Jump to content

Coin-miner virus


Recommended Posts

My sister is having a trouble and I try to solve her problem through teamviewer. And here is the log from dds.

This is attach log


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 17/11/2009 17:04:22
System Uptime: 30/01/2013 23:58:04 (1 hours ago)
.
Motherboard: Acer, Inc. | | Grasmoor
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-70 | Socket M2/S1G1 | 500/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 7.521 GiB free.
D: is FIXED (NTFS) - 90 GiB total, 27.912 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\ESET_EPFWNDISMP\0011
Manufacturer:
Name:
PNP Device ID: ROOT\ESET_EPFWNDISMP\0011
Service:
.
Class GUID:
Description:
Device ID: ROOT\ESET_EPFWNDISMP\0012
Manufacturer:
Name:
PNP Device ID: ROOT\ESET_EPFWNDISMP\0012
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Acer Crystal Eye Webcam
Adobe AIR
Adobe Color Common Settings
Adobe Community Help
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.3
Adobe Reader 8.3.1
Adobe Setup
Adobe Shockwave Player 11.6
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BitComet 1.29
BitComet Accelerator 3.2
BlackBerry Desktop Software 7.0
Bloom
Bonjour
calibre
Canon MP110
Canon ScanGear Starter
CBR Reader
CCleaner
Concise Oxford Dictionary (Tenth Edition)
CSL 3.5G Connect version 2.0
CursorFX
DAEMON Tools Lite
DirectVobSub 2.41.5322
DolbyFiles
Fences
GIF Viewer 3.1
GOM Player
Google Chrome
Google Update Helper
HSDPA USB Modem version 4.882
iCloud
IIS Advanced Logging 1.0
IIS Database Manager
IIS Search Engine Optimization Toolkit 1.0
IIS URL Rewrite Module 2
ImagXpress
Internet Download Manager
Internet Information Services (IIS) 7 Manager
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 9.0.2 (Basic)
Malwarebytes Anti-Malware version 1.70.0.1100
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Application Request Routing Version 2 for IIS 7
Microsoft Choice Guard
Microsoft Default Manager
Microsoft External Cache Version 1 for IIS 7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Microsoft Web Farm Framework Version 1 for IIS 7
Microsoft Web Platform Installer 2.0
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Movie Templates - Starter Kit
Mozilla Firefox (3.6.26)
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MP3 Cutter 10.1.0
MPC-HC 1.6.2.4902
MpcStar 4.9
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Connector Net 5.2.5
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Norton Internet Security
NVIDIA Drivers
ObjectBar
Octoshape Streaming Services
Paint.NET v3.5.6
PDF Settings CS5
Picasa 3
QuickTime
Reader for PC
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.5
SoundTrax
SQL Server System CLR Types
Subtitle Workshop 2.51
SumatraPDF
swMSM
TeamViewer 8
The KMPlayer (remove only)
TweetDeck
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.3
VobSub v2.23 (Remove Only)
Vodafone Mobile Connect Lite
Web Deployment Tool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Remote Service
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WinZip 12.0
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
YourFileDownloader
.
==== Event Viewer Messages From Past Week ========
.
31/01/2013 0:00:32, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/01/2013 0:00:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
31/01/2013 0:00:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
30/01/2013 22:03:33, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
29/01/2013 21:22:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Remote Procedure Call (RPC) service, but this action failed with the following error: A system shutdown has already been scheduled.
29/01/2013 21:22:37, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/01/2013 21:22:37, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
29/01/2013 21:22:23, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
29/01/2013 21:22:23, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
29/01/2013 21:22:23, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
29/01/2013 21:22:23, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
29/01/2013 21:22:23, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
29/01/2013 21:22:15, Error: Service Control Manager [7034] - The World Wide Web Publishing Service service terminated unexpectedly. It has done this 1 time(s).
29/01/2013 21:22:15, Error: Service Control Manager [7031] - The Windows Process Activation Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.
29/01/2013 21:22:09, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
29/01/2013 21:16:35, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.
29/01/2013 21:15:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x875328fc, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\012913-41777-01.dmp. Report Id: 012913-41777-01.
29/01/2013 20:22:46, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
29/01/2013 20:17:57, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x875834dc, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\012913-36956-01.dmp. Report Id: 012913-36956-01.
29/01/2013 20:11:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/01/2013 20:11:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/01/2013 20:11:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/01/2013 20:11:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/01/2013 20:11:20, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS discache eeCtrl IDSVix86 spldr SRTSPX SymIRON SymNetS Wanarpv6
29/01/2013 20:03:16, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
29/01/2013 19:52:11, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x875cb024, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\012913-43773-01.dmp. Report Id: 012913-43773-01.
29/01/2013 11:59:14, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
29/01/2013 11:54:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Vodafone Mobile Connect Service service to connect.
27/01/2013 10:52:13, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
27/01/2013 10:52:13, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/01/2013 23:36:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
24/01/2013 23:36:43, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/01/2013 23:36:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
24/01/2013 0:19:42, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x875a68fc, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\012413-44990-01.dmp. Report Id: 012413-44990-01.
.
==== End Of File ===========================

Here is dds log


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.9.2
Run by fatehah at 0:31:07 on 2013-01-31
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.60.1033.18.2814.1530 [GMT 7:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Users\fatehah\AppData\Roaming\Mining\coin-miner.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugin-container.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://home.sweetim.com/?st=2&barid={19F69080-8BBB-11E1-B629-93268CD5940B}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\19.9.0.9\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: Search panel: {5DABD05C-E98A-9532-6608-DAF07B9D597B} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\fatehah\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\users\fatehah\appdata\roaming\micros~1\windows\startm~1\programs\startup\VIIKII~1.LNK -
StartupFolder: c:\users\fatehah\appdata\roaming\micros~1\windows\startm~1\programs\startup\ziggytv (minimized).lnk - c:\program files\ziggytv\ZiggyTV.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\get styles\ct.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\fatehah\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 202.73.99.4 61.247.0.2 202.73.99.2
TCP: Interfaces\{0C5994FE-9CA8-4797-8B21-3684F5E91076} : DHCPNameServer = 202.73.99.4 61.247.0.2 202.73.99.2
TCP: Interfaces\{0C5994FE-9CA8-4797-8B21-3684F5E91076}\164686F636 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{0C5994FE-9CA8-4797-8B21-3684F5E91076}\164686F63623 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{0C5994FE-9CA8-4797-8B21-3684F5E91076}\55B425944414 : DHCPNameServer = 172.19.0.1 172.18.0.1
TCP: Interfaces\{0C5994FE-9CA8-4797-8B21-3684F5E91076}\C47437361627C65647 : DHCPNameServer = 202.73.99.2 202.73.99.4 61.247.0.4
TCP: Interfaces\{74829032-F291-431B-8BBA-A3F1BF788852} : DHCPNameServer = 203.82.64.145 203.82.64.129
TCP: Interfaces\{7F8589E2-F396-40AA-8C95-FF06300B0919} : DHCPNameServer = 202.73.99.4 61.247.0.2 202.73.99.2 61.247.0.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WebCheck - <orphaned>
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\fatehah\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCore.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\RadioWMPCore.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\components\RadioWMPCore.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\npBitCometAgent.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 4\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\sony\readerdesktop\npreaderdetectmoz.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\fatehah\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\plugins\np-mswmp.dll
FF - plugin: c:\users\fatehah\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - ExtSQL: 2012-12-12 20:49; 50c8a26b04b88@50c8a26b04bc1.com; c:\users\fatehah\appdata\roaming\mozilla\firefox\profiles\9x0pux3c.default\extensions\50c8a26b04b88@50c8a26b04bc1.com.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: extensions.BabylonToolbar_i.id - 44aeba08000000000000061fe2a4e5df
FF - user.js: extensions.BabylonToolbar_i.hardId - 44aeba08000000000000061fe2a4e5df
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15389
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:46:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1309000.009\symds.sys [2012-10-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1309000.009\symefa.sys [2012-10-2 924320]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-4 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1309000.009\ccsetx86.sys [2012-10-2 132768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-1-3 242240]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20121204.001\IDSvix86.sys [2012-12-5 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1309000.009\ironx86.sys [2012-10-2 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1309000.009\symnets.sys [2012-10-2 318584]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2009-7-14 20992]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-11-3 83184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-29 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-29 682344]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.9.0.9\ccsvchst.exe [2012-10-2 138272]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-30 3467768]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-11-4 14336]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-12 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-29 21104]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca6851f6ce18b0;Perkhidmatan Kemas Kini Google (gupdate1ca6851f6ce18b0);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 133104]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bmusbser.sys [2010-9-10 105216]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-11-12 7680]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2010-1-19 55184]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [2010-9-4 97408]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-9 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-9-6 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-9-6 104960]
S4 wlcrasvc;Windows Live Devices remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-6-4 49504]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
ShellExec: DVDXPlayer.exe: open=c:\program files\dvd x studios\dvd x player 4.0 professional\DVDXPlayer.EXE" "%1
.
=============== Created Last 30 ================
.
2013-01-30 14:22:56 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-01-30 11:08:24 -------- d-----w- c:\program files\TeamViewer
2013-01-29 14:44:14 -------- d-----w- c:\users\fatehah\appdata\roaming\Malwarebytes
2013-01-29 14:44:02 -------- d-----w- c:\programdata\Malwarebytes
2013-01-29 14:44:01 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-29 14:44:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-29 13:31:50 -------- d-----w- c:\programdata\HitmanPro
2013-01-29 12:26:43 -------- d-----w- c:\users\fatehah\appdata\roaming\Mining
2013-01-29 09:44:02 1272719 --sha-w- C:\010ac1be.exe
2013-01-29 09:43:35 1272719 --sha-w- C:\010a8183.exe
2013-01-29 09:42:00 824207 --sha-w- C:\AdobeART.exe
2013-01-29 09:41:12 824207 --sha-w- C:\01083c97.exe
2013-01-25 21:28:40 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 4
2013-01-18 00:56:41 -------- d-----w- c:\users\fatehah\appdata\roaming\RealNetworks
2013-01-18 00:56:15 -------- d-----w- c:\program files\RealNetworks
2013-01-18 00:56:05 -------- d-----w- c:\programdata\RealNetworks
2013-01-18 00:55:41 -------- d-----w- c:\program files\common files\xing shared
2013-01-18 00:55:15 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2013-01-18 00:54:59 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2013-01-02 19:09:31 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-02 19:09:24 -------- d-----w- c:\users\fatehah\appdata\roaming\DAEMON Tools Lite
2013-01-02 19:09:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-01-02 19:08:55 -------- d-----w- c:\programdata\DAEMON Tools Lite
.
==================== Find3M ====================
.
2013-01-18 00:54:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-01-18 00:54:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-01-09 08:13:46 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 08:13:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-11 10:47:21 409088 ----a-w- c:\windows\system32\systemcpl.dll
.
============= FINISH: 0:32:52.26 ===============

Thank you for all your response :)

Link to post
Share on other sites

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Link to post
Share on other sites

Continue as follows:

Re-Run otlDesktopIcon.png by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=2&barid={19F69080-8BBB-11E1-B629-93268CD5940B}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={19F69080-8BBB-11E1-B629-93268CD5940B}
    IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109980&babsrc=SP_ss&mntrId=44aeba08000000000000061fe2a4e5df
    IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{6E841ADA-2441-4F6C-BCDD-8D59C19B7EBE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ZTV&o=14502&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=T5&apn_dtid=YYYYYYYYID&apn_uid=0ab0b2e7-44d0-4a00-997b-0551a122f737&apn_sauid=8F1A76C2-A23A-4732-9D98-4D8B543BA4C2
    IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
    IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={19F69080-8BBB-11E1-B629-93268CD5940B}
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1572363&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {038cb5c7-48ea-4af9-94e0-a1646542e62b}:3.2.5.2
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
    [2012/11/07 18:47:20 | 000,000,000 | ---D | M] (ST-Eng7 Community Toolbar) -- C:\Users\fatehah\AppData\Roaming\mozilla\Firefox\Profiles\9x0pux3c.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    [2011/03/22 23:46:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\fatehah\AppData\Roaming\mozilla\Firefox\Profiles\9x0pux3c.default\extensions\engine@conduit.com
    CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - Startup: C:\Users\fatehah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
    O4 - Startup: C:\Users\fatehah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found
    O4 - Startup: C:\Users\fatehah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZiggyTV (Minimized).lnk = File not found
    O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm File not found
    O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{0ae77db0-badc-11e1-815e-9cd96cf4ca1b}\Shell - "" = AutoRun
    O33 - MountPoints2\{0ae77db0-badc-11e1-815e-9cd96cf4ca1b}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{25db9816-be69-11df-9220-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{25db9816-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{25db983a-be69-11df-9220-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{25db983a-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{25db9850-be69-11df-9220-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{25db9850-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{25db985c-be69-11df-9220-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{25db985c-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{2dfdb730-bfcc-11df-a000-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{2dfdb730-bfcc-11df-a000-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{2ed17a6f-099b-11e0-b5d5-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{2ed17a6f-099b-11e0-b5d5-001e68933330}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
    O33 - MountPoints2\{5462fa2b-b9b5-11df-92c8-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{5462fa2b-b9b5-11df-92c8-001e68933330}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{84d02650-3b7c-11e0-b6f6-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{84d02650-3b7c-11e0-b6f6-001e68933330}\Shell\AutoRun\command - "" = F:\Autorun.exe
    O33 - MountPoints2\{871675b8-13e3-11df-94c8-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{871675b8-13e3-11df-94c8-001e68933330}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    :Files
    C:\010ac1be.exe
    C:\010a8183.exe
    C:\AdobeART.exe
    C:\01083c97.exe
    C:\Users\fatehah\AppData\Roaming\Mining\coin-miner.exe
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Resethosts]


  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post those 3 logs in next reply please...

Kevin

Link to post
Share on other sites


All processes killed
Error: Unable to interpret <tp://home.sweetim.com/?st=2&barid={19F69080-8BBB-11E1-B629-93268CD5940B}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={19F69080-8BBB-11E1-B629-93268CD5940B}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109980&babsrc=SP_ss&mntrId=44aeba08000000000000061fe2a4e5df> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{6E841ADA-2441-4F6C-BCDD-8D59C19B7EBE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ZTV&o=14502&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=T5&apn_dtid=YYYYYYYYID&apn_uid=0ab0b2e7-44d0-4a00-997b-0551a122f737&apn_sauid=8F1A76C2-A23A-4732-9D98-4D8B543BA4C2> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={19F69080-8BBB-11E1-B629-93268CD5940B}> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultengine: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1572363&SearchSource=13"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54}:3.2.5.2> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {038cb5c7-48ea-4af9-94e0-a1646542e62b}:3.2.5.2> in the current context!
Error: Unable to interpret <FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"> in the current context!
Error: Unable to interpret <[2012/11/07 18:47:20 | 000,000,000 | ---D | M] (ST-Eng7 Community Toolbar) -- C:\Users\fatehah\AppData\Roaming\mozilla\Firefox\Profiles\9x0pux3c.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}> in the current context!
Error: Unable to interpret <[2011/03/22 23:46:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\fatehah\AppData\Roaming\mozilla\Firefox\Profiles\9x0pux3c.default\extensions\engine@conduit.com> in the current context!
Error: Unable to interpret <CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of> in the current context!
Error: Unable to interpret <CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\> in the current context!
Error: Unable to interpret <CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of> in the current context!
Error: Unable to interpret <CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\fatehah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\fatehah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\fatehah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZiggyTV (Minimized).lnk = File not found> in the current context!
Error: Unable to interpret <O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm File not found> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{0ae77db0-badc-11e1-815e-9cd96cf4ca1b}\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{0ae77db0-badc-11e1-815e-9cd96cf4ca1b}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{25db9816-be69-11df-9220-001e68933330}\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{25db9816-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{25db983a-be69-11df-9220-001e68933330}\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{25db983a-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{25db9850-be69-11df-9220-001e68933330}\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{25db9850-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{25db985c-be69-11df-9220-001e68933330}\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{25db985c-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2dfdb730-bfcc-11df-a000-001e68933330}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2dfdb730-bfcc-11df-a000-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2ed17a6f-099b-11e0-b5d5-001e68933330}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2ed17a6f-099b-11e0-b5d5-001e68933330}\Shell\AutoRun\command - "" = F:\HPLauncher.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{5462fa2b-b9b5-11df-92c8-001e68933330}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{5462fa2b-b9b5-11df-92c8-001e68933330}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{84d02650-3b7c-11e0-b6f6-001e68933330}\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{84d02650-3b7c-11e0-b6f6-001e68933330}\Shell\AutoRun\command - "" = F:\Autorun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{871675b8-13e3-11df-94c8-001e68933330}\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{871675b8-13e3-11df-94c8-001e68933330}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a > in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe > in the current context!
Error: Unable to interpret <O33 - MountPoints2\H\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <[2 C:\*.tmp files -> C:\*.tmp -> ]> in the current context!
========== FILES ==========
C:\010ac1be.exe moved successfully.
C:\010a8183.exe moved successfully.
C:\AdobeART.exe moved successfully.
C:\01083c97.exe moved successfully.
C:\Users\fatehah\AppData\Roaming\Mining\coin-miner.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fatehah
->Temp folder emptied: 122772012 bytes
->Java cache emptied: 19382855 bytes
->FireFox cache emptied: 91995847 bytes
->Google Chrome cache emptied: 46037739 bytes
->Flash cache emptied: 69817 bytes

User: Public

%systemdrive% .tmp files removed: 28761 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21605674 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 288.00 mb

Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 01312013_232611
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Link to post
Share on other sites

Re-run OTL one more time, when you copy the text from the code box make sure you start with and include this :OTL It looks like the colon and OTL had been missed of the fist one....

Re-Run otlDesktopIcon.png by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=2&barid={19F69080-8BBB-11E1-B629-93268CD5940B}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={19F69080-8BBB-11E1-B629-93268CD5940B}
    IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109980&babsrc=SP_ss&mntrId=44aeba08000000000000061fe2a4e5df
    IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{6E841ADA-2441-4F6C-BCDD-8D59C19B7EBE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ZTV&o=14502&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=T5&apn_dtid=YYYYYYYYID&apn_uid=0ab0b2e7-44d0-4a00-997b-0551a122f737&apn_sauid=8F1A76C2-A23A-4732-9D98-4D8B543BA4C2
    IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
    IE - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={19F69080-8BBB-11E1-B629-93268CD5940B}
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1572363&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {038cb5c7-48ea-4af9-94e0-a1646542e62b}:3.2.5.2
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
    [2012/11/07 18:47:20 | 000,000,000 | ---D | M] (ST-Eng7 Community Toolbar) -- C:\Users\fatehah\AppData\Roaming\mozilla\Firefox\Profiles\9x0pux3c.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    [2011/03/22 23:46:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\fatehah\AppData\Roaming\mozilla\Firefox\Profiles\9x0pux3c.default\extensions\engine@conduit.com
    CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Users\fatehah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-460000654-456863069-3011112392-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - Startup: C:\Users\fatehah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
    O4 - Startup: C:\Users\fatehah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found
    O4 - Startup: C:\Users\fatehah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZiggyTV (Minimized).lnk = File not found
    O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm File not found
    O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{0ae77db0-badc-11e1-815e-9cd96cf4ca1b}\Shell - "" = AutoRun
    O33 - MountPoints2\{0ae77db0-badc-11e1-815e-9cd96cf4ca1b}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{25db9816-be69-11df-9220-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{25db9816-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{25db983a-be69-11df-9220-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{25db983a-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{25db9850-be69-11df-9220-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{25db9850-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{25db985c-be69-11df-9220-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{25db985c-be69-11df-9220-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{2dfdb730-bfcc-11df-a000-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{2dfdb730-bfcc-11df-a000-001e68933330}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{2ed17a6f-099b-11e0-b5d5-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{2ed17a6f-099b-11e0-b5d5-001e68933330}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
    O33 - MountPoints2\{5462fa2b-b9b5-11df-92c8-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{5462fa2b-b9b5-11df-92c8-001e68933330}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{84d02650-3b7c-11e0-b6f6-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{84d02650-3b7c-11e0-b6f6-001e68933330}\Shell\AutoRun\command - "" = F:\Autorun.exe
    O33 - MountPoints2\{871675b8-13e3-11df-94c8-001e68933330}\Shell - "" = AutoRun
    O33 - MountPoints2\{871675b8-13e3-11df-94c8-001e68933330}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    :Commands
    [emptytemp]


  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Post that log, then continue with the other steps...

Kevin

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.