group: Malware Remover
  • Posts: 194
  • Joined: 15-April 09
  • Gender:Male
  • Location:Germany

Posted 28 January 2010 - 08:47 PM

Please skip the step with Gmer and do the following :


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from [COLOR=blue]here[/COLOR] and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
0

#7 User is offline   theatredan 

  • Full Member
  • PipPip
  • Group: Member+
  • Posts: 14
  • Joined: 15-November 09

Posted 29 January 2010 - 01:23 AM

Malwarebytes found nothing wrong. The log file is posted below. I also have Super Antispyware already installed and it hasn't found anything beyond a few tracking cookies.

Malwarebytes' Anti-Malware 1.44
Database version: 3654
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/28/2010 4:50:16 PM
mbam-log-2010-01-28 (16-50-16).txt

Scan type: Quick Scan
Objects scanned: 91663
Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0

#8 User is offline   schrauber 

  • Mr.Mechanic
  • Icon
  • Group: Malware Remover
  • Posts: 194
  • Joined: 15-April 09
  • Gender:Male
  • Location:Germany

Posted 30 January 2010 - 11:55 AM

How is it running?


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

  • Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
  • Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
  • Accept any security warnings from your browser.
  • Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
  • Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
  • Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt



Also please post back with a fresh OTL logfile.
0

#9 User is offline   theatredan 

  • Full Member
  • PipPip
  • Group: Member+
  • Posts: 14
  • Joined: 15-November 09

Posted 30 January 2010 - 01:34 PM

Hey I appreciate everything you have done so far, but I decided to reinstall Windows last night. While reinstalling PC Tools, MalwareBytes, SuperAntiSpyware, and AVG; I went through custom setup on AVG and found a check box that made Yahoo my default search engine. So it was user error and not so much malware. Once again I appreciate all the help you have given me so far. I would like to close this thread and I am happy to donate for all the hard work you guys do. Thanks so much!
0

#10 User is offline   schrauber 

  • Mr.Mechanic
  • Icon
  • Group: Malware Remover
  • Posts: 194
  • Joined: 15-April 09
  • Gender:Male
  • Location:Germany

Posted 30 January 2010 - 06:38 PM

This thread is being closed because it has been resolved. If you would like it to be reopened please contact me or another member of the Moderating team.

As always, we'd like to thank you for using 247fixes. Have a great day!

This only applies to the original poster if you're not the original poster please start a new topic in this forum.
0
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users