How to remove StartPins? [Solved]

Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

2 Pages

1 2 >

How to remove StartPins? [Solved]

Options

LuckyStar View Member Profile	Sep 24 2012, 07:16 PM Post #1
New Member Group: Authentic Member Posts: 10 Joined: 24-September 12 Member No.: 101,310 Operating System: Window Vista	I have an unwanted search engine(startpins) that has sneaked in with another download. I don't know how to remove it! I had tried Malwarebytes, Anvi Smart Defender, and SpyHunter4 nothing is working. Can anyone please tell me how to remove this unwanted search engine? Thankyou!!!

jeffce View Member Profile	Sep 25 2012, 08:44 AM Post #3
Super Saiyan Group: Malware Team Posts: 7,193 Joined: 18-November 10 From: The Hyperbolic Time Chamber Member No.: 95,070 Operating System: Dual Boot Windows Vista and Ubuntu	Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following: The fixes are specific to your problem and should only be used for the issues on this machine. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it. IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so. DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data. Having said that....Let's get going!! ---------- Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2 Note: It is important that it is saved directly to your desktop If you get a message saying "*Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer. -------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here -------------------------------------------------------------------- Right-Click and Run as Administrator on ComboFix.exe* & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review.

LuckyStar View Member Profile	Sep 26 2012, 10:52 AM Post #4
New Member Group: Authentic Member Posts: 10 Joined: 24-September 12 Member No.: 101,310 Operating System: Window Vista	Hi Jeff! Thankyou for helping me! I did what you told me to do and here's the C:\ComboFix.txt : ComboFix 12-09-26.01 - Pisces223 09/26/2012 11:55:51.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2035.691 [GMT -4:00] Running from: c:\users\FHCUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTT8NYVB\ComboFix.exe AV: AVG Internet Security 2013 Disabled/Updated {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials Disabled/Updated {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} FW: AVG Internet Security 2013 Enabled {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG Internet Security 2013 Disabled/Updated {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials Disabled/Updated {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\BasicScan c:\program files\BasicScan\uninstall.exe c:\program files\Common Files\Tencent\Paycenter c:\program files\Common Files\Tencent\Paycenter\qqcert.dll c:\program files\Common Files\Tencent\Paycenter\qqedit.dll c:\programdata\440ec7cfcbdc0e2d45cf67b054d59bd6_c c:\programdata\BasicScan . . ((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 ))))))))))))))))))))))))))))))) . . 2012-09-26 16:11 . 2012-09-26 16:11 -------- d-----w- c:\users\FHCUser\AppData\Local\temp 2012-09-26 16:11 . 2012-09-26 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-26 15:47 . 2012-09-26 15:47 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD73100C-1416-4F2C-8E1F-48B2D5CCDB0E}\MpKsl60ca50a6.sys 2012-09-25 14:48 . 2012-09-25 14:48 -------- d-----w- c:\users\FHCUser\AppData\Local\MFAData 2012-09-25 00:18 . 2012-09-25 00:18 -------- d-----w- c:\program files\Enigma Software Group 2012-09-25 00:16 . 2012-09-25 02:09 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP 2012-09-25 00:16 . 2012-09-25 00:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-09-24 03:02 . 2012-09-24 03:02 -------- d-----w- c:\users\Public\Anvisoft 2012-09-24 02:59 . 2012-09-25 02:08 -------- d-----w- c:\users\FHCUser\AppData\Roaming\Anvisoft 2012-09-24 02:57 . 2012-09-24 02:57 -------- d-----w- c:\programdata\Anvisoft 2012-09-24 00:15 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-22 21:02 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax 2012-09-22 21:02 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll 2012-09-22 21:02 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll 2012-09-22 20:58 . 2012-09-22 20:58 -------- d-----w- c:\users\FHCUser\.bitrock 2012-09-20 17:44 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-20 17:42 . 2012-09-20 17:42 -------- d-----w- c:\program files\iPod 2012-09-20 17:42 . 2012-09-20 17:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-20 17:42 . 2012-09-20 17:44 -------- d-----w- c:\program files\iTunes 2012-09-17 22:58 . 2012-09-17 22:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-09-14 09:34 . 2012-09-14 09:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-09-12 15:47 . 2012-09-12 15:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-09-12 15:47 . 2012-09-12 15:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-09-01 01:10 . 2012-09-01 01:10 -------- d-----w- c:\program files\Common Files\Java 2012-09-01 01:10 . 2012-09-01 01:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-07 21:04 . 2011-02-08 03:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-01 01:09 . 2012-07-27 03:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-01 01:09 . 2012-07-27 03:08 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 20:54 . 2012-04-05 02:45 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-28 20:54 . 2011-05-23 15:30 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-21 17:01 . 2011-03-17 17:20 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2012-08-13 20:40 . 2012-08-13 20:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2012-08-10 08:52 . 2012-08-10 08:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-08-10 08:52 . 2012-08-10 08:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-08-09 17:56 . 2012-08-09 17:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-07-04 14:02 . 2012-08-15 03:16 2047488 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-09-25 15:00 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-25 1734240] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\FHCUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\FHCUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\FHCUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-25 947808] "ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-25 856160] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallati...r=9.0.872" [?] . c:\users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\FHCUser\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\e:\0autocheck autochk \0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2008-12-21 16:48 200704 ----a-w- c:\program files\DellTPad\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2009-01-20 19:36 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-02-21 15:57 136176 ----atw- c:\users\FHCUser\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-09-07 21:04 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2010-05-10 18:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-06-16 15:27 13793824 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey] 2009-06-16 15:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-06-16 15:27 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-06-11 03:59 1657376 ----a-w- c:\windows\System32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2011-05-18 13:25 22631608 ----a-w- c:\program files\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-04-02 21:33 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher] 2012-04-22 13:58 724536 ----a-w- c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2009-02-23 15:08 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1920104009-661548430-2577745447-1000] "EnableNotificationsRef"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe [x] . . --- Other Services/Drivers In Memory --- . NewlyCreated* - AVGIDSHX NewlyCreated - MPKSL60CA50A6 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:54] . 2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000Core.job - c:\users\FHCUser\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 15:57] . 2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000UA.job - c:\users\FHCUser\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 15:57] . 2012-09-25 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2012-08-09 20:53] . 2012-09-04 c:\windows\Tasks\hpwebreg_CN19G410M305HX.job - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-11-17 01:16] . 2012-05-14 c:\windows\Tasks\User_Feed_Synchronization-{63845E0A-F6BC-4C8C-BCCA-F5876682FD59}.job - c:\windows\system32\msfeedssync.exe [2012-05-12 17:37] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll . . ------- File Associations ------- . txtfile=c:\windows\notepad.exe %1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Xvid - c:\program files\Xvid\CheckUpdate.exe HKCU-Run-Anvi_CSB - c:\program files\Anvisoft\Cloud System Booster\CSBMini.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe MSConfigStartUp-PPAP - c:\program files\Common Files\PPLiveNetwork\PPAP.exe MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-26 12:11 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2012-09-26 12:17:07 ComboFix-quarantined-files.txt 2012-09-26 16:17 . Pre-Run: 103,054,282,752 bytes free Post-Run: 103,456,358,400 bytes free . - - End Of File - - CD24557A23C35E45E5D6F82911DDE763 After my friend went to an website watching a video and she downloaded Xvid that's when I got the "StartPins" on my search engine and it drives me nuts when I wanted google to be my main search engine. I don't know is that a virus or not but I wanted it to be remove! Thankyou so much!

jeffce View Member Profile	Sep 26 2012, 11:54 AM Post #5
Super Saiyan Group: Malware Team Posts: 7,193 Joined: 18-November 10 From: The Hyperbolic Time Chamber Member No.: 95,070 Operating System: Dual Boot Windows Vista and Ubuntu	Hi, What browsers are you noticing this happening in?

LuckyStar View Member Profile	Sep 26 2012, 01:48 PM Post #6
New Member Group: Authentic Member Posts: 10 Joined: 24-September 12 Member No.: 101,310 Operating System: Window Vista	I only have Internet Explorer and Google Chrome. It only happens on Internet Explorer.

jeffce View Member Profile	Sep 26 2012, 04:19 PM Post #7
Super Saiyan Group: Malware Team Posts: 7,193 Joined: 18-November 10 From: The Hyperbolic Time Chamber Member No.: 95,070 Operating System: Dual Boot Windows Vista and Ubuntu	Hi, I notice that you have both AVG and Microsoft Security Essentials running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either AVG or Microsoft Security Essentials (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble. ---------- *OTL* Download OTL to your desktop. Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Select All Users When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in netsvcs /md5start consrv.dll explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop CREATERESTOREPOINT Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in. ----------

jeffce View Member Profile	Sep 26 2012, 05:53 PM Post #9
Super Saiyan Group: Malware Team Posts: 7,193 Joined: 18-November 10 From: The Hyperbolic Time Chamber Member No.: 95,070 Operating System: Dual Boot Windows Vista and Ubuntu	Hi, Run OTL.exe Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL QUOTE :Services :OTL IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/http://facebook.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 07 27 59 B5 43 CA 01 [binary data] IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...amp;FORM=IE8SRC IE - HKCU\..\SearchScopes\{9E209B9C-5F98-472A-A916-CADEAF123220}: "URL" = http://www.google.com/search?q={searchTerm...age={startPage} [1 C:\Windows\.tmp files -> C:\Windows\.tmp -> ] [1 C:\Users\FHCUser\Desktop\.tmp files -> C:\Users\FHCUser\Desktop\.tmp -> ] :Files ipconfig /flushdns /c :Commands [emptytemp] [resethosts] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time ) ----------

LuckyStar View Member Profile	Sep 27 2012, 09:15 AM Post #10
New Member Group: Authentic Member Posts: 10 Joined: 24-September 12 Member No.: 101,310 Operating System: Window Vista	Hi Jeff! Here's what I got after putting the stuff you want me to put it in the Custom Scan box: All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope\| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP\| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E209B9C-5F98-472A-A916-CADEAF123220}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E209B9C-5F98-472A-A916-CADEAF123220}\ not found. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCall.dll deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla.dll deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla17.dll deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla18.exe deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla19.dll deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla2.dll deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla20.dll deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla21.dll deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla21.exe deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseData.ini deleted successfully. C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP folder deleted successfully. C:\Users\FHCUser\Desktop\~WRL2806.tmp deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\FHCUser\Desktop\cmd.bat deleted successfully. C:\Users\FHCUser\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: FHCUser ->Temp folder emptied: 6457088 bytes ->Temporary Internet Files folder emptied: 698695305 bytes ->Java cache emptied: 1387974 bytes ->Google Chrome cache emptied: 217381004 bytes ->Flash cache emptied: 5379391 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 548169 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 887.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.68.0 log created on 09272012_104007 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Then you tell me to Run the Scan and here's what I get: OTL logfile created on: 9/27/2012 10:55:06 AM - Run 2 OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\FHCUser\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.99 Gb Total Physical Memory \| 1.09 Gb Available Physical Memory \| 54.79% Memory free 4.21 Gb Paging File \| 3.24 Gb Available in Paging File \| 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 149.01 Gb Total Space \| 96.47 Gb Free Space \| 64.74% Space Free \| Partition Type: NTFS Computer Name: NUDB3F-LISLIQ \| User Name: Pisces223 \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\FHCUser\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\FHCUser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe (Tencent) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (TSUSVC) -- C:\Program Files\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe (Tencent) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation) SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (alssvc) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (catchme) -- C:\Users\FHCUser\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.) DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation) DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation) DRV - (CCIDFILTER) -- C:\Windows\System32\drivers\ccidflt.sys (Broadcom Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (PBADRV) -- C:\Windows\System32\drivers\PBADRV.sys (Dell Inc) DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={5C04885...mp;d=2012-09-25 11:00:23&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Qzone\bin\QQPhotoDrawEx\npQQPhotoDrawEx.dll () FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll (Tencent) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\FHCUser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\FHCUser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/06/29 22:49:14 \| 000,000,000 \| ---D \| M] [2012/09/23 22:42:10 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/22 18:10:27 \| 000,466,944 \| ---- \| M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012/06/20 12:56:43 \| 000,091,584 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/06/20 12:56:44 \| 000,091,584 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll ========== Chrome ========== CHR - homepage: http://learn.fhchs.edu/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g oogle:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://learn.fhchs.edu/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Chrome\Application\21.0.1180.89\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Google Update (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Entanglement = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: Default = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\ CHR - Extension: Poppit = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: AVG Secure Search = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\ O1 HOSTS File: ([2012/09/27 10:45:46 \| 000,000,098 \| ---- \| M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\FHCUser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB15AF5-D6C5-487A-9C28-0841164DF72E}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 \| 000,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/09/27 10:40:07 \| 000,000,000 \| ---D \| C] -- C:\_OTL [2012/09/27 08:54:38 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{345F2A7D-56BA-41BA-8A0A-E16663F963D8} [2012/09/26 19:11:59 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Users\FHCUser\Desktop\OTL.exe [2012/09/26 18:56:45 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\Avg2013 [2012/09/26 12:17:22 \| 000,000,000 \| -HSD \| C] -- C:\$RECYCLE.BIN [2012/09/26 12:17:10 \| 000,000,000 \| ---D \| C] -- C:\Windows\temp [2012/09/26 12:17:10 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\temp [2012/09/26 11:52:43 \| 000,518,144 \| ---- \| C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/09/26 11:52:43 \| 000,060,416 \| ---- \| C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/09/26 11:52:42 \| 000,406,528 \| ---- \| C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/09/26 11:52:29 \| 000,000,000 \| ---D \| C] -- C:\ComboFix [2012/09/26 11:47:38 \| 000,000,000 \| ---D \| C] -- C:\Qoobox [2012/09/26 11:45:54 \| 000,000,000 \| ---D \| C] -- C:\Windows\erdnt [2012/09/26 11:36:11 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{9EC2D76D-9D55-484A-B11C-3832979FFFD7} [2012/09/25 11:00:57 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Roaming\TuneUp Software [2012/09/25 10:54:51 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\AVG2013 [2012/09/25 10:48:08 \| 000,000,000 \| -H-D \| C] -- C:\ProgramData\Common Files [2012/09/25 10:48:07 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\MFAData [2012/09/25 10:48:07 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\MFAData [2012/09/25 10:39:08 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{C66FEC18-F4F9-4346-85A0-54F77B76C511} [2012/09/24 20:18:03 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Enigma Software Group [2012/09/24 20:16:23 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012/09/24 20:06:03 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{004819D5-2C5E-4004-881E-ED5981B4B059} [2012/09/24 09:38:33 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{45B104C5-B21A-4790-8B29-2B25ED762C81} [2012/09/23 22:59:13 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Roaming\Anvisoft [2012/09/23 22:57:56 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft [2012/09/23 22:57:55 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Anvisoft [2012/09/23 11:42:06 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{EAD4B6DA-356E-48D2-90CC-75ACDA445883} [2012/09/22 16:58:04 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\.bitrock [2012/09/22 13:53:56 \| 002,382,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/09/22 13:53:53 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/09/22 13:53:53 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/09/22 13:53:53 \| 000,065,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/09/22 13:53:52 \| 000,607,744 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/09/22 13:53:48 \| 001,800,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/09/22 13:53:48 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/09/22 13:53:43 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/09/22 13:31:51 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{8DA4A869-4904-464E-BE1D-139B56A11A05} [2012/09/21 09:40:57 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{02315B08-9C62-4BBF-86A1-129773DEF592} [2012/09/20 13:44:43 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/09/20 13:42:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iPod [2012/09/20 13:42:24 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2012/09/20 13:42:24 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/20 11:42:48 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{63F41B6D-C045-4490-A5FD-5A19CF57A9E3} [2012/09/19 10:12:48 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{075F5F5F-3384-442C-8B74-B712A0C4E4C5} [2012/09/18 11:10:18 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{6F0C8F1F-5C4D-4A15-855A-376032CC33C6} [2012/09/17 11:25:26 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{3BE9A2F6-224C-408F-9184-E30167EF4FDC} [2012/09/16 23:00:57 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{379D2163-3046-464A-84E1-8963864EF3C7} [2012/09/16 11:00:28 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{955A67D5-149C-48A8-9488-47674297BFFF} [2012/09/15 15:43:16 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{A2033994-0A21-49F6-A4F6-30C47B5A8CC4} [2012/09/15 11:54:22 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{9CB270AE-CE8D-4A72-B001-6A77366F7C22} [2012/09/14 11:58:37 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{E92EBF7A-B925-4FD9-B8FA-33FB5D93477A} [2012/09/11 14:44:43 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{9B8F3026-518E-4DE9-92E4-18D9B10F28D9} [2012/09/11 14:41:39 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{A910F6A1-AB76-4B15-B83E-5369CED3FCF5} [2012/09/09 11:42:21 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{3A60DA9E-ADEA-4B00-BA8E-FE1446768608} [2012/09/08 12:47:57 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{45F89EF0-DD8E-4339-BBBD-0F7EC8CC579E} [2012/09/07 21:36:30 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{BF5F90C8-77B6-4D42-9CD9-38B26B059EDC} [2012/09/07 09:36:18 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{ABC9EFAE-7FB2-4338-BB0C-4844354E4C3E} [2012/09/06 10:52:59 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{8523C6F6-FF5A-49C1-A24A-9A1124C01599} [2012/09/05 14:09:13 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{BA822DEE-58B2-43A7-A0AA-748AEA5B1204} [2012/09/04 12:26:11 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{E3E0AF34-3155-46A7-9405-C0073346C6DE} [2012/09/03 12:58:25 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{06DDAC56-81A3-4A6D-952D-A29A4C188A4B} [2012/09/01 15:32:34 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{16E07474-6BCF-4F34-9CDE-25A4D6CA7D8B} [2012/08/31 22:36:23 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{BDE871B0-4FF8-460E-8133-C515C0460194} [2012/08/31 21:10:48 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Java [2012/08/31 21:10:26 \| 000,246,760 \| ---- \| C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/08/31 21:10:07 \| 000,174,056 \| ---- \| C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/08/31 21:10:07 \| 000,174,056 \| ---- \| C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/08/31 21:10:07 \| 000,093,672 \| ---- \| C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012/08/31 10:36:10 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{10440400-2E2F-49B2-9AB1-451C2C1A1B8F} [2012/08/30 22:33:08 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{2A4C768A-5104-4178-AC91-A09C82E26FA4} [2012/08/30 10:32:39 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{E86DCDC5-8908-4459-80A9-AB055C2FA739} [2012/08/29 22:12:56 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{794AB9DB-638A-456F-9C29-9F26D672A8D1} [2012/08/29 10:12:31 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{F173730F-F7E3-4757-B88D-DCD0ECE19A62} [2012/08/28 16:51:39 \| 000,000,000 \| ---D \| C] -- C:\Users\FHCUser\AppData\Local\{5EDD0EDD-DB11-46EB-BAA4-E80C849DD568} ========== Files - Modified Within 30 Days ========== [2012/09/27 10:56:27 \| 000,609,756 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2012/09/27 10:56:27 \| 000,106,264 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2012/09/27 10:53:29 \| 000,065,131 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2012/09/27 10:53:29 \| 000,065,131 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2012/09/27 10:50:51 \| 000,003,712 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/27 10:50:51 \| 000,003,712 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/27 10:50:31 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/09/27 10:49:35 \| 000,001,076 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2012/09/27 10:45:46 \| 000,000,098 \| ---- \| M] () -- C:\Windows\System32\drivers\etc\Hosts [2012/09/27 10:27:00 \| 000,000,920 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000UA.job [2012/09/27 10:21:15 \| 000,000,830 \| ---- \| M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/27 10:19:01 \| 000,000,346 \| ---- \| M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012/09/26 20:46:47 \| 000,055,296 \| ---- \| M] () -- C:\Users\FHCUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/09/26 19:11:59 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\FHCUser\Desktop\OTL.exe [2012/09/26 13:41:21 \| 000,002,487 \| ---- \| M] () -- C:\Users\Public\Desktop\ReachTest .lnk [2012/09/26 12:27:00 \| 000,000,868 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000Core.job [2012/09/24 21:25:07 \| 000,000,512 \| ---- \| M] () -- C:\Users\FHCUser\Desktop\MBR.dat [2012/09/23 23:11:50 \| 000,002,198 \| ---- \| M] () -- C:\Windows\epplauncher.mif [2012/09/22 16:38:36 \| 000,000,906 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/20 13:44:43 \| 000,001,664 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/09 16:59:22 \| 050,328,581 \| ---- \| M] () -- C:\Users\FHCUser\Desktop\Kaplan Free Practice Test Event.mp3 [2012/09/09 16:41:05 \| 004,563,102 \| ---- \| M] () -- C:\Users\FHCUser\Desktop\NCLEX-Practice-Test-Explanations.pdf [2012/09/07 17:04:46 \| 000,022,856 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/04 18:28:38 \| 000,002,052 \| ---- \| M] () -- C:\Users\FHCUser\Desktop\Google Chrome.lnk [2012/09/04 18:28:38 \| 000,002,014 \| ---- \| M] () -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/09/04 15:07:07 \| 000,000,828 \| ---- \| M] () -- C:\Windows\tasks\hpwebreg_CN19G410M305HX.job [2012/08/31 21:09:45 \| 000,093,672 \| ---- \| M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012/08/31 21:09:39 \| 000,246,760 \| ---- \| M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/08/31 21:09:39 \| 000,174,056 \| ---- \| M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/08/31 21:09:38 \| 000,174,056 \| ---- \| M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/08/31 21:09:37 \| 000,821,736 \| ---- \| M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012/08/31 21:09:36 \| 000,746,984 \| ---- \| M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012/08/28 16:54:29 \| 000,696,520 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/08/28 16:54:28 \| 000,073,416 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/09/26 11:52:43 \| 000,256,000 \| ---- \| C] () -- C:\Windows\PEV.exe [2012/09/26 11:52:43 \| 000,208,896 \| ---- \| C] () -- C:\Windows\MBR.exe [2012/09/26 11:52:43 \| 000,098,816 \| ---- \| C] () -- C:\Windows\sed.exe [2012/09/26 11:52:43 \| 000,080,412 \| ---- \| C] () -- C:\Windows\grep.exe [2012/09/26 11:52:43 \| 000,068,096 \| ---- \| C] () -- C:\Windows\zip.exe [2012/09/24 21:25:07 \| 000,000,512 \| ---- \| C] () -- C:\Users\FHCUser\Desktop\MBR.dat [2012/09/22 17:02:05 \| 000,645,632 \| ---- \| C] () -- C:\Windows\System32\xvidcore.dll [2012/09/22 17:02:05 \| 000,153,088 \| ---- \| C] () -- C:\Windows\System32\xvid.ax [2012/09/22 17:02:04 \| 000,240,640 \| ---- \| C] () -- C:\Windows\System32\xvidvfw.dll [2012/09/20 13:44:43 \| 000,001,664 \| ---- \| C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/09 16:45:44 \| 050,328,581 \| ---- \| C] () -- C:\Users\FHCUser\Desktop\Kaplan Free Practice Test Event.mp3 [2012/09/09 16:40:58 \| 004,563,102 \| ---- \| C] () -- C:\Users\FHCUser\Desktop\NCLEX-Practice-Test-Explanations.pdf [2012/08/05 14:05:02 \| 000,000,057 \| ---- \| C] () -- C:\ProgramData\Ament.ini [2012/06/11 16:52:12 \| 000,000,000 \| ---- \| C] () -- C:\Windows\LiveUpdate.INI [2012/05/25 16:31:58 \| 000,003,654 \| ---- \| C] () -- C:\Windows\System32\drivers\Sonyhcp.dll [2011/11/17 15:38:07 \| 000,000,418 \| RHS- \| C] () -- C:\ProgramData\ntuser.pol [2009/08/30 20:13:07 \| 000,055,296 \| ---- \| C] () -- C:\Users\FHCUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/17 00:12:16 \| 005,716,952 \| ---- \| C] () -- C:\Users\FHCUser\AppData\Local\Windows6.0-KB942567-x86.msu [2009/04/16 23:57:21 \| 000,065,131 \| ---- \| C] () -- C:\ProgramData\nvModes.001 [2009/04/16 23:13:48 \| 000,065,131 \| ---- \| C] () -- C:\ProgramData\nvModes.dat [2009/04/16 21:55:18 \| 000,000,680 \| ---- \| C] () -- C:\Users\FHCUser\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 08:54:18 \| 000,000,227 \| RHS- \| M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 \| 011,586,048 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 \| 000,614,912 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 \| 000,347,648 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2012/09/27 10:25:27 \| 000,016,606 \| ---- \| M] ()(C:\Users\FHCUser\Desktop\??1.docx) -- C:\Users\FHCUser\Desktop\名單1.docx [2012/09/27 09:02:40 \| 000,016,606 \| ---- \| C] ()(C:\Users\FHCUser\Desktop\??1.docx) -- C:\Users\FHCUser\Desktop\名單1.docx [2012/09/26 23:01:16 \| 000,015,759 \| ---- \| M] ()(C:\Users\FHCUser\Desktop\??.docx) -- C:\Users\FHCUser\Desktop\名單.docx [2012/09/26 22:23:11 \| 000,015,759 \| ---- \| C] ()(C:\Users\FHCUser\Desktop\??.docx) -- C:\Users\FHCUser\Desktop\名單.docx [2012/09/24 09:41:47 \| 000,000,000 \| ---D \| M](C:\Users\FHCUser\Desktop\?? - ???) -- C:\Users\FHCUser\Desktop\爸爸 - 工程單 [2012/09/07 23:00:25 \| 000,000,000 \| ---D \| M](C:\Users\FHCUser\Desktop\????? (3)) -- C:\Users\FHCUser\Desktop\新建文件夹 (3) [2012/09/07 22:43:53 \| 000,000,000 \| ---D \| C](C:\Users\FHCUser\Desktop\????? (3)) -- C:\Users\FHCUser\Desktop\新建文件夹 (3) [2012/08/11 18:26:23 \| 000,000,888 \| ---- \| M] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\美图秀秀.lnk [2012/08/11 18:26:23 \| 000,000,864 \| ---- \| M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk [2012/08/08 13:25:52 \| 000,000,000 \| ---D \| C](C:\Users\FHCUser\Desktop\?? - ???) -- C:\Users\FHCUser\Desktop\爸爸 - 工程單 [2012/06/23 14:02:28 \| 000,000,956 \| ---- \| M] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk [2012/06/23 14:02:28 \| 000,000,956 \| ---- \| C] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk [2012/06/23 14:02:28 \| 000,000,932 \| ---- \| M] ()(C:\Users\Public\Desktop\QQ??.lnk) -- C:\Users\Public\Desktop\QQ音乐.lnk [2012/06/23 14:02:28 \| 000,000,932 \| ---- \| C] ()(C:\Users\Public\Desktop\QQ??.lnk) -- C:\Users\Public\Desktop\QQ音乐.lnk [2012/06/01 15:00:15 \| 000,000,000 \| ---D \| M](C:\Users\FHCUser\Documents\????) -- C:\Users\FHCUser\Documents\美图图库 [2012/06/01 15:00:15 \| 000,000,000 \| ---D \| C](C:\Users\FHCUser\Documents\????) -- C:\Users\FHCUser\Documents\美图图库 [2012/06/01 14:59:39 \| 000,000,888 \| ---- \| C] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\美图秀秀.lnk [2012/06/01 14:59:39 \| 000,000,864 \| ---- \| C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk [2010/09/07 08:09:36 \| 000,002,040 \| ---- \| M] ()(C:\Users\FHCUser\Desktop\??QQ2010.lnk) -- C:\Users\FHCUser\Desktop\腾讯QQ2010.lnk [2010/09/07 08:09:36 \| 000,002,040 \| ---- \| C] ()(C:\Users\FHCUser\Desktop\??QQ2010.lnk) -- C:\Users\FHCUser\Desktop\腾讯QQ2010.lnk [2009/12/18 23:48:03 \| 000,016,872 \| ---- \| M] ()(C:\Users\FHCUser\Documents\????.docx) -- C:\Users\FHCUser\Documents\工作項目.docx [2009/12/18 15:48:48 \| 000,000,162 \| -H-- \| M] ()(C:\Users\FHCUser\Documents\~$????.docx) -- C:\Users\FHCUser\Documents\~$工作項目.docx [2009/12/18 15:48:48 \| 000,000,162 \| -H-- \| C] ()(C:\Users\FHCUser\Documents\~$????.docx) -- C:\Users\FHCUser\Documents\~$工作項目.docx [2009/12/18 15:48:47 \| 000,016,872 \| ---- \| C] ()(C:\Users\FHCUser\Documents\????.docx) -- C:\Users\FHCUser\Documents\工作項目.docx (C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 (C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\美图 (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\美图 < End of report > After the scan I went online and check the search engine. Google is gone but since I installed the AVG before and it stay as my search Engine. How can i get Google back as my main Search Engine? Thankyou!

jeffce View Member Profile	Sep 27 2012, 09:33 AM Post #11
Super Saiyan Group: Malware Team Posts: 7,193 Joined: 18-November 10 From: The Hyperbolic Time Chamber Member No.: 95,070 Operating System: Dual Boot Windows Vista and Ubuntu	Hi, What browser are you wanting to have Google set as your default search? -------- Please do the following: Go to Start >> Control Panel >> Programs and Features This will open your list of installed programs. Remove the following programs: Java™ 6 Update 15 ---------- See this page for instructions on how to clear java's cache. Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. ---------- Malwarebytes I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply. ---------- ESET Online Scanner Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts. Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..." Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic. Close the ESET online scan, and let me know how things are now. ----------

LuckyStar View Member Profile	Sep 27 2012, 12:53 PM Post #12
New Member Group: Authentic Member Posts: 10 Joined: 24-September 12 Member No.: 101,310 Operating System: Window Vista	Hi Jeff, I'm using Internet Explorer, I want Google search set as my default serach. But I don't know how to do that! I did uninstal Java 6 Update 15 and delete CACHE I also did the Malwarebytes and here's the result: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.22.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Pisces223 :: NUDB3F-LISLIQ [administrator] 9/27/2012 11:45:36 AM mbam-log-2012-09-27 (11-45-36).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 199745 Time elapsed: 9 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Then I did the ESET online Scanner, they found 1 threat and here's the result: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3TDGXB4\upgrade[1].cab a variant of Win32/Adware.OneStep.BZ application I have some questions. When I installed the AVG and did a scan it says I have so many virus and needed to fix it but when I run the Microsoft Security Essentials it didn't pick up any thing. For Malwarebytes, it helps me find virus?

jeffce View Member Profile	Sep 27 2012, 01:03 PM Post #13
Super Saiyan Group: Malware Team Posts: 7,193 Joined: 18-November 10 From: The Hyperbolic Time Chamber Member No.: 95,070 Operating System: Dual Boot Windows Vista and Ubuntu	To set Google as your default search in Internet Explorer 9 do the following: Click the Tools icon at the far right of the browser window. Select Internet options. In the General tab, find the Search section and click Settings. Select Google. Click Set as default and click Close. ---------- Malwarebytes in an antimalware program that you should definitely keep and use weekly. It is not an antivirus though so you need to keep Microsoft Security Essentials. --------- As for why AVG picked up anything...when did you run it? Before you initially posted here? We have cleaned up your system so there won't be anything that should be listed now. --------- First open an elevated command prompt > Click Start and type cmd in Start Search. When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt. Copy the contents of the code box > right click in the command window and select paste QUOTE del "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3TDGXB4\upgrade[1].cab" Press Enter Close the Command Prompt window. Let me know how your system is running now.

LuckyStar

Sep 27 2012, 03:48 PM

Post #14

New Member

Group: Authentic Member
Posts: 10
Joined: 24-September 12
Member No.: 101,310
Operating System: Window Vista

Hi Jeff! Thankyou so much for helping me!!! I added the Google as my default search and now it doesn't go to StartPins any more!!! I'm so glad! Is StartPins a virus? How did it get into my laptop?

Yes, I Recently install AVG like 3 days ago. I'm just curious about why AVG picks up more threats than Microsoft Security Essential. Microsoft Security Essential don't pick up any thing at all. That's why it make me think that I should install more than one antivirus software. But Thanks for letting me know installing more than one antivirus software might not help but harm...

I did the cmd and copy the quote you gave me but it says denied. I attached a print screen for you too see, maybe I did it wrong!

Attached thumbnail(s)

jeffce View Member Profile	Sep 27 2012, 07:30 PM Post #15
Super Saiyan Group: Malware Team Posts: 7,193 Joined: 18-November 10 From: The Hyperbolic Time Chamber Member No.: 95,070 Operating System: Dual Boot Windows Vista and Ubuntu	Hi, Different antivirus programs will detect differently. Just because one detects one file does not necessarily make it a virus...it could be getting detected based upon its behavior. Some legit files have behavior like an infection but they are just fine. ---------- Go ahead and run this through... Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below: QUOTE ClearJavaCache:: File:: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3TDGXB4\upgrade[1].cab Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix may request an update; please allow it. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. *When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.* CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. ---------- Let me know how your system is running in the next reply along with posting the new ComboFix log.

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Help Remove Locators.com	6	sarah	2,411	31st January 2004 - 12:20 PM Last post by: cnm
Virus, Spyware & Malware Removal Remove What ? Please....	4	richard hagen	1,912	10th February 2004 - 03:57 PM Last post by: Daemon
Virus, Spyware & Malware Removal How To Remove This Tq!	0	tobarret	4,618	23rd August 2007 - 09:46 PM Last post by: tobarret
Virus, Spyware & Malware Removal Help Me Remove Spyware!	10	joeoas1	2,190	30th March 2004 - 12:24 AM Last post by: Daemon
Virus, Spyware & Malware Removal Help Me Remove Porn Popups From My Boss' Computer	7	DCguy	3,405	8th June 2004 - 12:32 PM Last post by: k3dc