Jump to content

Malwarebytes

How to remove searchnu.com/406

- - - - -
Started by BO40, Jul 09 2012 11:01 AM


7 replies to this topic

#1
BO40
Posted 09 July 2012 - 11:01 AM

    New Member

  • Members
  • Pip
  • 4 posts
I'v install Ilivid and now I can't remove searchnu.com from Google search engine.
Ilivid and searchnu.com/406 are removed from programs.

There are my OTL log's.

=====================================================================================


Extras.txt



OTL Extras logfile created on: 09.07.2012 17:36:39 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\BELKA\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000042F | Country: Former Yugoslav Republic of Macedonia | Language: MKI | Date Format: dd.MM.yyyy

1014,42 Mb Total Physical Memory | 482,27 Mb Available Physical Memory | 47,54% Memory free
2,39 Gb Paging File | 1,94 Gb Available in Paging File | 81,33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,78 Gb Total Space | 32,83 Gb Free Space | 64,65% Space Free | Partition Type: NTFS
Drive D: | 98,26 Gb Total Space | 36,75 Gb Free Space | 37,40% Space Free | Partition Type: NTFS

Computer Name: BELINDA-BFD657E | User Name: BELKA | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\YourFileDownloader\Downloader.exe" = C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Program Files\YourFileDownloader\YourFile.exe" = C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92E64C51-5096-442F-9A44-61CB2941391D}" = ACDSee 4.0 PowerPack Suite
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.25
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System (Patching)" = Network Play System (Patching)
"Nokia Suite" = Nokia Suite
"Orb" = Winamp Remote
"Sally's Salon" = Sally's Salon
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"The Sims" = The Sims
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebDesigner" = Microsoft Expression Web
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinISD beta" = WinISD beta
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 07.07.2012 09:41:20 | Computer Name = BELINDA-BFD657E | Source = i8042prt | ID = 327714
Description = An error occurred while trying to determine the number of mouse buttons.

Error - 08.07.2012 02:20:44 | Computer Name = BELINDA-BFD657E | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 08.07.2012 05:32:36 | Computer Name = BELINDA-BFD657E | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 08.07.2012 07:21:18 | Computer Name = BELINDA-BFD657E | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 08.07.2012 07:24:49 | Computer Name = BELINDA-BFD657E | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 09.07.2012 06:44:26 | Computer Name = BELINDA-BFD657E | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 09.07.2012 10:09:39 | Computer Name = BELINDA-BFD657E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips intelppm

Error - 09.07.2012 10:20:37 | Computer Name = BELINDA-BFD657E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 09.07.2012 10:22:02 | Computer Name = BELINDA-BFD657E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 09.07.2012 10:22:07 | Computer Name = BELINDA-BFD657E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


====================================================================================================


OTL. Txt



OTL logfile created on: 09.07.2012 17:36:39 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\BELKA\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000042F | Country: Former Yugoslav Republic of Macedonia | Language: MKI | Date Format: dd.MM.yyyy

1014,42 Mb Total Physical Memory | 482,27 Mb Available Physical Memory | 47,54% Memory free
2,39 Gb Paging File | 1,94 Gb Available in Paging File | 81,33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,78 Gb Total Space | 32,83 Gb Free Space | 64,65% Space Free | Partition Type: NTFS
Drive D: | 98,26 Gb Total Space | 36,75 Gb Free Space | 37,40% Space Free | Partition Type: NTFS

Computer Name: BELINDA-BFD657E | User Name: BELKA | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.09 17:36:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BELKA\Desktop\OTL.exe
PRC - [2012.06.28 12:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.28 12:28:56 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012.06.28 12:28:54 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012.06.28 12:27:29 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012.06.28 12:27:28 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012.06.28 12:27:26 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012.06.28 10:27:26 | 009,252,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.06.12 20:42:23 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.04.22 10:07:28 | 000,149,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sony\PlayMemories Home\dfs.exe -- (DeviceFinderService)
SRV - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007.03.29 04:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\BELKA\LOCALS~1\Temp\pwndrpoc.sys -- (pwndrpoc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.04.14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007.10.25 18:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007.08.10 07:52:44 | 004,603,904 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.12 05:49:16 | 000,096,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2001.08.17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...mrud=27-06-2012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {74CCEF8F-D5E7-4F73-952B-2151C2CDB1B7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{74CCEF8F-D5E7-4F73-952B-2151C2CDB1B7}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...mrud=27-06-2012
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\DOCUME~1\BELKA\APPLIC~1\Flatcast\NpFv522.dll (1 mal 1 Software GmbH)



========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\BELKA\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\BELKA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\BELKA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\BELKA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Documents and Settings\BELKA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageFox.lnk = C:\WINDOWS\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1337448702425 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 79.141.112.29 79.141.112.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3492EFC5-41CD-4A32-A891-FE9BD5F4ADEC}: DhcpNameServer = 79.141.112.29 79.141.112.34
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\BELKA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BELKA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.05.19 19:23:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.09 17:36:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BELKA\Desktop\OTL.exe
[2012.07.09 17:08:28 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\BELKA\Desktop\dds.scr
[2012.07.09 16:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.07.07 18:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Start Menu\Programs\WinISD beta
[2012.07.07 18:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinISD
[2012.07.07 16:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Desktop\Zasiluvaci i Zvucnici
[2012.07.06 15:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012.07.06 12:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Maxis
[2012.07.06 12:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012.07.06 12:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2012.07.06 12:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\WINDOWS
[2012.07.06 12:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Start Menu\Programs\Delicious 2 Deluxe
[2012.07.06 11:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2012.07.06 11:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Start Menu\Programs\GameHouse
[2012.07.06 11:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse
[2012.07.06 11:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\GameHouse
[2012.07.06 11:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\GameHouse
[2012.07.01 09:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Desktop\VOLINO
[2012.06.29 23:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.06.29 23:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Desktop\Adobe Photoshop
[2012.06.29 21:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Desktop\New Folder (3)
[2012.06.27 19:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2012.06.27 19:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012.06.27 19:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp Remote
[2012.06.27 19:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2012.06.27 19:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Remote
[2012.06.27 19:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012.06.27 19:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\Winamp
[2012.06.26 19:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Desktop\Mobiak ognotporni vrati
[2012.06.23 20:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2012.06.22 16:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\vlc
[2012.06.22 16:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\AppData
[2012.06.22 16:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\searchquband
[2012.06.22 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Local Settings\Application Data\Ilivid Player
[2012.06.22 16:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012.06.21 18:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\YourFileDownloader
[2012.06.21 17:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SourceTec
[2012.06.21 17:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2012.06.21 17:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2012.06.21 16:45:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\BELKA\My Documents\My Web Sites
[2012.06.21 16:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Expression
[2012.06.21 16:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.06.21 16:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2012.06.20 15:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\YouTube Downloader
[2012.06.19 20:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\Search Settings
[2012.06.19 20:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Desktop\CD kombe NOVO !!!
[2012.06.15 16:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\Google
[2012.06.15 16:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012.06.14 21:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Desktop\Flopi
[2012.06.13 22:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Desktop\sliki lozje
[2012.06.11 15:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Desktop\Sliki 11,06,2012
[2012.06.10 17:52:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2006.11.20 09:01:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\AMCap.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.09 17:36:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BELKA\Desktop\OTL.exe
[2012.07.09 17:09:14 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\gmer.zip
[2012.07.09 17:08:32 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\BELKA\Desktop\dds.scr
[2012.07.09 16:26:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.09 16:07:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.09 15:17:06 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.09 15:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.09 15:10:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.09 12:44:08 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageFox.lnk
[2012.07.08 16:10:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.07 21:54:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.07.07 15:17:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.07 12:06:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.06 17:15:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2012.07.06 14:59:53 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\Delicious 2 Deluxe.lnk
[2012.07.06 12:14:07 | 000,000,496 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2012.07.06 11:57:33 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2012.07.06 11:48:09 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\BELKA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.06 11:34:58 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012.07.03 20:53:22 | 000,033,821 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\417487_413586035347335_1005021417_n.jpg
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.07.03 18:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.07.02 13:10:12 | 000,032,485 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\582074_419401291444752_326886773_n.jpg
[2012.07.01 09:24:15 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\regata-mapa.jpg
[2012.06.30 19:16:32 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012.06.30 19:14:12 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\Shortcut to EPSON SX100 Series.lnk
[2012.06.29 23:46:27 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\rf.lnk
[2012.06.27 19:47:32 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.27 19:47:32 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.27 19:22:17 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2012.06.27 19:21:57 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp Remote.lnk
[2012.06.27 17:24:48 | 000,220,781 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\H45 st brown..jpg
[2012.06.27 17:24:04 | 000,193,255 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\H51 standard belo.jpg
[2012.06.26 19:46:08 | 003,359,289 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\MASTER ABRASIVE CATALOGUE 2012.pdf
[2012.06.26 16:51:02 | 000,000,000 | ---- | M] () -- C:\alrt_200.data
[2012.06.24 13:32:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.06.24 13:32:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.06.23 20:31:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.23 20:23:06 | 000,040,131 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\533368_242120219240564_1710797350_n.jpg
[2012.06.21 18:40:16 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sothink SWF Quicker.lnk
[2012.06.21 17:26:30 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Macromedia Fireworks 8.lnk
[2012.06.21 17:00:33 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\Microsoft Expression Web .lnk
[2012.06.19 20:01:50 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YTD YouTube Downloader & Converter.lnk
[2012.06.15 16:50:00 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012.06.12 15:21:28 | 000,062,318 | ---- | M] () -- C:\Documents and Settings\BELKA\Desktop\mz.jpg
[2012.06.10 17:59:05 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PlayMemories Home Help.lnk
[2012.06.10 17:59:05 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PlayMemories Home.lnk
[2012.06.10 17:43:24 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 4.0.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.09 17:10:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\gmer.exe
[2012.07.09 17:09:13 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\gmer.zip
[2012.07.09 16:09:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.07 15:17:33 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.06 14:59:52 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\Delicious 2 Deluxe.lnk
[2012.07.06 12:14:07 | 000,000,496 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012.07.06 11:57:33 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012.07.03 20:53:33 | 000,033,821 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\417487_413586035347335_1005021417_n.jpg
[2012.07.02 13:10:21 | 000,032,485 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\582074_419401291444752_326886773_n.jpg
[2012.07.01 09:24:19 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\regata-mapa.jpg
[2012.06.30 19:14:12 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\Shortcut to EPSON SX100 Series.lnk
[2012.06.29 23:46:27 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\rf.lnk
[2012.06.29 23:46:27 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.06.27 19:22:17 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2012.06.27 19:21:57 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp Remote.lnk
[2012.06.27 17:24:51 | 000,220,781 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\H45 st brown..jpg
[2012.06.27 17:24:09 | 000,193,255 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\H51 standard belo.jpg
[2012.06.26 19:45:59 | 003,359,289 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\MASTER ABRASIVE CATALOGUE 2012.pdf
[2012.06.26 16:51:02 | 000,000,000 | ---- | C] () -- C:\alrt_200.data
[2012.06.23 20:23:15 | 000,040,131 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\533368_242120219240564_1710797350_n.jpg
[2012.06.21 17:52:06 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sothink SWF Quicker.lnk
[2012.06.21 17:26:30 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Macromedia Fireworks 8.lnk
[2012.06.21 17:00:31 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\Microsoft Expression Web .lnk
[2012.06.15 16:50:00 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012.06.13 23:35:32 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\BELKA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.12 15:21:37 | 000,062,318 | ---- | C] () -- C:\Documents and Settings\BELKA\Desktop\mz.jpg
[2012.06.10 17:59:05 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PlayMemories Home Help.lnk
[2012.06.08 17:23:46 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012.06.08 17:23:46 | 000,000,899 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012.06.05 21:34:31 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2012.05.19 21:12:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.05.19 21:11:08 | 002,217,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.19 21:09:29 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2012.05.19 20:14:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.05.19 20:03:10 | 001,032,266 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2012.05.19 20:03:10 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2012.05.19 19:37:22 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012.05.19 19:25:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.05.19 19:20:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2012.06.03 08:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2012.05.20 15:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012.06.22 16:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012.05.21 20:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012.07.06 11:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2012.06.05 21:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012.06.05 20:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012.06.27 19:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2012.06.05 21:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012.05.24 20:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012.06.03 08:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012.05.22 15:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2012.06.19 20:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter
[2012.07.06 15:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012.06.05 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\ACD Systems
[2012.06.29 23:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.29 10:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\EPSON
[2012.06.08 17:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\Flatcast
[2012.07.06 11:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\GameHouse
[2012.07.02 13:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\ImageFox
[2012.06.05 21:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\PC Suite
[2012.06.19 20:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\Search Settings
[2012.06.22 16:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\searchquband
[2012.05.24 20:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\TuneUp Software
[2012.06.21 18:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\YourFileDownloader
[2012.06.20 15:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BELKA\Application Data\YouTube Downloader
[2012.07.06 17:15:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2012.07.09 15:17:06 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



< End of report >

#2
MrCharlie
Posted 09 July 2012 - 01:24 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Welcome to the forum.
Please do this:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following 
    :OTL
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKCU..\Run: [] File not found
[2012.06.22 16:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Application Data\searchquband
[2012.06.22 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BELKA\Local Settings\Application Data\Ilivid Player
:Commands
[EMPTYJAVA]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next > use this guide to change your settings in Chrome
http://deletemalware...tall-guide.html

Let me know.......MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3
BO40
Posted 11 July 2012 - 10:01 AM

    New Member

  • Members
  • Pip
  • 4 posts
I'v made " RUN FIX " and Log file is next:

==================================================================

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Documents and Settings\BELKA\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\BELKA\Local Settings\Application Data\Ilivid Player folder moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: BELKA

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: All Users

User: BELKA
->Temp folder emptied: 15508407 bytes
->Temporary Internet Files folder emptied: 199338254 bytes
->Google Chrome cache emptied: 62787656 bytes
->Flash cache emptied: 8846996 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 62724 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 5980689 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10906473 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 253295523 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 534,00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07112012_164123
Files\Folders moved on Reboot...
C:\Documents and Settings\BELKA\Local Settings\Temp\~DF2980.tmp moved successfully.
File\Folder C:\Documents and Settings\BELKA\Local Settings\Temp\~DF65B3.tmp not found!
File\Folder C:\Documents and Settings\BELKA\Local Settings\Temp\~DF661A.tmp not found!
File\Folder C:\Documents and Settings\BELKA\Local Settings\Temp\~DF66C1.tmp not found!
File\Folder C:\Documents and Settings\BELKA\Local Settings\Temp\~DF66D9.tmp not found!
File\Folder C:\Documents and Settings\BELKA\Local Settings\Temp\~DF67DE.tmp not found!
File\Folder C:\Documents and Settings\BELKA\Local Settings\Temp\~DF67F2.tmp not found!
C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\Content.IE5\HDVWTK3V\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\Content.IE5\7DAOBNQK\index[2].php moved successfully.
C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\Content.IE5\533XSTDS\fastbutton[1].htm moved successfully.
C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\Content.IE5\0AH1AHK3\tsd[1].txt moved successfully.
C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
PendingFileRenameOperations files...
File C:\Documents and Settings\BELKA\Local Settings\Temp\~DF2980.tmp not found!
File C:\Documents and Settings\BELKA\Local Settings\Temp\~DF65B3.tmp not found!
File C:\Documents and Settings\BELKA\Local Settings\Temp\~DF661A.tmp not found!
File C:\Documents and Settings\BELKA\Local Settings\Temp\~DF66C1.tmp not found!
File C:\Documents and Settings\BELKA\Local Settings\Temp\~DF66D9.tmp not found!
File C:\Documents and Settings\BELKA\Local Settings\Temp\~DF67DE.tmp not found!
File C:\Documents and Settings\BELKA\Local Settings\Temp\~DF67F2.tmp not found!
File C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\Content.IE5\HDVWTK3V\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!
File C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\Content.IE5\7DAOBNQK\index[2].php not found!
File C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\Content.IE5\533XSTDS\fastbutton[1].htm not found!
File C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\Content.IE5\0AH1AHK3\tsd[1].txt not found!
File C:\Documents and Settings\BELKA\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!
Registry entries deleted on Reboot...

#4
MrCharlie
Posted 11 July 2012 - 10:13 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
OK, were you able to change your search engines using the guide below?

http://deletemalware...tall-guide.html

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5
BO40
Posted 11 July 2012 - 12:16 PM

    New Member

  • Members
  • Pip
  • 4 posts
No. Agan when I double clik on Google icon it's open two pages in same time. First tab searchnu.com and second tab Google.

I make changes in google settings using the guide but it's the same.

Searchnu.com showing only in Google browser. IE it's ok.

#6
BO40
Posted 11 July 2012 - 12:31 PM

    New Member

  • Members
  • Pip
  • 4 posts
Finally I remove searchnu.com. I make everithing from your guide and finally in Google settings /on startup/ o [color=rgb(0,0,0)]Open a specific page or set of pages./ clik on[/color][color=rgb(0,0,0)] [/color]Set pages. clik use current pages / Ok.
End now it's OK.

Thank you Mr. Charlie.

#7
MrCharlie
Posted 11 July 2012 - 12:40 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Great Posted Image

A little clean up to do....


Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8
Maurice Naggar
Posted 12 July 2012 - 05:56 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us