security highjack(email hacked)

View previous topic View next topic Go down

security highjack(email hacked)

Post by curiousgeo24 on Wed 15 Dec 2010, 1:45 am

my friends keep getting email from aol that i dont even use and superantispyware found security highjack,now the log is missing.malwarebytes found nothing.i have norton 2011 and nothing.(changed password in aol) i have look at posts and i dont have a clue.(i do have ots oldtimer)

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

Re: security highjack(email hacked)

Post by Belahzur on Wed 15 Dec 2010, 10:01 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: security highjack(email hacked)

Post by curiousgeo24 on Wed 15 Dec 2010, 1:53 pm

ok thks uploaded file is not valid

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

ok

Post by curiousgeo24 on Wed 15 Dec 2010, 2:51 pm

ok i downloaded ots from your site and got both filesOTL logfile created on: 12/14/2010 10:40:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\curiousgeorge\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.06 Gb Total Space | 530.70 Gb Free Space | 91.02% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.50 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 410.89 Gb Free Space | 88.22% Space Free | Partition Type: NTFS

Computer Name: CURIOUSGEORG-PC | User Name: curiousgeorge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/14 22:38:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\curiousgeorge\Downloads\OTL.exe
PRC - [2010/10/25 08:58:20 | 000,068,832 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/05/29 18:19:06 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/12/14 22:38:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\curiousgeorge\Downloads\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/08/16 22:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll
MOD - [2010/05/01 00:06:36 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/05/01 00:06:36 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/27 17:21:12 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/10/17 17:43:02 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/03/10 22:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/15 10:17:04 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/10/27 17:24:40 | 001,974,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 17:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/10/25 08:58:20 | 000,068,832 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
SRV - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/11 02:51:50 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/29 18:19:06 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/11/26 16:25:54 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/10/17 17:42:58 | 000,145,512 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/07/28 22:33:05 | 000,821,808 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/07/28 21:54:37 | 000,715,824 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1201000.025\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/07/28 21:54:37 | 000,040,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/07/22 16:13:26 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010/07/21 20:27:15 | 000,043,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2010/07/12 20:20:21 | 000,436,272 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2010/06/26 23:05:55 | 000,168,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/06/23 08:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/06/13 05:50:57 | 000,450,096 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/04/29 14:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/03/10 22:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/10 22:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 21:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/21 01:30:00 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/01/18 15:40:26 | 000,004,608 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/19 13:41:48 | 000,609,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2007/09/21 03:13:16 | 000,136,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2007/09/21 03:13:08 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/09/21 03:13:02 | 000,054,288 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/09/21 03:12:48 | 000,113,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2007/09/21 03:12:42 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010/12/10 10:02:03 | 001,790,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101214.024\EX64.SYS -- (NAVEX15)
DRV - [2010/12/10 10:02:03 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101214.024\ENG64.SYS -- (NAVENG)
DRV - [2010/11/22 21:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/08 19:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101213.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/10/31 14:00:30 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/07 12:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/26 13:11:03 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.9.6.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.8
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/11/26 16:29:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/11/26 16:25:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 10:24:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 10:24:41 | 000,000,000 | ---D | M]

[2010/11/05 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\curiousgeorge\AppData\Roaming\Mozilla\Extensions
[2010/12/14 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\curiousgeorge\AppData\Roaming\Mozilla\Firefox\Profiles\823okxev.default\extensions
[2010/11/07 11:28:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\curiousgeorge\AppData\Roaming\Mozilla\Firefox\Profiles\823okxev.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/05 17:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\curiousgeorge\AppData\Roaming\Mozilla\Firefox\Profiles\823okxev.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/12/10 12:59:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\curiousgeorge\AppData\Roaming\Mozilla\Firefox\Profiles\823okxev.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/05 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\curiousgeorge\AppData\Roaming\Mozilla\Firefox\Profiles\823okxev.default\extensions\autofillForms@blueimp.net
[2010/11/16 08:47:01 | 000,000,000 | ---D | M] -- C:\Users\curiousgeorge\AppData\Roaming\Mozilla\Firefox\Profiles\823okxev.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/11/05 18:52:39 | 000,000,000 | ---D | M] -- C:\Users\curiousgeorge\AppData\Roaming\Mozilla\Firefox\Profiles\823okxev.default\extensions\piclens@cooliris.com
[2010/12/10 10:25:03 | 000,002,470 | ---- | M] () -- C:\Users\curiousgeorge\AppData\Roaming\Mozilla\Firefox\Profiles\823okxev.default\searchplugins\safesearch.xml
[2010/11/15 15:08:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/15 15:08:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/15 15:08:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\curiousgeorge\Pictures\2008-10 (Oct)\Lydia's 2nd Birthday(6).jpg
O24 - Desktop BackupWallPaper: C:\Users\curiousgeorge\Pictures\2008-10 (Oct)\Lydia's 2nd Birthday(6).jpg
O27:64bit: - HKLM IFEO\regmech.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/12 21:11:50 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/12/12 21:11:50 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/12/12 21:11:50 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/12/12 21:11:49 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/12/12 21:11:48 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/12/12 21:11:35 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/12/12 21:11:35 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/12/12 21:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/12 21:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/12 16:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/12 16:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/12 16:12:36 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2010/12/12 16:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010/12/12 09:42:49 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010/12/11 16:21:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/11 16:15:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/11 16:15:15 | 000,000,000 | ---D | C] -- C:\Users\curiousgeorge\AppData\Local\temp
[2010/12/11 16:04:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/11 16:04:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/11 16:04:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/11 16:04:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/11 16:02:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/11 16:01:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/11 16:01:45 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/12/11 15:05:44 | 000,000,000 | ---D | C] -- C:\Users\curiousgeorge\AppData\Local\NPE
[2010/12/11 09:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/12/10 16:50:38 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/12/10 16:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/12/10 16:04:36 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2010/12/10 16:04:36 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2010/12/10 16:04:36 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2010/12/10 16:04:36 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2010/12/10 16:04:36 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2010/12/10 16:04:36 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2010/12/10 16:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2010/12/10 16:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/12/10 12:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MSNDynFiles
[2010/11/28 11:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/11/27 23:56:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
[2010/11/27 23:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/11/27 23:56:14 | 000,000,000 | ---D | C] -- C:\Users\curiousgeorge\AppData\Local\PackageAware
[2010/11/27 00:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Uninstaller 2010
[2010/11/26 16:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/11/26 16:05:31 | 000,381,384 | ---- | C] (Symantec Corporation) -- C:\Users\curiousgeorge\Documents\NISDownloader.exe
[2010/11/26 12:50:51 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010/11/26 12:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/11/25 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\curiousgeorge\AppData\Roaming\BitTorrent
[2010/11/24 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/11/24 21:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/11/20 14:32:50 | 000,000,000 | ---D | C] -- C:\Users\curiousgeorge\AppData\Roaming\WildTangent
[2010/11/15 15:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/15 15:08:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/15 15:08:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/15 15:08:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/01/21 01:30:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\curiousgeorge\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/12/14 21:47:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/14 21:47:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/14 18:07:34 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5FA4AB63-D95F-47DC-8EF7-2D9369CFD6F3}.job
[2010/12/14 17:53:19 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/14 17:53:19 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/14 17:53:19 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/14 17:47:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/14 15:00:07 | 000,000,578 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - curiousgeorge - Full System Scan.job
[2010/12/13 12:03:11 | 000,291,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/13 10:08:05 | 000,000,704 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - curiousgeorge.job
[2010/12/12 21:11:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/12/12 17:16:24 | 000,001,356 | ---- | M] () -- C:\Users\curiousgeorge\AppData\Local\d3d9caps.dat
[2010/12/12 16:22:16 | 000,001,123 | ---- | M] () -- C:\Users\curiousgeorge\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/12 09:38:24 | 000,000,036 | ---- | M] () -- C:\Users\curiousgeorge\AppData\Local\housecall.guid.cache
[2010/12/10 17:30:31 | 000,001,189 | ---- | M] () -- C:\Users\curiousgeorge\AppData\Roaming\vso_ts_preview.xml
[2010/12/10 11:13:02 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcuriousgeorge.job
[2010/12/10 10:52:47 | 000,105,984 | ---- | M] () -- C:\Users\curiousgeorge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/28 11:11:48 | 000,002,970 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/11/26 16:29:33 | 002,416,614 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Cat.DB
[2010/11/26 16:27:58 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/11/26 16:25:54 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/11/26 16:25:54 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/11/26 16:25:54 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/11/26 16:05:33 | 000,381,384 | ---- | M] (Symantec Corporation) -- C:\Users\curiousgeorge\Documents\NISDownloader.exe
[2010/11/26 12:48:16 | 000,000,846 | ---- | M] () -- C:\Users\curiousgeorge\Desktop\Sandboxed Web Browser.lnk
[2010/11/26 12:48:16 | 000,000,846 | ---- | M] () -- C:\Users\curiousgeorge\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/11/25 10:54:21 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/11/15 15:08:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/15 15:08:02 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/15 15:08:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/15 15:08:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

========== Files Created - No Company Name ==========

[2010/12/12 21:11:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/12/12 21:11:39 | 000,368,628 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Local\dd_vcredistMSI11DE.txt
[2010/12/12 21:11:38 | 000,011,466 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Local\dd_vcredistUI11DE.txt
[2010/12/12 16:22:16 | 000,001,123 | ---- | C] () -- C:\Users\curiousgeorge\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/12 09:38:24 | 000,000,036 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Local\housecall.guid.cache
[2010/12/11 16:04:58 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/11 16:04:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/11 16:04:58 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/11 16:04:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/11 16:04:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/10 16:04:37 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2010/11/26 19:25:24 | 000,000,846 | ---- | C] () -- C:\Users\curiousgeorge\Desktop\Sandboxed Web Browser.lnk
[2010/11/26 12:48:32 | 000,000,846 | ---- | C] () -- C:\Users\curiousgeorge\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/11/26 12:48:30 | 000,002,970 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/11/25 10:54:21 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/10/22 08:53:14 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/02 19:50:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/01 00:06:16 | 000,448,056 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Local\dd_vcredistMSI1D75.txt
[2010/05/01 00:06:15 | 000,015,354 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Local\dd_vcredistUI1D75.txt
[2010/05/01 00:05:43 | 000,438,236 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Local\dd_vcredistMSI1D09.txt
[2010/05/01 00:05:42 | 000,015,106 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Local\dd_vcredistUI1D09.txt
[2010/03/12 00:14:46 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/03/12 00:14:46 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/03/12 00:14:44 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/03/12 00:14:44 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/12 00:14:43 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010/03/12 00:14:41 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/03/10 16:14:40 | 000,000,130 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Roaming\default.rss
[2010/03/03 23:36:27 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2010/02/06 00:33:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/01/23 09:46:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/23 09:46:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/01/21 01:30:37 | 000,001,189 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Roaming\vso_ts_preview.xml
[2010/01/21 01:30:19 | 000,000,034 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Roaming\pcouffin.log
[2010/01/21 01:30:00 | 000,007,859 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Roaming\pcouffin.cat
[2010/01/21 01:30:00 | 000,001,167 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Roaming\pcouffin.inf
[2010/01/20 21:30:58 | 000,105,984 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 16:59:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/01/20 16:45:15 | 000,000,044 | ---- | C] () -- C:\Windows\EPR220.ini
[2010/01/20 15:22:18 | 000,000,760 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Roaming\setup_ldm.iss
[2010/01/20 14:12:14 | 000,001,356 | ---- | C] () -- C:\Users\curiousgeorge\AppData\Local\d3d9caps.dat
[2010/01/18 22:15:17 | 000,002,220 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/01/18 21:54:00 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2010/01/18 21:54:00 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2005/02/25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\EPSPTDV.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:1CE11B51
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:1F8C9007

< End of report >

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

#2

Post by curiousgeo24 on Wed 15 Dec 2010, 2:53 pm

OTL Extras logfile created on: 12/14/2010 10:40:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\curiousgeorge\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.06 Gb Total Space | 530.70 Gb Free Space | 91.02% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.50 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 410.89 Gb Free Space | 88.22% Space Free | Partition Type: NTFS

Computer Name: CURIOUSGEORG-PC | User Name: curiousgeorge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = DC C5 AB B1 47 9D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1854735086-1355566735-2606276583-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA1F13F-FFF2-4BD0-AC8B-FC4927A8DA12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{4B0E5DA1-3FC8-455A-96C1-04DE96975711}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{4B824C4E-5289-4C1E-B3E5-605857B92955}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{686C5921-990C-4B00-B36F-5A106C2BC77C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{754C43A6-17A6-49F2-BFE4-540E3B05FCEF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{7FD4544C-143E-4FA0-87DC-CF85D402F558}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{822B1BF3-8CB0-4B47-B568-4C4430F39374}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8663DC86-3269-4405-822E-6316865EB377}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8DD72E9A-CCFB-4BA0-AD8B-72EA35AFFBAC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{91328D0D-536A-46D8-9BB7-BD57CFFDB306}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{9392F8F4-0A78-4C2A-AA7D-BC4A0E21746D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{A3488058-B2DC-4715-9FEA-D77CDB5AF5B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B2918DA5-90BA-45A2-96BE-03C30BCF3593}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B4C11714-2302-43C7-A560-9F7A589E06ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{CC9D91F3-CA04-41C0-8536-D58F2ED3F819}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{D7C3FA7B-7149-4158-AD91-28665457E83B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{DF66741E-0781-4698-9AA9-5DE06C80E052}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{F7BC8648-2DAE-4712-A75E-8022C7D29C1D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{1D95A4AF-B4FE-45E5-1518-2A842BA83081}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9EA8213A-9080-C41F-2F85-8FF98374AB9F}" = ATI Catalyst Install Manager
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Sandboxie" = Sandboxie 3.50 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0019BCD5-6D1C-6B47-8214-A151D5FCFDDC}" = Catalyst Control Center Localization Thai
"{014A0EB1-C226-1CAF-7B72-49321CB0E9B3}" = CCC Help Hungarian
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0AF5BF1B-FFE1-2C85-FDDC-3A44EFD341EC}" = Catalyst Control Center Localization Italian
"{0BB291F1-BEBA-2530-990B-863B206B1F8A}" = Catalyst Control Center Localization German
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{114C3B4C-CA35-1027-B126-F10DAB0F20B7}" = CCC Help Norwegian
"{11908571-96AB-2B21-EDBE-7852B087E925}" = Catalyst Control Center Localization Portuguese
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1EABDDCB-B788-4FD2-BA76-23472D8DD1D6}" = EPSON Easy Photo Print
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{23C7264E-BAA0-73B7-0B7C-BA1CCA40F438}" = CCC Help Chinese Standard
"{23D2AA7C-FFB2-3271-7568-58D9CE58598F}" = CCC Help German
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25468ED2-C4F8-C7EB-5CDB-20D934D6A1F9}" = CCC Help French
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{277AF855-DF15-BDCA-D570-5B94C5371201}" = CCC Help Polish
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2BEC7DA6-3455-5674-4A0E-09A6777A2C25}" = Catalyst Control Center Localization Dutch
"{2CC86F66-6C15-3D00-F05E-830846CF2393}" = CCC Help Turkish
"{2DDB9835-EE7B-FF38-084C-EBB81710A5FB}" = Catalyst Control Center Graphics Previews Vista
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35BEB65B-B67C-C104-CE7E-56D71378822D}" = Catalyst Control Center Localization Swedish
"{36D76EB0-F8A6-BD4A-A3C9-B07BE72FF6CD}" = Catalyst Control Center Graphics Full New
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{3B7AD0B6-B25D-EB03-5657-E9B3ECBC3C28}" = Catalyst Control Center Graphics Light
"{3C9DDCA5-D9EF-B431-B7E8-3B2286E92FEE}" = Catalyst Control Center Core Implementation
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{441BA798-953E-1FF2-F9B8-7D1BED5E3278}" = CCC Help Chinese Traditional
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C074190-CE6F-1960-F8BC-B00CF700CAA4}" = Catalyst Control Center Localization Korean
"{4DDF7B07-6CC5-CEE9-CA52-E95F8547EBC0}" = Catalyst Control Center Localization Greek
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56B74948-05CA-C84D-307C-A578F98DAF33}" = Catalyst Control Center Localization Japanese
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{590129B0-8CBD-0C3D-55C6-693C5C910A53}" = Catalyst Control Center Graphics Full Existing
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{60706F47-9AD7-59C5-2BFF-A747086FE30B}" = Catalyst Control Center Localization Finnish
"{607576AD-A631-77DE-3D8C-3FBA257962D0}" = Skins
"{61B8FF9A-E7A4-0500-34C9-2A218825F09C}" = Catalyst Control Center InstallProxy
"{61E1C6E3-1793-2F66-B14D-E8899F8F36D7}" = Catalyst Control Center Localization Turkish
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F058B03-40A6-3023-ACE4-C031CB5F51E6}" = CCC Help Portuguese
"{6F1D0A3C-3E04-3E6D-2286-1B1900777555}" = Catalyst Control Center Localization Chinese Standard
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C0B4269-EFF1-FE99-2298-B5752BBCD1CE}" = Catalyst Control Center Graphics Previews Common
"{815E4EFD-6A9C-50F5-3C7B-DD5984BF1CBB}" = Catalyst Control Center Localization Danish
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8D8637C8-BD8F-71AF-1E15-B4104FDFF6A9}" = CCC Help Japanese
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E3A383E-0AF0-97F3-3FFF-E466DFDD302B}" = CCC Help Greek
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A068D32D-D140-40CE-9E8D-2F7563066A6D}" = Catalyst Control Center - Branding
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A40DD5A8-B549-126F-DEDE-2A0DD11342F0}" = CCC Help Danish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B03DF1CE-9964-0BCB-A53E-9ABE88B17F60}" = Catalyst Control Center Localization Spanish
"{B04F82E0-C4F2-58B3-C799-FAC82F6F88C1}" = CCC Help Russian
"{B0516082-BA15-2ACC-A354-0CA22CFE4CF9}" = CCC Help Spanish
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B3891007-20E0-83BB-93F8-3062A2ED39EB}" = CCC Help Italian
"{B3DA638A-7AC7-4202-C489-898D8A5AE48B}" = CCC Help Dutch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B593E002-4F0A-2537-AF4D-59C371FCE60F}" = CCC Help Finnish
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9CB4A55-002A-5FC0-DF39-A5D5FF2F036D}" = Catalyst Control Center Localization French
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C485E0AA-2176-835B-8555-C08002E8517B}" = Catalyst Control Center Localization Norwegian
"{C948C303-C151-B075-DDD6-F69B963B70EF}" = Catalyst Control Center Localization Russian
"{C9E04998-234A-4ACE-6C91-30F7E8EA735D}" = Catalyst Control Center Localization Polish
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCB5EE8A-8DE8-E4E2-1D3D-31C9CC3519C9}" = Catalyst Control Center Localization Chinese Traditional
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{D2299355-97DE-1DBC-98EB-C5F2357F874C}" = Catalyst Control Center Localization Hungarian
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2C6274D-C3C0-0C1B-5E79-B94843622343}" = Catalyst Control Center Localization Czech
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D330B524-FC79-40CC-9886-23738AFBB40B}" = HP RC Mirror Driver
"{D78C15E3-7648-A466-651C-FB618B3659AD}" = CCC Help Korean
"{D814B1DF-E73D-46B5-B2D2-2C75F82B27FE}" = muvee autoProducer 6.1
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC2A30B7-030B-6842-C5D5-AE3D5E7B8ECC}" = ccc-core-static
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF18DFB5-A9CC-1A17-9861-2187C1265CD4}" = CCC Help Swedish
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E9DA117D-B2B8-9F7D-DBD7-FF2A730FBB8A}" = CCC Help Czech
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDC5251B-4139-1DAE-8CCC-20AAC4E5422E}" = CCC Help Thai
"{FF063B2A-19DB-C210-C06D-8BBECD7D45B4}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"avast5" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"HP Photo Creations" = HP Photo Creations
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IObit Security 360_is1" = IObit Security 360
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSNINST" = MSN
"NIS" = Norton Internet Security
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PowerISO" = PowerISO
"Registry Mechanic_is1" = Registry Mechanic 10.0
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR" = WinRAR
"YU2010_is1" = Your Uninstaller! 2010

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2010 5:53:56 PM | Computer Name = curiousgeorg-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/10/2010 6:53:44 PM | Computer Name = curiousgeorg-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/10/2010 6:57:28 PM | Computer Name = curiousgeorg-PC | Source = EventSystem | ID = 4609
Description =

Error - 12/10/2010 6:58:34 PM | Computer Name = curiousgeorg-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/10/2010 7:00:38 PM | Computer Name = curiousgeorg-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Users\curiousgeorge\Desktop\APPS\Security\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 12/10/2010 9:34:16 PM | Computer Name = curiousgeorg-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/11/2010 9:37:17 AM | Computer Name = curiousgeorg-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Users\curiousgeorge\Desktop\APPS\Security\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 12/11/2010 9:59:27 AM | Computer Name = curiousgeorg-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/11/2010 10:00:28 AM | Computer Name = curiousgeorg-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Users\curiousgeorge\Desktop\APPS\Security\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 12/11/2010 10:00:32 AM | Computer Name = curiousgeorg-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Users\curiousgeorge\Desktop\APPS\Security\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

[ System Events ]
Error - 12/14/2010 6:31:24 PM | Computer Name = curiousgeorg-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 12/14/2010 6:32:56 PM | Computer Name = curiousgeorg-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/14/2010 6:32:56 PM | Computer Name = curiousgeorg-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/14/2010 6:46:26 PM | Computer Name = curiousgeorg-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/14/2010 6:47:02 PM | Computer Name = curiousgeorg-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/14/2010 6:47:05 PM | Computer Name = curiousgeorg-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/14/2010 6:47:13 PM | Computer Name = curiousgeorg-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/14/2010 6:47:19 PM | Computer Name = curiousgeorg-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 12/14/2010 6:48:50 PM | Computer Name = curiousgeorg-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/14/2010 6:48:51 PM | Computer Name = curiousgeorg-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

Re: security highjack(email hacked)

Post by Belahzur on Thu 16 Dec 2010, 11:02 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

ok

Post by curiousgeo24 on Thu 16 Dec 2010, 12:18 pm

ok,

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

Re: security highjack(email hacked)

Post by Belahzur on Thu 16 Dec 2010, 12:28 pm

Hello.
Your MBAM is way out of date.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

ok

Post by curiousgeo24 on Thu 16 Dec 2010, 1:53 pm

ok

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

Re: security highjack(email hacked)

Post by Belahzur on Fri 17 Dec 2010, 10:26 am

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

ok

Post by curiousgeo24 on Fri 17 Dec 2010, 11:41 am

I dont know where to copy and paste,combofix just started running.here it is

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

this to?

Post by curiousgeo24 on Fri 17 Dec 2010, 11:55 am

Ithink you wanted this to

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

Re: security highjack(email hacked)

Post by Belahzur on Fri 17 Dec 2010, 12:23 pm

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

You are running two antivirus', I see from the uninstall list you have Norton installed, along with Avast. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Norton to avoid conflict and other future problems.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following programs:

    BitTorrent
    Norton Internet Security
    Registry Mechanic 10.0

  • Click on the Uninstall/Change button at the top.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

done

Post by curiousgeo24 on Fri 17 Dec 2010, 11:43 pm

Eset found nothing and i dont have the file i most have uninstalled it.Do you still need it?.thks for the advice and help

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

Re: security highjack(email hacked)

Post by Belahzur on Sat 18 Dec 2010, 9:56 am

Nope, if ESET says everything is fine, then you should be good to go.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

thks

Post by curiousgeo24 on Sat 18 Dec 2010, 1:25 pm

Thank you for the help

curiousgeo24

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-12-15
Operating System : vista

View user profile

Back to top Go down

Re: security highjack(email hacked)

Post by Sponsored content Today at 11:23 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum