Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Browser Redirect Problem

This is a discussion on Browser Redirect Problem within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. the only difference seems to be when i go and rigting in system 32 te command prompt box says c:/windows/system32


 
 
Thread Tools Search this Thread
Old 11-28-2012, 08:51 PM   #41
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Quote:
the only difference seems to be when i go and rigting in system 32 te command prompt box says c:/windows/system32 and flashes a curser
This

__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-28-2012, 09:02 PM   #42
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



says could not find file

__________________
JamesAdamik is offline  
Old 11-29-2012, 05:30 AM   #43
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    Quote:

    :Services

    :OTL

    :Files
    C:\Users\Barb\Desktop\nikki\nikki\Universal_Androot_v1.6.1__J3rk1e_.apk
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-29-2012, 02:58 PM   #44
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



here is the OTL , again it ran its program for a few moments then froze.. i rebooted anyway on the assumption tat the program did its job before it froze. here is the generated log

OTL logfile created on: 11/29/2012 1:42:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barb\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.71% Memory free
6.10 Gb Paging File | 4.86 Gb Available in Paging File | 79.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.10 Gb Total Space | 26.25 Gb Free Space | 26.23% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.99 Gb Free Space | 17.02% Space Free | Partition Type: NTFS

Computer Name: BARB-LAPTOP | User Name: Barb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Barb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\VirginMobile\Broadband2Go\Broadband2Go.exe ()
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\VirginMobile\Broadband2Go\Broadband2Go.exe ()
MOD - C:\Program Files\VirginMobile\Broadband2Go\libxvi010.dll ()
MOD - C:\Program Files\VirginMobile\Broadband2Go\eap_supplicant.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Ad-Aware Service) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SBAMSvc) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Barb\AppData\Local\Temp\catchme.sys File not found
DRV - (ATMFVsp) -- system32\DRIVERS\ATMFVsp.sys File not found
DRV - (ATMFNVsp) -- system32\DRIVERS\ATMFNVsp.sys File not found
DRV - (ATMFNET) -- system32\DRIVERS\ATMFNET.sys File not found
DRV - (ATMFMdm) -- system32\DRIVERS\ATMFMdm.sys File not found
DRV - (ATMFFLT) -- system32\DRIVERS\ATMFFLT.sys File not found
DRV - (ATMFCVsp) -- system32\DRIVERS\ATMFCVsp.sys File not found
DRV - (ATMFBUS) -- system32\DRIVERS\ATMFBUS.sys File not found
DRV - (gfibto) -- C:\WINDOWS\System32\drivers\gfibto.sys (GFI Software)
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sbapifs) -- C:\WINDOWS\System32\drivers\sbapifs.sys (GFI Software)
DRV - (bcm) -- C:\WINDOWS\System32\drivers\drxvi314.sys (Beceem Communications Inc.)
DRV - (bcmbusctr) -- C:\WINDOWS\System32\drivers\BcmBusCtr.sys (Beceem Communications Inc.)
DRV - (DIFMVsp) -- C:\WINDOWS\System32\drivers\DIFMVsp.sys (DEVGURU Co., LTD.( www.devguru.co.kr))
DRV - (DIFMNVsp) -- C:\WINDOWS\System32\drivers\DIFMNVsp.sys (DEVGURU Co., LTD.( www.devguru.co.kr))
DRV - (DIFMMdm) -- C:\WINDOWS\System32\drivers\DIFMMdm.sys (DEVGURU Co., LTD.( www.devguru.co.kr))
DRV - (DIFMNET) -- C:\WINDOWS\System32\drivers\DIFMNET.sys (DEVGURU Co., LTD.)
DRV - (DIFMCVsp) -- C:\WINDOWS\System32\drivers\DIFMCVsp.sys (DEVGURU Co., LTD.( www.devguru.co.kr))
DRV - (DIFMBUS) -- C:\WINDOWS\System32\drivers\DIFMBUS.sys (DEVGURU Co., LTD.)
DRV - (DIFMCDF) -- C:\WINDOWS\System32\drivers\DIFMCDF.sys (DEVGURU Co., LTD.)
DRV - (LVUVC) -- C:\WINDOWS\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys ()
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (iComp) -- C:\WINDOWS\System32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (DSXUSB) -- C:\WINDOWS\System32\drivers\DSXUSB.sys (OLYMPUS OPTICAL CO.,LTD.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - News, Sports, Weather, Entertainment, Stocks & Local
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search
IE - HKLM\..\SearchScopes\{C36CE9A6-1529-404B-B2A2-1F95AEF0F71F}: "URL" = {searchTerms} - Yahoo! Search Results

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Lavasoft
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {7217E6AC-A2C7-40DE-B209-00403739B91B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKCU\..\SearchScopes\{7217E6AC-A2C7-40DE-B209-00403739B91B}: "URL" = {searchTerms} - Google Search
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = Inbox Toolbar
IE - HKCU\..\SearchScopes\{C36CE9A6-1529-404B-B2A2-1F95AEF0F71F}: "URL" = {searchTerms} - Yahoo! Search Results
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Barb\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Barb\AppData\Roaming\Move Networks [2011/01/29 00:15:44 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: Lavasoft
CHR - default_search_provider: blekko (Enabled)
CHR - default_search_provider: search_url = Lavasoft
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Barb\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Barb\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Barb\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Barb\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/25 20:36:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat ()
O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Temp] rundll32.exe "C:\Users\Barb\AppData\Local\VirtualStore\Temp\sqixnei.dll",DllRegisterServerW File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.28.34.132 68.28.37.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0954FD61-F33A-4050-AC8C-C5F6D832B6BA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56897B15-F715-4E2D-9650-6C25A7E20719}: DhcpNameServer = 157.246.2.210 157.246.2.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4589D72-F320-4EDC-830E-9BC92A7F6300}: DhcpNameServer = 68.28.34.132 68.28.37.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5845700-4AD2-4B77-A676-56EA3207B93A}: NameServer = 66.1.1.7 68.29.1.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Barb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Barb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/10 10:27:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 12:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/28 11:14:36 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Roaming\Malwarebytes
[2012/11/28 11:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/28 11:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/28 11:14:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/28 11:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/28 11:12:13 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Barb\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/27 14:26:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/27 10:32:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Barb\Desktop\OTL.exe
[2012/11/27 08:42:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Barb\Desktop\aswMBR.exe
[2012/11/25 20:37:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/25 20:30:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/25 19:56:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/25 19:56:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/25 19:56:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/25 19:56:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/25 19:52:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/25 19:51:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/25 19:47:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/11/25 19:44:10 | 005,006,177 | R--- | C] (Swearware) -- C:\Users\Barb\Desktop\ComboFix.exe
[2012/11/24 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/11/24 13:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/11/23 03:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/11/23 03:38:26 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Roaming\LavasoftStatistics
[2012/11/23 03:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/11/23 03:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/11/23 03:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/11/23 03:23:44 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2012/11/23 03:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2012/11/23 03:22:48 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Local\adawarebp
[2012/11/23 03:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/11/23 03:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/11/23 03:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/11/23 03:20:06 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Roaming\Ad-Aware Antivirus
[2012/11/17 03:03:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/17 03:03:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/17 03:03:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/17 03:03:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/17 03:03:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/17 03:03:21 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/17 03:03:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/17 03:03:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/16 00:04:34 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/16 00:02:40 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/14 07:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
[2012/11/14 07:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2012/11/02 23:01:11 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/11/02 23:01:10 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/11/02 23:01:10 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/11/02 23:01:10 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/11/02 23:01:09 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/11/02 23:01:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/02 22:41:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/11/02 22:41:11 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/11/02 22:41:10 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/11/02 13:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012/11/02 13:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012/11/02 11:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2012/11/02 11:44:56 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Roaming\BitTorrent
[2012/11/02 10:47:02 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/11/02 10:47:01 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/11/02 10:46:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/11/02 10:46:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/11/02 10:46:20 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/11/02 10:46:02 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/11/02 10:46:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/11/01 15:22:28 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2012/11/01 15:22:27 | 000,021,064 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\DIFMCIT.DLL
[2012/11/01 15:22:26 | 000,168,520 | ---- | C] (DEVGURU Co., LTD.( www.devguru.co.kr)) -- C:\Windows\System32\drivers\DIFMVsp.sys
[2012/11/01 15:22:26 | 000,168,520 | ---- | C] (DEVGURU Co., LTD.( www.devguru.co.kr)) -- C:\Windows\System32\drivers\DIFMNVsp.sys
[2012/11/01 15:22:26 | 000,168,520 | ---- | C] (DEVGURU Co., LTD.( www.devguru.co.kr)) -- C:\Windows\System32\drivers\DIFMCVsp.sys
[2012/11/01 15:22:26 | 000,105,032 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\DIFMNET.sys
[2012/11/01 15:22:26 | 000,029,640 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\DIFMCDF.sys
[2012/11/01 15:22:25 | 000,168,520 | ---- | C] (DEVGURU Co., LTD.( www.devguru.co.kr)) -- C:\Windows\System32\drivers\DIFMMdm.sys
[2012/11/01 15:22:25 | 000,082,632 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\DIFMBUS.sys
[2012/11/01 15:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Franklin
[2012/11/01 15:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirginMobile
[2012/11/01 15:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\VirginMobile

========== Files - Modified Within 30 Days ==========

[2012/11/29 13:44:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1001UA.job
[2012/11/29 13:38:54 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/29 13:38:53 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/29 13:32:21 | 000,617,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/29 13:32:20 | 000,109,022 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/29 13:31:26 | 000,083,284 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/11/29 13:31:26 | 000,083,284 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/11/29 13:31:13 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1000UA.job
[2012/11/29 13:31:12 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/29 13:31:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/29 13:31:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/29 12:02:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1000Core.job
[2012/11/29 01:44:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1001Core.job
[2012/11/29 01:05:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/29 01:05:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/28 11:14:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 11:13:13 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Barb\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/28 00:09:40 | 000,001,999 | ---- | M] () -- C:\Users\Barb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/27 14:48:40 | 000,480,125 | ---- | M] () -- C:\Users\Barb\Desktop\AdwCleaner.exe
[2012/11/27 14:31:50 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBarb.job
[2012/11/27 13:04:50 | 000,002,537 | ---- | M] () -- C:\Users\Barb\Desktop\Paint Shop Pro 7.lnk
[2012/11/27 10:32:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barb\Desktop\OTL.exe
[2012/11/27 09:03:03 | 266,549,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/27 08:43:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Barb\Desktop\aswMBR.exe
[2012/11/25 20:36:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/25 20:25:07 | 000,002,595 | ---- | M] () -- C:\Users\Barb\Desktop\Microsoft Word.lnk
[2012/11/25 19:44:28 | 005,006,177 | R--- | M] (Swearware) -- C:\Users\Barb\Desktop\ComboFix.exe
[2012/11/25 17:45:08 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Broadband2Go.lnk
[2012/11/25 16:26:44 | 000,002,521 | ---- | M] () -- C:\Users\Barb\Desktop\HiJackThis.lnk
[2012/11/25 16:19:47 | 000,002,380 | ---- | M] () -- C:\Users\Barb\Desktop\attach.zip
[2012/11/23 03:23:43 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2012/11/17 03:47:18 | 000,312,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/02 11:46:59 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk

========== Files Created - No Company Name ==========

[2012/11/28 11:14:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 14:48:40 | 000,480,125 | ---- | C] () -- C:\Users\Barb\Desktop\AdwCleaner.exe
[2012/11/25 19:56:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/25 19:56:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/25 19:56:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/25 19:56:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/25 19:56:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/25 16:19:47 | 000,002,380 | ---- | C] () -- C:\Users\Barb\Desktop\attach.zip
[2012/11/24 13:39:34 | 000,002,521 | ---- | C] () -- C:\Users\Barb\Desktop\HiJackThis.lnk
[2012/11/23 03:26:09 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/02 13:46:29 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2012/11/02 13:46:28 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/11/02 13:46:28 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/11/02 11:46:59 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/11/01 15:20:47 | 002,131,104 | ---- | C] () -- C:\Windows\System32\drivers\macxvi350.bin
[2012/11/01 15:20:47 | 000,000,144 | ---- | C] () -- C:\Windows\System32\drivers\macxvi.cfg
[2012/11/01 15:20:45 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Broadband2Go.lnk
[2012/04/22 20:12:26 | 011,463,168 | R--- | C] () -- C:\Users\Barb\Broadband2GoSetup.msi
[2012/04/15 12:54:49 | 000,000,043 | ---- | C] () -- C:\Users\Barb\jagex_cl_runescape_LIVE.dat
[2012/04/15 12:54:49 | 000,000,024 | ---- | C] () -- C:\Users\Barb\random.dat
[2012/02/23 23:52:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/23 23:52:27 | 001,929,576 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3050A_J611.dll
[2012/02/02 15:15:38 | 000,003,299 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012/02/01 18:40:24 | 000,000,632 | RHS- | C] () -- C:\Users\Barb\ntuser.pol
[2011/11/20 19:02:35 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/08/22 09:27:55 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/07/20 01:24:07 | 000,000,326 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/08 18:55:09 | 000,000,680 | ---- | C] () -- C:\Users\Barb\AppData\Local\d3d9caps.dat
[2010/12/24 20:57:22 | 000,000,000 | ---- | C] () -- C:\Windows\Dssole.INI
[2010/11/14 11:28:06 | 000,000,312 | ---- | C] () -- C:\Users\Barb\AppData\Roaming\wklnhst.dat
[2010/09/25 20:13:53 | 015,983,616 | ---- | C] () -- C:\Users\Barb\Cricket Broadband Setup-v1.0 (build 1950).msi
[2010/03/31 20:40:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/31 09:33:15 | 000,083,284 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/31 09:33:13 | 000,083,284 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/30 09:29:07 | 000,027,240 | ---- | C] () -- C:\Users\Barb\AppData\Roaming\nvModes.001
[2009/08/30 08:43:55 | 000,027,240 | ---- | C] () -- C:\Users\Barb\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
__________________
JamesAdamik is offline  
Old 11-29-2012, 05:31 PM   #45
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Good....how is your system running?
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-29-2012, 05:49 PM   #46
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



seems to be working fine
__________________
JamesAdamik is offline  
Old 11-29-2012, 06:16 PM   #47
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Quote:
seems to be working fine

----------

Providing there are no other malware related problems...

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!!

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Press the Windows key + R and this will open the Run box. Copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)


----------

Clean up with OTL:
  • Right-click and Run as Administrator OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
If you didn't already have it I would keep Malwarebytes AntiMalware though.


Here are some tips to reduce the potential for spyware infection in the future:

1. Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.
Make your Internet Explorer more secure
- This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. FireFox. If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus

3. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
4. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

5. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free

6. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read How to Prevent Malware found here and also PC Safety and Security - What Do I Need?.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-29-2012, 07:51 PM   #48
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



Wow im so frustrated right now im close to throwing my girlfriends computer across the room. lets do this numerically

1) tried to run the combofix uninstall froze the computer and had to reboot twice.

2) asuming combofix unstall had worked and i just couldnt see the results i ran the otl cleanup .. computer froze and refused to shut down even with multiple CVont/Alt/Del finally had to just hold the power button down

3) on reboot combo fix and otl were gone as well as a few other notes and stiff on the desktop but to computer kept showing a hourglass and nothing would open adaware took close to ten minutes to finally start

4) on the few reboots from the frozen screen each time ad aware loads ten minutes later and real time protection in not enabled plus i get a opoup saying windows firewall and lavasoft firewall are not enabled

5) tried to log onto the internet to report these problems and it took 3 tires for the computer to recognise the usb modem

6) took internet explorer 7minutes and 45 seconds (yes i was watching the clock at this point noteing everything) just to open

7) tried 6 times to log onto the forums but not only was my "remember me" no unselected but evertime time it said "thank you for logging in click here if not redirected" it redirected me back to the password page and wouldnt show me as logged on.

so there it is..... THAT is how my computer is running... ugh
__________________
JamesAdamik is offline  
Old 11-29-2012, 07:53 PM   #49
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



oh yeah and the black windows system 32 comand prompt box is still flashing on the screen and its still telling me it can not find that sqi file and internet explorer is still asking me if i want to make it my main browser
__________________
JamesAdamik is offline  
Old 11-29-2012, 08:15 PM   #50
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Ok....run DDS again and post both the DDS.txt and Attach.txt to your next reply.
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-29-2012, 10:31 PM   #51
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



here you go
Attached Files
File Type: txt attach.txt (17.8 KB, 32 views)
File Type: txt dds.txt (16.2 KB, 37 views)
__________________
JamesAdamik is offline  
Old 11-30-2012, 05:27 AM   #52
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Hi,

I don't think that this is malware related the problems you are having....

You have a lot of errors though...

Boot to Safe Mode
Open the Command Prompt like we did before
Type chkdsk /r
Accept any prompts
Reboot your system

Let me know if that improved anything.
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-30-2012, 11:53 PM   #53
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



ran check disk and rebooted....
command prompt screan screen still falshes, that QUI file still says "cannot be found". took 5 min for computer to recognise virgin mobile modem, internet explorer still askes for permission to make main browser. in other words no improvement :*(
__________________
JamesAdamik is offline  
Old 12-01-2012, 07:34 AM   #54
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Boot to Safe Mode
Open the Command Prompt like we did before
Type chkdsk /f
Accept any prompts
Reboot your system

Let me know if that improved anything.
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 12-01-2012, 02:37 PM   #55
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



ok so chkdsk f seemed to work a bit better. noticed while it was running that it corrected some errors. net seems better lagging seems gone. still have the systems32/cmd.exe window popping up on startup,and still having the runn dll error about that squi file. but otherwise it seems to be running fine. oh at first when i tried to open my virgin mobile internet it gave me an error and closed but the second time it opened instantly and logged on instantly so it seems fine now. so yeah except for the comand prompt windows flashing at startup and that persistant error message we seem good :)
__________________
JamesAdamik is offline  
Old 12-01-2012, 03:13 PM   #56
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Go to Start >> in Start Search type Msconfig >> when it populates above right click on it and Run as Admin >> Go to the Startup tab and look for system32/cmd.exe >> if selected, uncheck it >> reboot your system and let me know if that fixed it.
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 12-03-2012, 01:52 PM   #57
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



Hey Jeff,
Sorry about the late reply. I was waiting for an email notification that you responded to my reply only to notice that the reply i sent from my cell phone aparently never posted :(

Anyway, so i openeded msconfig and was not able to locate the system32/cmd.exe , however while i was looking through the list of files i noticed the run dll squi error message file but i didnt delete it because you did not tell me too.
__________________
JamesAdamik is offline  
Old 12-03-2012, 01:54 PM   #58
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Could you take a screenshot of that and let me see what it is you are seeing?
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 12-03-2012, 04:46 PM   #59
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



ok one shot is of what i see when my computer starts... the other is what i see looking at msconfig
Attached Thumbnails
Click image for larger version

Name:	starup screen capture.jpg
Views:	24
Size:	119.8 KB
ID:	119448   Click image for larger version

Name:	msconfig screen cap.jpg
Views:	24
Size:	89.6 KB
ID:	119449  
__________________
JamesAdamik is offline  
Old 12-03-2012, 04:54 PM   #60
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Ok yes...uncheck that and then select apply. Reboot your system.

__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Toshiba Blue Screens and Freezes
Hello, I've been getting BSODs and constant freezes for a while now. They started happening right after my laptop was forcibly turned off by a dead battery. · OS - Windows 7 · 64-bit · Windows 7 · OEM version (came pre-installed on system) · Age of system (hardware) 2 years (2010) · Age of...
Orbacedo BSOD, App Crashes And Hangs 4 11-14-2012 07:06 PM
[SOLVED] VIRUS????
Hello, Could someone PLEASE help me? I'm getting a lot of page 404 error, "Welcome to nginx!" when trying to load a page from my bookmark or even a simple search result from Google. Thank you very much for your time!!!!!! ***************************** . DDS (Ver_2011-08-26.01) -...
bcdinh Resolved HJT Threads 48 03-19-2012 07:33 PM
BSOD issues -_- (maybe ram related)
Ok so i've been getting BSOD errors for the past year, some due to unstable CPU which i fixed pretty much right away. But i've had issues with my ram and it's timings as I'm using a lanparty t3eh9 i5 mobo. Specs are as follows: CPU- i5 760 @ 4ghz 1.27v RAM - Ripjaws 2x4gb @ 1600mhz 1.66v...
Mauler1987 BSOD, App Crashes And Hangs 31 12-29-2011 01:29 AM
Browser problem (firefox, Chrome, IE)
Hi All, it's my first post here and I'm hoping that someone can help. For some reason if I type 'firefox d' into google, wanting to type 'firefox download' my browser will crash. Firefox crashes and wants to submit a report. Chrome comes up with an "aw snap" error, IE locks up and eventually...
radio1979 Windows XP Support 15 10-29-2011 02:10 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:13 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts