Jump to content

pum.hijack.startmenu fake systems fix run, hides all my files & fake disk errors


Recommended Posts

Hi,

I have a virus. I'm usure how i got it, left my laptop on while i brushed my teeth last night, came back in and access to all of my files are hidden and possibly blocked (ive been able to get music to play by searching a song in the start menu. The start menu only displays word, paint & IE, not even the computer or any files. I have about 15 error messages relating to system 32 files pop up about every 30 mins, fake messages about low memory, RAM memory reliability, & one about file indexing telling me that if the failure continues files could become unreadble, lost, my lapttop will become slow and suffer perment damage.

Following the advice on http://www.bleepingcomputer.com/virus-removal/remove-system-fix I ran Rkill which found nothing so I didn't save the log (all my saves disapear like my other files except if i save them to a usb which is how i tranfered Rkill, TDSS and MBAM to my laptop from the home computer), I followed up by running TDSS and again found nothing so downloaded mbam-setup, and attempted to run it. The virus blocked it so i changed the name and when setting it called it MBAM BYTS instead of the suggested file name which seemed to bypass the virus but it wouldn't let me download the updates. I full scanned anyway found and removed 6 viruses, restarted and it was pretty evident the virus was still their (no desktop background, no shortcuts on desktop, only IE word and paint in start file). I re transfered mbam onto the machine (restarting it had allowed the virus to either delete or hide it) and I can't remember what i did but I called it something else and managed to get it too update. Then I ran a full scan and removed the 2 viruses found, restarted, back to square 1. I've done thius a few times now, and the virus is still there. The 2 files are called pum.hijack.startmenu.

This time ive saved the log to my USB and it's as follows;

alwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8298

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

03/12/2011 19:17:16

mbam-log-2011-12-03 (19-17-16).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 308406

Time elapsed: 43 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Please help!

Sorry, got carried away and forgot to run DDS and attach the logs.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.0.0

Run by Hannah at 20:16:43 on 2011-12-03

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskeng.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\ProgramData\XYRqQgvDYPoUCvX.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\ProgramData\j5aSOT1S9n5QVz.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\DllHost.exe

H:\lappy issues\dds.scr

C:\windows\system32\conhost.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [XYRqQgvDYPoUCvX.exe] c:\programdata\XYRqQgvDYPoUCvX.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\mal byts57\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1CDD3872-B4D9-40BA-9020-85A479893E08} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{562DD9F8-111E-4FED-A9B3-809C58B6422A} : DhcpNameServer = 192.168.1.2

TCP: Interfaces\{562DD9F8-111E-4FED-A9B3-809C58B6422A}\4434F5C61607 : DhcpNameServer = 192.168.1.2

TCP: Interfaces\{562DD9F8-111E-4FED-A9B3-809C58B6422A}\4434F5E4 : DhcpNameServer = 192.168.1.2

TCP: Interfaces\{61281670-6767-42B0-B0F1-2D093F396413} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{967EC87F-B575-4828-8930-EB70DEEBD527} : DhcpNameServer = 192.168.1.2

TCP: Interfaces\{F6DBA9C0-4310-41F5-AB04-93A047BA37FE} : DhcpNameServer = 203.241.132.34 204.59.144.222

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\hannah\appdata\roaming\mozilla\firefox\profiles\s77pm2sj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.accept-encoding -

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0

R? btwampfl;Bluetooth AMP USB Filter

R? btwl2cap;Bluetooth L2CAP Service

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? cpuz134;cpuz134

R? cvhsvc;Client Virtualization Handler

R? fssfltr;fssfltr

R? fsssvc;Windows Live Family Safety Service

R? MBAMSwissArmy;MBAMSwissArmy

R? McShield;McAfee Real-time Scanner

R? McSysmon;McAfee SystemGuards

R? OberonGameConsoleService;Oberon Media Game Console service

R? osppsvc;Office Software Protection Platform

R? RTL8167;Realtek 8167 NT Driver

R? rtl819xp;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver

R? sftlist;Application Virtualization Client

R? Sftredir;Sftredir

R? sftvsa;Application Virtualization Service Agent

R? WatAdminSvc;Windows Activation Technologies Service

S? AdobeARMservice;Adobe Acrobat Update Service

S? dtsoftbus01;DAEMON Tools Virtual Bus Driver

S? IntcHdmiAddService;Intel® High Definition Audio HDMI

S? SABI;SAMSUNG Kernel Driver For Windows 7

S? Sftfs;Sftfs

S? Sftplay;Sftplay

S? Sftvol;Sftvol

S? vwififlt;Virtual WiFi Filter Driver

S? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller

.

=============== Created Last 30 ================

.

2011-12-03 17:51:26 -------- d--h--w- c:\program files\MAL BYTS57

2011-12-03 17:23:10 -------- d--h--w- c:\program files\MAL BYTS5

2011-12-03 16:31:06 -------- d--h--w- c:\program files\MAL BYTS2

2011-12-03 15:36:51 -------- d--h--w- c:\program files\MAL BYTS

2011-12-03 15:34:14 20952 ---ha-w- c:\windows\system32\drivers\mbam.sys

2011-12-03 15:08:49 739738 ---ha-w- c:\windows\system32\PerfStringBackup.TMP

2011-12-03 00:20:56 351880 ---ha-w- c:\programdata\j5aSOT1S9n5QVz.exe

2011-12-02 23:59:34 445064 ---ha-w- c:\programdata\XYRqQgvDYPoUCvX.exe

2011-11-08 22:33:54 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-08 22:33:54 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-08 22:33:53 2339840 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2011-10-22 22:15:39 232512 ---ha-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-10-17 19:20:21 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-16 21:33:21 544656 ---ha-w- c:\windows\system32\deployJava1.dll

2011-10-11 23:42:40 150392 ---ha-w- c:\windows\junction.exe

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 20:17:27.75 ===============

Attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Thank you for agreeing to help me! It's so kind of you :)

Just so you know I ran combofix after typing that message and the 'unhide' program advised in the previously given link so that I could back up photo's ect in the worse case scenario and regain basic use of my PC.

The combo fix log is attached as combofix.txt apologies if this interferes in any way.

Hannah

Extras.Txt

OTL.Txt

combofix.txt

Link to post
Share on other sites

Well to me it all seems to be running fine again, I re-ran malwarebytes after combofix removed a few things and the two viruses that kept showing up on the malware bytes logs as removed and re-appearing next scan were no longer being flagged up, so presumably taken care of. The way the virus worked meddled around with a lot of personal choice features (start menu lay out ect)so I'm still finding things and thinking 'that wasn't how i liked you...' and changing it back. The internet has been a little slow but I know that is probably the provider rather than the virus.

Once again sorry to mess around with it myself rather than await expert advice! What do you think of what you're seeing?

OTL logfile created on: 12/6/2011 10:39:17 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hannah\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.10% Memory free

3.92 Gb Paging File | 2.28 Gb Available in Paging File | 58.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 147.00 Gb Total Space | 10.47 Gb Free Space | 7.12% Space Free | Partition Type: NTFS

Drive D: | 145.99 Gb Total Space | 39.66 Gb Free Space | 27.16% Space Free | Partition Type: NTFS

Drive G: | 14.91 Gb Total Space | 10.47 Gb Free Space | 70.19% Space Free | Partition Type: FAT32

Drive H: | 3.84 Gb Total Space | 1.90 Gb Free Space | 49.55% Space Free | Partition Type: FAT32

Drive I: | 931.28 Gb Total Space | 807.24 Gb Free Space | 86.68% Space Free | Partition Type: FAT32

Computer Name: HANNAH-PC | User Name: Hannah | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 21:46:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hannah\Desktop\OTL.exe

PRC - [2011/11/10 18:35:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/08/02 07:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2010/04/16 13:11:02 | 000,650,920 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe

PRC - [2010/04/07 19:30:32 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2009/11/20 07:35:38 | 000,013,312 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLangApp.exe

PRC - [2009/11/04 04:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

PRC - [2009/10/26 11:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2009/10/13 10:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/06/03 11:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/04/15 14:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/10 18:35:36 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/09/07 20:06:32 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2011/03/21 18:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/04/16 13:11:02 | 000,650,920 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe

MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll

MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/06/03 11:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/06/03 11:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (sftvsa)

SRV - File not found [Auto | Stopped] -- -- (OberonGameConsoleService)

SRV - File not found [Auto | Stopped] -- -- (MpfService)

SRV - File not found [Disabled | Stopped] -- -- (McSysmon)

SRV - File not found [unknown | Stopped] -- -- (McShield)

SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)

SRV - File not found [Auto | Stopped] -- -- (btwdins)

SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)

SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/12/23 13:23:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/10/22 22:15:39 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2010/09/14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2010/09/14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2010/09/14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2010/09/14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2009/11/06 20:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/07/13 22:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/10 13:44:52 | 000,122,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56505

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56505

IE - HKU\S-1-5-21-655814321-1652077291-3099334160-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKU\S-1-5-21-655814321-1652077291-3099334160-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-655814321-1652077291-3099334160-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/25 21:53:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 18:35:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/16 21:33:29 | 000,000,000 | ---D | M]

[2011/05/12 20:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannah\AppData\Roaming\Mozilla\Extensions

[2011/07/25 21:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\s77pm2sj.default\extensions

[2011/11/12 04:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/07/08 20:48:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

() (No name found) -- C:\USERS\HANNAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S77PM2SJ.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI

[2011/11/10 18:35:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/16 21:33:21 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/10 18:35:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/03 20:56:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-655814321-1652077291-3099334160-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-655814321-1652077291-3099334160-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-655814321-1652077291-3099334160-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-655814321-1652077291-3099334160-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CDD3872-B4D9-40BA-9020-85A479893E08}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562DD9F8-111E-4FED-A9B3-809C58B6422A}: DhcpNameServer = 192.168.1.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61281670-6767-42B0-B0F1-2D093F396413}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{967EC87F-B575-4828-8930-EB70DEEBD527}: DhcpNameServer = 192.168.1.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6DBA9C0-4310-41F5-AB04-93A047BA37FE}: DhcpNameServer = 203.241.132.34 204.59.144.222

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 21:46:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Hannah\Desktop\OTL.exe

[2011/12/03 21:00:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/12/03 21:00:35 | 000,000,000 | ---D | C] -- C:\windows\temp

[2011/12/03 21:00:35 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Local\temp

[2011/12/03 20:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/03 20:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAL BYTS

[2011/12/03 17:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAL BYTS57

[2011/12/03 17:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\MAL BYTS57

[2011/12/03 17:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAL BYTS5

[2011/12/03 17:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\MAL BYTS5

[2011/12/03 16:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAL BYTS2

[2011/12/03 16:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAL BYTS2

[2011/12/03 15:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\MAL BYTS

[2011/12/03 15:34:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2010/10/11 08:02:48 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/12/06 21:46:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hannah\Desktop\OTL.exe

[2011/12/06 21:20:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2011/12/06 18:51:31 | 000,020,608 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/06 18:51:31 | 000,020,608 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/06 18:44:07 | 1579,634,688 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/03 22:53:18 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/12/03 20:56:22 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2011/12/03 20:45:57 | 004,326,308 | R--- | M] (Swearware) -- C:\Users\Hannah\Desktop\ComboFix.exe

[2011/12/03 20:26:13 | 000,648,542 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2011/12/03 20:26:13 | 000,119,956 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2011/12/03 20:02:12 | 000,684,297 | ---- | M] () -- C:\Users\Hannah\Desktop\unhide.exe

[2011/12/03 17:51:29 | 000,000,979 | ---- | M] () -- C:\Users\Hannah\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/12/03 14:48:21 | 000,000,456 | ---- | M] () -- C:\ProgramData\j5aSOT1S9n5QVz

[2011/12/03 14:47:38 | 000,000,272 | ---- | M] () -- C:\ProgramData\~j5aSOT1S9n5QVz

[2011/12/03 14:47:38 | 000,000,184 | ---- | M] () -- C:\ProgramData\~j5aSOT1S9n5QVzr

[2011/11/30 23:22:00 | 000,001,571 | ---- | M] () -- C:\Users\Hannah\Documents\3333.PNG

[2011/11/29 19:35:15 | 000,010,208 | ---- | M] () -- C:\windows\System32\Cheyney Court, the picturesque half-timbered porter’s lodge adjacent to Winchester Cathedral. Winchester, in the southern county of Hampshire, was once the capitol of the ancient kingdom of Wessex.lnk

[2011/11/23 23:39:34 | 000,027,313 | ---- | M] () -- C:\Users\Hannah\Documents\the hunger games.PNG

[2011/11/10 18:34:17 | 000,350,088 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/12/03 22:52:41 | 000,684,297 | ---- | C] () -- C:\Users\Hannah\Desktop\unhide.exe

[2011/12/03 20:19:47 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/12/03 20:19:47 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Outdoor Living Stuff.lnk

[2011/12/03 20:19:47 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk

[2011/12/03 20:19:47 | 000,002,202 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Town Life Stuff.lnk

[2011/12/03 20:19:47 | 000,002,202 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Fast Lane Stuff.lnk

[2011/12/03 20:19:47 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk

[2011/12/03 20:19:47 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk

[2011/12/03 20:19:47 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk

[2011/12/03 20:19:47 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk

[2011/12/03 20:19:47 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Pets.lnk

[2011/12/03 20:19:47 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk

[2011/12/03 20:19:47 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk

[2011/12/03 20:19:47 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk

[2011/12/03 20:19:47 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/12/03 20:19:47 | 000,001,267 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk

[2011/12/03 20:19:47 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/12/03 20:19:47 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/12/03 20:19:47 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk

[2011/12/03 20:19:47 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Recovery Solution 4.lnk

[2011/12/03 20:19:46 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/12/03 20:19:46 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Game Pack.lnk

[2011/12/03 20:19:46 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Easy Network Manager.lnk

[2011/12/03 20:19:46 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/12/03 20:19:46 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2011/12/03 20:19:46 | 000,001,642 | ---- | C] () -- C:\Users\Public\Desktop\AnyPC.lnk

[2011/12/03 20:19:46 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk

[2011/12/03 20:19:44 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[2011/12/03 20:19:41 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk

[2011/12/03 20:19:41 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2011/12/03 20:19:41 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

[2011/12/03 20:19:41 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2011/12/03 20:19:41 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

[2011/12/03 20:19:41 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2011/12/03 20:19:41 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

[2011/12/03 20:19:41 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

[2011/12/03 20:19:41 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/12/03 20:19:41 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk

[2011/12/03 20:19:40 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2011/12/03 20:19:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/12/03 16:31:10 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/03 16:31:10 | 000,000,979 | ---- | C] () -- C:\Users\Hannah\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/12/03 00:21:04 | 000,000,272 | ---- | C] () -- C:\ProgramData\~j5aSOT1S9n5QVz

[2011/12/03 00:21:04 | 000,000,184 | ---- | C] () -- C:\ProgramData\~j5aSOT1S9n5QVzr

[2011/12/03 00:21:01 | 000,000,456 | ---- | C] () -- C:\ProgramData\j5aSOT1S9n5QVz

[2011/11/30 23:21:59 | 000,001,571 | ---- | C] () -- C:\Users\Hannah\Documents\3333.PNG

[2011/11/29 19:35:15 | 000,010,208 | ---- | C] () -- C:\windows\System32\Cheyney Court, the picturesque half-timbered porter’s lodge adjacent to Winchester Cathedral. Winchester, in the southern county of Hampshire, was once the capitol of the ancient kingdom of Wessex.lnk

[2011/11/23 23:39:33 | 000,027,313 | ---- | C] () -- C:\Users\Hannah\Documents\the hunger games.PNG

[2011/10/09 20:21:52 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2011/10/09 20:21:52 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2011/10/09 20:21:52 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2011/10/09 20:21:52 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2011/10/09 20:21:52 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2011/05/30 19:50:50 | 000,012,820 | -HS- | C] () -- C:\Users\Hannah\AppData\Local\621g73w1t32s28rbr6d2q484sxtka4h075t2

[2011/05/30 19:50:50 | 000,012,820 | -HS- | C] () -- C:\ProgramData\621g73w1t32s28rbr6d2q484sxtka4h075t2

[2011/05/22 23:10:25 | 000,001,480 | ---- | C] () -- C:\Users\Hannah\AppData\Roaming\wklnhst.dat

[2011/05/17 18:55:03 | 000,000,056 | ---- | C] () -- C:\windows\System32\ezsidmv.dat

[2011/05/15 21:17:09 | 000,010,298 | -HS- | C] () -- C:\Users\Hannah\AppData\Local\d870p7ai35kvn85p1f03nwq3rkvtxt777r6wb20b7gs

[2011/05/15 21:17:09 | 000,010,298 | -HS- | C] () -- C:\ProgramData\d870p7ai35kvn85p1f03nwq3rkvtxt777r6wb20b7gs

[2011/05/12 20:35:57 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat

[2010/12/23 12:59:57 | 047,369,160 | ---- | C] () -- C:\windows\System32\MRT.exe

[2010/10/11 08:02:56 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin

[2010/10/11 08:02:55 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2010/10/11 08:02:48 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin

[2010/10/11 08:02:48 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2010/10/11 08:02:44 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin

[2010/10/11 08:02:43 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2010/10/07 10:19:51 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2010/10/07 10:19:51 | 000,000,000 | ---- | C] () -- C:\windows\System32\atiicdxx.dat

[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll

[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll

[2010/05/18 12:26:15 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini

[2010/01/13 01:09:10 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll

[2010/01/12 08:40:24 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 04:33:53 | 000,350,088 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 02:05:48 | 000,648,542 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 02:05:48 | 000,119,956 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/13 22:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/04 02:11:55 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\BitTorrent

[2011/10/22 22:16:51 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\DAEMON Tools Lite

[2011/05/12 19:25:47 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\GameConsole

[2011/09/28 22:09:37 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\MediaWmp

[2011/08/29 12:16:25 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Research In Motion

[2011/12/03 14:47:08 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\SoftGrid Client

[2011/05/22 23:10:30 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Template

[2011/06/05 21:55:39 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\TP

[2011/12/05 18:41:09 | 000,032,634 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56505
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56505
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
    [2011/12/03 14:48:21 | 000,000,456 | ---- | M] () -- C:\ProgramData\j5aSOT1S9n5QVz
    [2011/12/03 14:47:38 | 000,000,272 | ---- | M] () -- C:\ProgramData\~j5aSOT1S9n5QVz
    [2011/12/03 14:47:38 | 000,000,184 | ---- | M] () -- C:\ProgramData\~j5aSOT1S9n5QVzr
    [2011/12/03 00:21:04 | 000,000,272 | ---- | C] () -- C:\ProgramData\~j5aSOT1S9n5QVz
    [2011/12/03 00:21:04 | 000,000,184 | ---- | C] () -- C:\ProgramData\~j5aSOT1S9n5QVzr
    [2011/12/03 00:21:01 | 000,000,456 | ---- | C] () -- C:\ProgramData\j5aSOT1S9n5QVz
    [2011/05/30 19:50:50 | 000,012,820 | -HS- | C] () -- C:\Users\Hannah\AppData\Local\621g73w1t32s28rbr6d2q484sxtka4h075t2
    [2011/05/30 19:50:50 | 000,012,820 | -HS- | C] () -- C:\ProgramData\621g73w1t32s28rbr6d2q484sxtka4h075t2
    [2011/05/15 21:17:09 | 000,010,298 | -HS- | C] () -- C:\Users\Hannah\AppData\Local\d870p7ai35kvn85p1f03nwq3rkvtxt777r6wb20b7gs
    [2011/05/15 21:17:09 | 000,010,298 | -HS- | C] () -- C:\ProgramData\d870p7ai35kvn85p1f03nwq3rkvtxt777r6wb20b7gs
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Thank you MrCharlie, please see the log below as requested :)

Hannah

All processes killed

========== OTL ==========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

C:\ProgramData\j5aSOT1S9n5QVz moved successfully.

C:\ProgramData\~j5aSOT1S9n5QVz moved successfully.

C:\ProgramData\~j5aSOT1S9n5QVzr moved successfully.

File C:\ProgramData\~j5aSOT1S9n5QVz not found.

File C:\ProgramData\~j5aSOT1S9n5QVzr not found.

File C:\ProgramData\j5aSOT1S9n5QVz not found.

C:\Users\Hannah\AppData\Local\621g73w1t32s28rbr6d2q484sxtka4h075t2 moved successfully.

C:\ProgramData\621g73w1t32s28rbr6d2q484sxtka4h075t2 moved successfully.

C:\Users\Hannah\AppData\Local\d870p7ai35kvn85p1f03nwq3rkvtxt777r6wb20b7gs moved successfully.

C:\ProgramData\d870p7ai35kvn85p1f03nwq3rkvtxt777r6wb20b7gs moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Hannah

->Temp folder emptied: 37472086 bytes

->Temporary Internet Files folder emptied: 2760778 bytes

->Java cache emptied: 1272539 bytes

->FireFox cache emptied: 254555897 bytes

->Flash cache emptied: 15805 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 608 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 282.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12072011_184226

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Thanks for coming back so fast, my lappy still seems to be running just fine, the internet speed has improved as expected it must have been the supplier. I haven't had any other issues since running combo fix bar it crashing after being turned back on after left in sleep mode yesterday, but it occasionally does that so I try not to leave it in sleep mode unless I have too... Though apparently turning it on and off is just as bad, I'm never sure which one causes more damage!! The last OTL scan seems to have sped it up too, so cheers! :D

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8298

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

07/12/2011 19:35:43

mbam-log-2011-12-07 (19-35-43).txt

Scan type: Quick scan

Objects scanned: 162637

Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Good :D

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum and Have a Happy Holiday! MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.