Inactive Browser redirect problems

Status
Not open for further replies.
Here is the specifics of what it says...

"successfully blocked access to a malicious
website: 89.114.9.96
type: outgoing
port: 52020, process:svchost.exe"
 
Okay, about this:
[QUOTE"successfully blocked access to a malicious
website: 89.114.9.96
type: outgoing
port: 52020, process:svchost.exe" ][/QUOTE]

This IP is for a site in Romania. I cannot specifically ID the Port. Since it's outgoing it indicates something within the system is attempting to access this site. This by itself does not mean it's 'bad'. But the fact that Mbam is blocking it seems to indicate the access shouldn't go through.
  • ISP: "EUROLAN SOLUTIONS SRL"
  • Organization: "SC NIRANO SRL"
  • There are 2 complaints on record for his IP. They are not specific but their 'complaint criteria' appears to be for "engaging in SPAM, brute-force, DOS attack, phishing, or other fraud."
If this block continues to come up, in the absence of malware, I will have you block it specifically in your browser.
==================================================
TrojanDownloader:Win32/Tracur.AK is a trojan that redirects user searches from legitimate search sites to malicious websites. It is installed as a Browser Helper Object (BHO) in Internet Explorer
==================================================
So far I haven't found any entry that seems related, but I'd like you to update and run HijackThis- we might pick it up there. Since you have HijackThis.zip, if the Directory has been st up as follows, you can use that install if it's v2.0.4:
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Click to expand...
===================================================
There are a few entries to be removed as follows:
OTL Custom Scan Fixes
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code: 
    :OTL
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=6
IE - HKLM\..\SearchScopes,DefaultScope = {131F6E71-FE59-4B41-B118-AD8080ACBFA7}
IE - HKCU\..\SearchScopes,DefaultScope = {131F6E71-FE59-4B41-B118-AD8080ACBFA7}
IE - HKLM\..\SearchScopes\{131F6E71-FE59-4B41-B118-AD8080ACBFA7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012/04/05 12:19:58 | 000,879,714 | ---- | M] () -- C:\Users\Bunzo\Desktop\SecurityCheck.exe
[2012/04/03 15:32:33 | 003,393,054 | ---- | M] () -- C:\Users\Bunzo\Desktop\untitled.bmp

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
==============================================
There is one old Java version that need to be uninstalled: Java v6u21. Please remove that in Programs. You do have the current version which os v6u31.
 
deleted the old java...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:04:51 AM, on 4/22/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9740 bytes
 
OTL logfile created on: 4/22/2012 1:20:27 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Bunzo\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.20 Gb Available Physical Memory | 72.31% Memory free
11.61 Gb Paging File | 9.93 Gb Available in Paging File | 85.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.03 Gb Total Space | 875.50 Gb Free Space | 95.16% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.80% Space Free | Partition Type: UDF

Computer Name: BUNZO-PC | User Name: Bunzo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bunzo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e0dbdfca9d4a65b1189481a168295866\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe (Symantec Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\WINDOWS\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEFA) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (Sftvol) -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SymDS) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\WINDOWS\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\WINDOWS\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120421.017\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120421.017\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120420.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120413.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FB65D59D-11E3-4B4A-9D27-03BAE8AF5437}
IE:64bit: - HKLM\..\SearchScopes\{FB65D59D-11E3-4B4A-9D27-03BAE8AF5437}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/03/10 11:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/04/22 01:17:47 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/22 01:10:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - Startup: C:\Users\Bunzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79A954A8-DEA2-4DB4-8360-614D0F94867D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 01:06:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/20 01:50:39 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\Desktop\ant
[2012/04/20 00:32:39 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\AppData\Roaming\Google
[2012/04/20 00:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/04/20 00:32:15 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\AppData\Local\Google
[2012/04/20 00:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/04/20 00:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/04/20 00:31:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/14 02:34:27 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\Desktop\photo ops
[2012/04/12 11:34:21 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Bunzo\Desktop\OTL.exe
[2012/04/12 11:20:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/12 11:14:44 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\Desktop\tdsskiller
[2012/04/09 02:19:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/09 02:16:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/09 02:08:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/08 19:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/08 18:46:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/08 18:46:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/08 18:41:40 | 004,452,952 | R--- | C] (Swearware) -- C:\Users\Bunzo\Desktop\ComboFix.exe
[2012/04/08 18:34:45 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/04/08 18:33:43 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Bunzo\Desktop\OTM.exe
[2012/04/08 18:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/07 20:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/07 19:12:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/07 19:10:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/05 12:24:17 | 000,000,000 | ---D | C] -- C:\HiJackThis
[2012/04/03 15:38:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Bunzo\Desktop\dds.scr
[2012/04/03 15:36:42 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\AppData\Roaming\Malwarebytes
[2012/04/03 15:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/03 15:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/03 15:36:35 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 15:36:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/03 15:35:40 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bunzo\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/27 18:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/27 17:58:39 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\My Backup Files
[2012/03/23 15:00:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

========== Files - Modified Within 30 Days ==========

[2012/04/22 01:17:40 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 01:17:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/22 01:17:12 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 01:16:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 01:16:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 01:10:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/04/22 01:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/22 00:48:28 | 000,727,246 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/22 00:48:28 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/22 00:48:28 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/22 00:42:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/21 15:01:33 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/21 03:16:44 | 000,887,564 | ---- | M] () -- C:\Users\Bunzo\Desktop\donnie.jpg
[2012/04/21 03:10:37 | 000,747,825 | ---- | M] () -- C:\Users\Bunzo\Desktop\Wilds1.jpg
[2012/04/21 03:09:15 | 000,424,599 | ---- | M] () -- C:\Users\Bunzo\Desktop\Royo2.jpg
[2012/04/21 03:08:08 | 000,603,306 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams6.jpg
[2012/04/21 03:06:38 | 000,381,431 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams4.jpg
[2012/04/21 03:05:54 | 000,333,813 | ---- | M] () -- C:\Users\Bunzo\Desktop\Royo1.jpg
[2012/04/21 03:05:37 | 000,634,177 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams5.jpg
[2012/04/21 03:05:01 | 000,310,886 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams3.jpg
[2012/04/21 03:03:12 | 001,383,708 | ---- | M] () -- C:\Users\Bunzo\Desktop\Reddick1.jpg
[2012/04/21 03:02:03 | 000,423,321 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams2.jpg
[2012/04/19 14:40:03 | 000,280,746 | ---- | M] () -- C:\Users\Bunzo\Desktop\photo.PNG
[2012/04/17 18:34:29 | 000,009,095 | ---- | M] () -- C:\Users\Bunzo\Desktop\2FA66B3D21292312A5C4B365B4FF6.jpg
[2012/04/17 01:16:47 | 001,361,511 | ---- | M] () -- C:\Users\Bunzo\Desktop\women.jpg
[2012/04/17 01:16:15 | 001,181,749 | ---- | M] () -- C:\Users\Bunzo\Desktop\chevy chase.jpg
[2012/04/15 15:34:57 | 002,399,094 | ---- | M] () -- C:\Users\Bunzo\Desktop\house.bmp
[2012/04/12 11:34:22 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bunzo\Desktop\OTL.exe
[2012/04/12 11:14:12 | 002,052,353 | ---- | M] () -- C:\Users\Bunzo\Desktop\tdsskiller.zip
[2012/04/12 03:00:33 | 001,612,281 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\Cat.DB
[2012/04/11 18:40:43 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\VT20120410.034
[2012/04/09 15:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/08 23:42:40 | 000,458,240 | ---- | M] () -- C:\Users\Bunzo\Desktop\CKScanner.exe
[2012/04/08 18:41:40 | 004,452,952 | R--- | M] (Swearware) -- C:\Users\Bunzo\Desktop\ComboFix.exe
[2012/04/08 18:33:48 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Bunzo\Desktop\OTM.exe
[2012/04/05 12:24:34 | 000,305,771 | ---- | M] () -- C:\Users\Bunzo\Desktop\HijackThis.zip
[2012/04/03 15:42:53 | 000,000,717 | -H-- | M] () -- C:\IPH.PH
[2012/04/03 15:42:40 | 000,002,024 | ---- | M] () -- C:\Users\Bunzo\Desktop\Retry AIM Installation.lnk
[2012/04/03 15:38:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Bunzo\Desktop\dds.scr
[2012/04/03 15:36:37 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/03 15:35:52 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bunzo\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/29 03:17:10 | 000,002,312 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/03/29 03:00:44 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/23 18:17:10 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/23 18:17:10 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/23 18:17:10 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

========== Files Created - No Company Name ==========

[2012/04/21 03:16:52 | 000,887,564 | ---- | C] () -- C:\Users\Bunzo\Desktop\donnie.jpg
[2012/04/21 03:12:36 | 000,747,825 | ---- | C] () -- C:\Users\Bunzo\Desktop\Wilds1.jpg
[2012/04/21 03:09:47 | 000,424,599 | ---- | C] () -- C:\Users\Bunzo\Desktop\Royo2.jpg
[2012/04/21 03:09:27 | 000,603,306 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams6.jpg
[2012/04/21 03:06:49 | 000,381,431 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams4.jpg
[2012/04/21 03:06:25 | 000,333,813 | ---- | C] () -- C:\Users\Bunzo\Desktop\Royo1.jpg
[2012/04/21 03:06:11 | 000,634,177 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams5.jpg
[2012/04/21 03:05:16 | 000,310,886 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams3.jpg
[2012/04/21 03:03:22 | 001,383,708 | ---- | C] () -- C:\Users\Bunzo\Desktop\Reddick1.jpg
[2012/04/21 03:02:43 | 000,423,321 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams2.jpg
[2012/04/20 01:40:53 | 002,504,048 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams1.jpg
[2012/04/20 00:32:20 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/20 00:32:19 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 14:38:35 | 000,280,746 | ---- | C] () -- C:\Users\Bunzo\Desktop\photo.PNG
[2012/04/17 18:35:29 | 000,009,095 | ---- | C] () -- C:\Users\Bunzo\Desktop\2FA66B3D21292312A5C4B365B4FF6.jpg
[2012/04/17 01:15:46 | 001,361,511 | ---- | C] () -- C:\Users\Bunzo\Desktop\women.jpg
[2012/04/17 01:15:38 | 001,181,749 | ---- | C] () -- C:\Users\Bunzo\Desktop\chevy chase.jpg
[2012/04/15 15:34:57 | 002,399,094 | ---- | C] () -- C:\Users\Bunzo\Desktop\house.bmp
[2012/04/12 11:14:09 | 002,052,353 | ---- | C] () -- C:\Users\Bunzo\Desktop\tdsskiller.zip
[2012/04/08 23:42:38 | 000,458,240 | ---- | C] () -- C:\Users\Bunzo\Desktop\CKScanner.exe
[2012/04/08 18:46:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/08 18:46:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/08 18:46:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/08 18:46:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/07 19:12:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/05 12:24:33 | 000,305,771 | ---- | C] () -- C:\Users\Bunzo\Desktop\HijackThis.zip
[2012/04/03 15:43:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/03 15:42:39 | 000,002,024 | ---- | C] () -- C:\Users\Bunzo\Desktop\Retry AIM Installation.lnk
[2012/04/03 15:36:37 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/27 18:02:31 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/01 02:14:48 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/12/01 02:14:48 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/12/01 02:14:48 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/12/01 02:14:46 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/12/01 02:14:43 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

========== LOP Check ==========

[2012/01/18 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Bunzo\AppData\Roaming\acccore
[2012/01/09 16:00:01 | 000,000,000 | ---D | M] -- C:\Users\Bunzo\AppData\Roaming\PCDr
[2012/04/22 00:36:41 | 000,000,000 | ---D | M] -- C:\Users\Bunzo\AppData\Roaming\SoftGrid Client
[2012/03/27 18:03:23 | 000,000,000 | ---D | M] -- C:\Users\Bunzo\AppData\Roaming\TP
[2012/04/09 15:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/13 22:08:49 | 000,009,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/21 15:01:33 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\women.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\photo.PNG:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\chevy chase.jpg:Updt_SummaryInformation
< End of report >
 
OTL Custom Scan Fixes
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code: 
    :OTL
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\women.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\photo.PNG:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\chevy chase.jpg:Updt_SummaryInformation
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FB65D59D-11E3-4B4A-9D27-03BAE8AF5437}
IE:64bit: - HKLM\..\SearchScopes\{FB65D59D-11E3-4B4A-9D27-03BAE8AF5437}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope =
[2012/04/20 01:50:39 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\Desktop\ant
[2012/04/20 00:32:39 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\AppData\Roaming\Google
[2012/04/20 00:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/04/20 00:32:15 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\AppData\Local\Google
[2012/04/20 00:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/04/20 00:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/04/20 00:31:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/14 02:34:27 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\Desktop\photo ops
[2012/04/21 03:16:44 | 000,887,564 | ---- | M] () -- C:\Users\Bunzo\Desktop\donnie.jpg
[2012/04/21 03:10:37 | 000,747,825 | ---- | M] () -- C:\Users\Bunzo\Desktop\Wilds1.jpg
[2012/04/21 03:09:15 | 000,424,599 | ---- | M] () -- C:\Users\Bunzo\Desktop\Royo2.jpg
[2012/04/21 03:08:08 | 000,603,306 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams6.jpg
[2012/04/21 03:06:38 | 000,381,431 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams4.jpg
[2012/04/21 03:05:54 | 000,333,813 | ---- | M] () -- C:\Users\Bunzo\Desktop\Royo1.jpg
[2012/04/21 03:05:37 | 000,634,177 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams5.jpg
[2012/04/21 03:05:01 | 000,310,886 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams3.jpg
[2012/04/21 03:03:12 | 001,383,708 | ---- | M] () -- C:\Users\Bunzo\Desktop\Reddick1.jpg
[2012/04/21 03:02:03 | 000,423,321 | ---- | M] () -- C:\Users\Bunzo\Desktop\MKWilliams2.jpg
[2012/04/19 14:40:03 | 000,280,746 | ---- | M] () -- C:\Users\Bunzo\Desktop\photo.PNG
[2012/04/17 18:34:29 | 000,009,095 | ---- | M] () -- C:\Users\Bunzo\Desktop\2FA66B3D21292312A5C4B365B4FF6.jpg
[2012/04/17 01:16:47 | 001,361,511 | ---- | M] () -- C:\Users\Bunzo\Desktop\women.jpg
[2012/04/17 01:16:15 | 001,181,749 | ---- | M] () -- C:\Users\Bunzo\Desktop\chevy chase.jpg
[2012/04/15 15:34:57 | 002,399,094 | ---- | M] () -- C:\Users\Bunzo\Desktop\house.bmp
[2012/04/21 03:16:52 | 000,887,564 | ---- | C] () -- C:\Users\Bunzo\Desktop\donnie.jpg
[2012/04/21 03:12:36 | 000,747,825 | ---- | C] () -- C:\Users\Bunzo\Desktop\Wilds1.jpg
[2012/04/21 03:09:47 | 000,424,599 | ---- | C] () -- C:\Users\Bunzo\Desktop\Royo2.jpg
[2012/04/21 03:09:27 | 000,603,306 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams6.jpg
[2012/04/21 03:06:49 | 000,381,431 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams4.jpg
[2012/04/21 03:06:25 | 000,333,813 | ---- | C] () -- C:\Users\Bunzo\Desktop\Royo1.jpg
[2012/04/21 03:06:11 | 000,634,177 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams5.jpg
[2012/04/21 03:05:16 | 000,310,886 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams3.jpg
[2012/04/21 03:03:22 | 001,383,708 | ---- | C] () -- C:\Users\Bunzo\Desktop\Reddick1.jpg
[2012/04/21 03:02:43 | 000,423,321 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams2.jpg
[2012/04/20 01:40:53 | 002,504,048 | ---- | C] () -- C:\Users\Bunzo\Desktop\MKWilliams1.jpg
[2012/04/19 14:38:35 | 000,280,746 | ---- | C] () -- C:\Users\Bunzo\Desktop\photo.PNG
[2012/04/17 18:35:29 | 000,009,095 | ---- | C] () -- C:\Users\Bunzo\Desktop\2FA66B3D21292312A5C4B365B4FF6.jpg
[2012/04/17 01:15:46 | 001,361,511 | ---- | C] () -- C:\Users\Bunzo\Desktop\women.jpg
[2012/04/17 01:15:38 | 001,181,749 | ---- | C] () -- C:\Users\Bunzo\Desktop\chevy chase.jpg
[2012/04/15 15:34:57 | 002,399,094 | ---- | C] () -- C:\Users\Bunzo\Desktop\house.bmp

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{AC76BA86-7AD7-1033-7B44-A91000000001}" =-
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" =-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
--------------------------------
Whatever you were doing on 4/20-4/21 with the images, kindly stop while I am helping you!
 
Tried 3 times to run the fix and all three times it said program wasnt responding about midway thru.

i'll try again.

also, i can't edit n move images?
 
There's too much to move at once. Run the following code in OTL instead.

Reboot the computer first.
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code: 
    :OTL
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\women.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\photo.PNG:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\chevy chase.jpg:Updt_SummaryInformation
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FB65D59D-11E3-4B4A-9D27-03BAE8AF5437}
IE:64bit: - HKLM\..\SearchScopes\{FB65D59D-11E3-4B4A-9D27-03BAE8AF5437}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope =

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{AC76BA86-7AD7-1033-7B44-A91000000001}" =-
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" =-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
=================================================
There were a large number of images downloaded on 4/21. What were they? Examples:
C:\Users\Bunzo\Desktop\Royo1.jpg
C:\Users\Bunzo\Desktop\MKWilliams5.jpg
Click to expand...

Let me know if this works.
 
tried a few times. "not responding"...deleted it and redownloaded the program...same. "not responding"...and it happens really fast. i mean seconds into clicking "run fix".

those were images downloaded to the desktop to be cleaned and filed. Didn't know I couldn't do that. won't while you're helping.
 
Not responging is a server problem. Are you having any problems with internet connections?

As for the images, they are part of the problem. Please try deleting them a few at a time, then reboot. Then a few more, reboot. Repeat until they are all gone. Some of them look like they may be for wallpaper. Either the images themselves or the site(s) you downloaded them from-or shared- are infected.
Advise you to remove all and not try to file at this point.

Malicious hackers can store their files once they have compromised a computer in Alternate Data Streams.These show in OTL:
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\women.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\photo.PNG:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Bunzo\Desktop\chevy chase.jpg:Updt_SummaryInformation
Click to expand...
Note the above indicating they are updating with some type of summary. These are some of the images on your desktop and there may be more.
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back