Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Browser Redirect Problem

This is a discussion on Browser Redirect Problem within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I have fallen prey to a browser hijack i am unable to get rid off. I have tried Ad-aware, Spybot,


 
 
Thread Tools Search this Thread
Old 11-25-2012, 04:55 PM   #1
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



I have fallen prey to a browser hijack i am unable to get rid off. I have tried Ad-aware, Spybot, Norton, CWShreader, and Hijack This. My Hijack this file will not generate a saved file so i can not post it for you to see. CW Shreader found no trace on my computer. Norton and Ad Aware and Spybot find various amounts of malware (Ad Aware 72 files, Norton 3, Spybot 12) that fluctuate a bit every time i run the scan. I have run them in safe mode as well to attempt to get these items. it always catches them and says it deletes them but any time i check my recycle bin, my bin says its empty :(

i ran the DDS.SCR file as your forum advises and it only generated an attach.txt file. no dds.txt or ark.txt files can be found anywhere on my computer.i have zipped and attached the attach.txt .

So my problem is a basic browser hijack. i go to google and type a search word, i get a list of results, but if i click on any of those results i am redirected to different sites... lots of them..this is a few answersdev.nixxie.com
beesq.net
fiujiyama search
search button.net
budget match
conversion metattracking

it seems to go on and on rarely repeating itself. it does seem to link a search to a specific series of rediect though... for example. i typed in "Yurt" in google and got results, every yurt result was redirected to beesq.net, nixxie, and fujiyama...i changed the search word to "star wars" got results and now all the resuts are redirecting to budget, and meta search button.. so its linking my keywords to certain series of searches it seems.

also i notice a series of number apear right before the redirect like an ip address.... these numbers do not seem to be the same each time but they flash prat quick so i could be wrong.

this is actually my girlfriends computer and she is borrowing it from her mom, plus her brother used to use it allot, so there are all kinds of search files and favorates that we know nothing about. so i cant identify which ones shouldnt be there or not. please, any help would be great
Attached Files
File Type: zip attach.zip (2.3 KB, 9 views)

__________________
JamesAdamik is offline  
Old 11-25-2012, 05:19 PM   #2
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.
---------

Could you try to run DDS in Safe Mode and post the log if it is created.
----------

Please download TDSSKiller
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------

__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-25-2012, 05:31 PM   #3
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



ok wile im waiting fr you to reply im going to runn dss in safemode, but in the meantime i downloaded tdsskiller and i is asking me what program i want to use to open it... which one do i use?
__________________
JamesAdamik is offline  
Old 11-25-2012, 05:38 PM   #4
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Just see if you can get DDS to run in Safe Mode first.
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-25-2012, 06:05 PM   #5
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



hey jeff every time i go to make a full reply the forums are saying im not logged in, im going to post the dds.txt file in thi quick reply box instead

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 9.0.8112.16455
Run by Barb at 17:42:19 on 2012-11-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2559 [GMT -8:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=D660C221EBFDE86FEE60B750AF5C365F
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\4.4.0.12\ipsbho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\barb\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1BR481CF05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Temp] rundll32.exe "c:\users\barb\appdata\local\virtualstore\temp\sqixnei.dll",DllRegisterServerW
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [SearchProtection] c:\programdata\search protection\_run.bat
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 68.28.34.132 68.28.37.132
TCP: Interfaces\{0954FD61-F33A-4050-AC8C-C5F6D832B6BA} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{56897B15-F715-4E2D-9650-6C25A7E20719} : DHCPNameServer = 157.246.2.210 157.246.2.211
TCP: Interfaces\{A4589D72-F320-4EDC-830E-9BC92A7F6300} : DHCPNameServer = 68.28.34.132 68.28.37.132
TCP: Interfaces\{E5845700-4AD2-4B77-A676-56EA3207B93A} : NameServer = 66.1.1.7 68.29.1.7
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R?2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-11-23 13560]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-11-21 1236368]
R3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\drivers\DIFMBUS.sys [2012-11-1 82632]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20121123.001\IDSvix86.sys [2012-11-23 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys [2011-10-31 340088]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-19 1153368]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2012-2-24 362496]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2012-2-24 49024]
S3 DIFMCDF;Franklin EVDO USB Modem Installation CD;c:\windows\system32\drivers\DIFMCDF.sys [2012-11-1 29640]
S3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\drivers\DIFMCVsp.sys [2012-11-1 168520]
S3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\drivers\DIFMMdm.sys [2012-11-1 168520]
S3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\drivers\DIFMNET.sys [2012-11-1 105032]
S3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\drivers\DIFMNVsp.sys [2012-11-1 168520]
S3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\drivers\DIFMVsp.sys [2012-11-1 168520]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-11-2 106656]
S3 iComp;HP Analog TV Tuner;c:\windows\system32\drivers\p2usbwdm.sys [2006-3-9 1544704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-24 21:39:38 388096 ----a-r- c:\users\barb\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-11-24 21:39:33 -------- d-----w- c:\program files\Trend Micro
2012-11-23 11:39:10 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2012-11-23 11:38:26 -------- d-----w- c:\users\barb\appdata\roaming\LavasoftStatistics
2012-11-23 11:25:52 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-11-23 11:23:44 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-11-23 11:23:44 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-11-23 11:22:51 -------- d-----w- c:\programdata\Search Protection
2012-11-23 11:22:50 -------- d-----w- c:\programdata\blekko toolbars
2012-11-23 11:22:48 -------- d-----w- c:\users\barb\appdata\local\adawarebp
2012-11-23 11:22:26 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-11-23 11:21:49 -------- d-----w- c:\program files\Toolbar Cleaner
2012-11-23 11:21:27 -------- d-----w- c:\program files\adawaretb
2012-11-23 11:20:06 -------- d-----w- c:\users\barb\appdata\roaming\Ad-Aware Antivirus
2012-11-16 08:04:34 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 08:02:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 15:23:28 -------- d-----w- c:\program files\CDisplay
2012-11-03 07:08:38 623616 ----a-w- c:\windows\system32\localspl.dll
2012-11-03 0753 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-11-03 07:05:54 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-03 07:05:49 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-11-03 07:05:49 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-11-03 07:05:49 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-11-03 07:05:48 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-11-03 07:05:48 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-11-03 07:05:47 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-11-03 07:04:09 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-11-03 07:04:09 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-03 07:04:09 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-03 07:03:35 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-03 07:03:14 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-11-03 07:01:11 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-11-03 07:01:10 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-11-03 07:01:10 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-11-03 07:01:10 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-11-03 07:01:09 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-11-03 07:01:01 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-03 06:59:57 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-11-03 06:59:56 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-11-03 06:51:32 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-11-03 06:41:19 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-11-03 06:41:19 278528 ----a-w- c:\windows\system32\schannel.dll
2012-11-03 06:41:19 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-03 06:41:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-03 06:41:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-02 21:46:29 153088 ----a-w- c:\windows\system32\xvid.ax
2012-11-02 21:46:28 645632 ----a-w- c:\windows\system32\xvidcore.dll
2012-11-02 21:46:28 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2012-11-02 21:46:25 -------- d-----w- c:\program files\Xvid
2012-11-02 19:46:53 -------- d-----w- c:\program files\BitTorrent
2012-11-02 19:44:56 -------- d-----w- c:\users\barb\appdata\roaming\BitTorrent
2012-11-02 18:47:01 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-11-02 18:46:21 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-11-02 18:46:02 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-02 18:46:01 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-11-01 23:22:28 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-11-01 23:22:27 21064 ----a-w- c:\windows\system32\DIFMCIT.DLL
2012-11-01 23:22:26 29640 ----a-w- c:\windows\system32\drivers\DIFMCDF.sys
2012-11-01 23:22:26 168520 ----a-w- c:\windows\system32\drivers\DIFMVsp.sys
2012-11-01 23:22:26 168520 ----a-w- c:\windows\system32\drivers\DIFMNVsp.sys
2012-11-01 23:22:26 168520 ----a-w- c:\windows\system32\drivers\DIFMCVsp.sys
2012-11-01 23:22:26 105032 ----a-w- c:\windows\system32\drivers\DIFMNET.sys
2012-11-01 23:22:25 82632 ----a-w- c:\windows\system32\drivers\DIFMBUS.sys
2012-11-01 23:22:25 168520 ----a-w- c:\windows\system32\drivers\DIFMMdm.sys
2012-11-01 23:22:25 -------- d-----w- c:\program files\Franklin
2012-11-01 23:20:47 2131104 ----a-w- c:\windows\system32\drivers\macxvi350.bin
2012-11-01 23:20:42 -------- d-----w- c:\program files\VirginMobile
.
==================== Find3M ====================
.
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-09 04:55:43 61892 ----a-w- c:\program files\Uninstall.exe
.
============= FINISH: 17:43:18.11 ===============
__________________
JamesAdamik is offline  
Old 11-25-2012, 07:08 PM   #6
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Good job!!

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-25-2012, 10:09 PM   #7
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



ok my computer is running REALLY bad now! it took me all this time just to try and run that program and get my computer to recognise my virgin mobile usb internet :(

so i downloaded and ran the program in normal windows mode (you didnt say safe mode) it ran fine till it got to "completed stage 48" then it poped up a dialog window that said "PEV not Working". then the dialog box closed and it continued running to 50. said it was deleting some files and a folder then restarted the computer. On restart the blue window opened again said "generating log do not open any other program till completed" or soemthing like that so i did nothing. mind you at this point the mouse was laggin across the screen and everything was taking forever to open. i waited about 20 min then a dialog box saying "RUN DLL C:\users\barb\appdata\local\virtualstore\temp\sqixnei.dll module not found" i closed that diualog box and waited a good 45 min not wanting to touch anything then i noticed the command prompt wasnt flashing anymore. mouse wouldnt respond... nothing would open... i finally Cont,Alt,Del to bring up task window... no such luck... computer restarted. again computer running really bad.... dialog box opened again with the run dll message same as before and closed. i searched for combofix.txt found it copied it and have added it below but i have no idea if this is complete or not. oh... when i tried to open my internet connection it took 3 try's and about 15 min of waiting between each try before it would connect. normally it takes anout 30 seconds. anyway... here is the log as it apears in the only file i can find on the computer labeled combofix.txt

ComboFix 12-11-25.01 - Barb 11/25/2012 20:02:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1917 [GMT -8:00]
Running from: C:\Users\Barb\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\install.exe
C:\Program Files\Search Toolbar
C:\Program Files\Uninstall.exe
C:\Users\Barb\AppData\Local\VirtualStore\Temp\sqixnei.dll
C:\Users\Barb\AppData\Roaming\adaware-installer-reboot-required.tmp
C:\Users\Barb\AppData\Roaming\Microsoft\~DFK1793559.tmp
C:\Users\Barb\AppData\Roaming\Microsoft\1eaadjc.dll
C:\Users\Barb\AppData\Roaming\Microsoft\bass.dll
C:\Users\Barb\AppData\Roaming\Microsoft\kfgresk.dll
C:\Users\Barb\AppData\Roaming\Microsoft\mjcriu.dll
C:\Users\Barb\AppData\Roaming\Microsoft\peaadje.dll
C:\Users\Barb\AppData\Roaming\Microsoft\qwadjb.dll
C:\Users\Barb\AppData\Roaming\Microsoft\rsaadjd.dll
C:\Users\Barb\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.ComfyCakesSave-ms.pif
C:\Windows\system32\KBL.LOG

((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))

2012-11-26 03:47:22 . 2012-11-26 03:47:24 -------- d-----w- C:\Windows\system32\drivers\VDD
2012-11-24 21:39:38 . 2012-11-24 21:39:38 388096 ----a-r- C:\Users\Barb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-24 21:39:33 . 2012-11-24 21:39:33 -------- d-----w- C:\Program Files\Trend Micro
2012-11-23 11:39:10 . 2012-11-23 11:44:14 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2012-11-23 11:38:26 . 2012-11-23 11:38:26 -------- d-----w- C:\Users\Barb\AppData\Roaming\LavasoftStatistics
2012-11-23 11:25:56 . 2012-11-23 11:25:56 -------- d-----w- C:\ProgramData\Lavasoft
2012-11-23 11:25:52 . 2012-11-26 03:47:25 -------- d-----w- C:\Program Files\Ad-Aware Antivirus
2012-11-23 11:23:44 . 2012-11-23 11:23:43 13560 ----a-w- C:\Windows\system32\drivers\gfibto.sys
2012-11-23 11:22:51 . 2012-11-23 11:22:51 -------- d-----w- C:\ProgramData\Search Protection
2012-11-23 11:22:50 . 2012-11-23 11:22:50 -------- d-----w- C:\ProgramData\blekko toolbars
2012-11-23 11:22:48 . 2012-11-23 11:22:58 -------- d-----w- C:\Users\Barb\AppData\Local\adawarebp
2012-11-23 11:22:26 . 2012-11-23 11:22:48 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-11-23 11:21:49 . 2012-11-23 11:21:50 -------- d-----w- C:\Program Files\Toolbar Cleaner
2012-11-23 11:21:27 . 2012-11-23 11:22:48 -------- d-----w- C:\Program Files\adawaretb
2012-11-23 11:20:06 . 2012-11-26 03:49:00 -------- d-----w- C:\Users\Barb\AppData\Roaming\Ad-Aware Antivirus
2012-11-14 15:23:28 . 2012-11-14 15:23:29 -------- d-----w- C:\Program Files\CDisplay
2012-11-03 07:08:38 . 2012-05-11 15:57:00 623616 ----a-w- C:\Windows\system32\localspl.dll
2012-11-03 0753 . 2012-03-20 23:28:50 53120 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2012-11-03 07:05:54 . 2012-03-30 12:39:11 905600 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-11-03 07:05:49 . 2012-02-01 15:11:24 1218048 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-11-03 07:05:49 . 2012-02-01 15:10:46 964608 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-11-03 07:05:49 . 2012-02-01 15:10:43 1404928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-11-03 07:05:48 . 2012-02-01 15:10:46 983040 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-11-03 07:05:48 . 2012-02-01 15:10:46 936960 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-11-03 07:05:47 . 2012-02-01 13:58:59 47104 ----a-w- C:\Program Files\Windows Journal\PDIALOG.exe
2012-11-03 07:04:09 . 2012-06-02 00:02:32 985088 ----a-w- C:\Windows\system32\crypt32.dll
2012-11-03 07:04:09 . 2012-06-02 00:02:32 98304 ----a-w- C:\Windows\system32\cryptnet.dll
2012-11-03 07:04:09 . 2012-06-02 00:02:32 133120 ----a-w- C:\Windows\system32\cryptsvc.dll
2012-11-03 07:03:14 . 2012-06-05 16:47:10 708608 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-11-03 07:01:11 . 2012-02-29 13:41:40 1069056 ----a-w- C:\Windows\system32\DWrite.dll
2012-11-03 07:01:10 . 2012-03-01 14:46:01 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
2012-11-03 07:01:10 . 2012-02-29 14:08:47 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
2012-11-03 07:01:10 . 2012-02-29 13:44:50 683008 ----a-w- C:\Windows\system32\d2d1.dll
2012-11-03 07:01:09 . 2012-03-01 14:46:01 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
2012-11-03 06:59:57 . 2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\system32\msxml6.dll
2012-11-03 06:59:56 . 2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\system32\msxml3.dll
2012-11-03 06:51:32 . 2012-05-01 14:03:49 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-11-03 06:41:19 . 2012-06-04 15:26:04 440704 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2012-11-03 06:41:19 . 2012-06-02 00:03:42 204288 ----a-w- C:\Windows\system32\ncrypt.dll
2012-11-02 21:46:25 . 2012-11-02 21:47:01 -------- d-----w- C:\Program Files\Xvid
2012-11-02 19:46:53 . 2012-11-02 19:46:53 -------- d-----w- C:\Program Files\BitTorrent
2012-11-02 19:44:56 . 2012-11-24 06:38:16 -------- d-----w- C:\Users\Barb\AppData\Roaming\BitTorrent
2012-11-01 23:22:28 . 2011-07-19 10:16:38 319456 ----a-w- C:\Windows\system32\DIFxAPI.dll
2012-11-01 23:22:27 . 2011-07-19 10:22:16 21064 ----a-w- C:\Windows\system32\DIFMCIT.DLL
2012-11-01 23:22:26 . 2011-07-19 10:21:54 168520 ----a-w- C:\Windows\system32\drivers\DIFMVsp.sys
2012-11-01 23:22:26 . 2011-07-19 10:21:52 168520 ----a-w- C:\Windows\system32\drivers\DIFMNVsp.sys
2012-11-01 23:22:26 . 2011-07-19 10:21:52 105032 ----a-w- C:\Windows\system32\drivers\DIFMNET.sys
2012-11-01 23:22:26 . 2011-07-19 10:21:50 29640 ----a-w- C:\Windows\system32\drivers\DIFMCDF.sys
2012-11-01 23:22:26 . 2011-07-19 10:21:50 168520 ----a-w- C:\Windows\system32\drivers\DIFMCVsp.sys
2012-11-01 23:22:25 . 2012-11-01 23:22:25 -------- d-----w- C:\Program Files\Franklin
2012-11-01 23:22:25 . 2011-07-19 10:21:52 168520 ----a-w- C:\Windows\system32\drivers\DIFMMdm.sys
2012-11-01 23:22:25 . 2011-07-19 10:21:50 82632 ----a-w- C:\Windows\system32\drivers\DIFMBUS.sys
2012-11-01 23:20:47 . 2012-02-24 16:49:18 2131104 ----a-w- C:\Windows\system32\drivers\macxvi350.bin
2012-11-01 23:20:42 . 2012-11-01 23:20:42 -------- d-----w- C:\Program Files\VirginMobile
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-10-12 14:29:30 . 2012-11-16 08:02:40 2047488 ----a-w- C:\Windows\system32\win32k.sys
2012-10-08 07:48:03 . 2012-11-17 11:03:23 1129472 ----a-w- C:\Windows\system32\wininet.dll
2012-10-08 07:43:21 . 2012-11-17 11:03:28 420864 ----a-w- C:\Windows\system32\vbscript.dll
2012-09-25 16:19:41 . 2012-11-16 08:04:34 75776 ----a-w- C:\Windows\system32\synceng.dll
2012-09-20 13:40:02 . 2012-09-20 13:40:02 13192 ----a-w- C:\Windows\system32\drivers\VDD\apvdd.dll
2012-09-20 13:39:58 . 2012-09-20 13:39:58 44424 ----a-w- C:\Windows\system32\sbbd.exe
2012-09-13 13:28:08 . 2012-11-03 07:01:01 2048 ----a-w- C:\Windows\system32\tzres.dll
2012-09-13 04:19:38 . 2012-09-13 04:19:38 66344 ----a-w- C:\Windows\system32\drivers\sbapifs.sys
2012-08-29 11:27:41 . 2012-11-03 06:41:11 3602816 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 . 2012-11-03 06:41:10 3550080 ----a-w- C:\Windows\system32\ntoskrnl.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41:54 87448 ----a-w- C:\Program Files\adawaretb\adawareDx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "C:\Program Files\adawaretb\adawareDx.dll" [2012-11-16 21:41:54 87448]
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-09 02:15:06 1804648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-27 00:58:52 39408]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-21 00:37:34 1316136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 22:28:52 421888]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 07:25:58 59240]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-01-17 01:22:12 421736]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 21:13:50 49208]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 09:09:00 542104]
"SearchProtection"="C:\ProgramData\Search Protection\_run.bat" [2012-11-23 11:22:51 172]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 2.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 2.lnk
backup=C:\Windows\pss\Device Detector 2.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51:26 919008 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25:58 59240 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 17:12:12 976320 ----a-w- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25:11 125952 ----a-w- C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX125 NX127 Series]
2009-09-14 08:00:00 200704 ----a-w- C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIGGA.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-29 19:20:08 136176 ----atw- C:\Users\Barb\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 16:03:20 75008 ----a-w- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-03-24 21:13:50 49208 ----a-w- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31:16 80896 ----a-w- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 15:47:52 480560 ----a-w- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 20:36:56 2793304 ----a-w- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-04 09:42:00 13556256 ----a-w- C:\WINDOWS\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-04 09:42:00 92704 ----a-w- C:\WINDOWS\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54:20 554320 ----a-w- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31:34 202032 ----a-w- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27:50 468264 ----a-w- C:\Program Files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28:52 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 07:28:04 1233920 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 2106 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-06-21 00:37:34 1316136 ----a-w- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 22:53:06 311296 ----a-w- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23:32 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25:33 202240 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
S2 Ad-Aware Service;Ad-Aware Service;C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [x]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - SBAPIFS
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
Contents of the 'Scheduled Tasks' folder
2012-11-26 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-27 00:58:35 . 2012-03-27 00:58:24]
2012-11-26 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-27 00:58:35 . 2012-03-27 00:58:24]
2012-11-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1000Core.job
- C:\Users\Barb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 19:20:11 . 2011-10-29 19:20:08]
2012-11-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1000UA.job
- C:\Users\Barb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 19:20:11 . 2011-10-29 19:20:08]
2012-11-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1001Core.job
- C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 08:39:18 . 2012-03-27 04:03:33]
2012-11-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1001UA.job
- C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 08:39:18 . 2012-03-27 04:03:33]
2012-11-26 C:\Windows\Tasks\HP Photo Creations Communicator.job
- C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-02-24 22:15:09 . 2012-02-24 22:15:09]
2012-05-05 C:\Windows\Tasks\HPCeeScheduleForBarb.job
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-10 17:45:50 . 2007-09-28 18:58:42]
2012-04-25 C:\Windows\Tasks\HPCeeScheduleForMike.job
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-10 17:45:50 . 2007-09-28 18:58:42]

------- Supplementary Scan -------
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=D660C221EBFDE86FEE60B750AF5C365F
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.28.34.132 68.28.37.132
TCP: Interfaces\{E5845700-4AD2-4B77-A676-56EA3207B93A}: NameServer = 66.1.1.7 68.29.1.7
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Temp - C:\Users\Barb\AppData\Local\VirtualStore\Temp\sqixnei.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
AddRemove-Uno & Skip-Bo - C:\Program Files\Uninstall.exe
__________________
JamesAdamik is offline  
Old 11-26-2012, 04:44 AM   #8
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Hi,

I notice that you have both Lavasoft and Norton antivirus programs running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either Lavasoft or Norton (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
----------

When you get that done run a new scan with TDSSKiller and post the new log that is made (if one is made).
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-26-2012, 07:57 PM   #9
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



ok so i uninstalled norton and tried to run the TDSSKILLER again but again it asks what program i want to use to open it. im going to try and run it strait from the site instead of downloading it and running it from my comp
__________________
JamesAdamik is offline  
Old 11-26-2012, 07:59 PM   #10
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



nope.. same thing... wants to know what program i would like to use to open tdsskiller.

what next boss? :)
__________________
JamesAdamik is offline  
Old 11-27-2012, 04:23 AM   #11
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Please download aswMBR to your desktop.
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.


Click the image to enlarge it
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-27-2012, 09:12 AM   #12
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



ok downloaded and run... here is the txt file. just for the record, the first time i ran the scan my computer shut down suddenly in mid scan, so i reopened the program and scanned again and it created this log. it also created an mbr.dat file on my desktop....do you want that too?
Attached Files
File Type: txt aswMBR.txt (1.6 KB, 16 views)
__________________
JamesAdamik is offline  
Old 11-27-2012, 10:20 AM   #13
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Quote:
it also created an mbr.dat file on my desktop....do you want that too?
No not yet.
  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-27-2012, 10:58 AM   #14
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



OTL.txt first...

OTL logfile created on: 11/27/2012 10:34:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barb\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 67.65% Memory free
6.08 Gb Paging File | 5.10 Gb Available in Paging File | 83.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.10 Gb Total Space | 26.09 Gb Free Space | 26.07% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.99 Gb Free Space | 17.02% Space Free | Partition Type: NTFS

Computer Name: BARB-LAPTOP | User Name: Barb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Barb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft.)
PRC - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\VirginMobile\Broadband2Go\Broadband2Go.exe ()
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\VirginMobile\Broadband2Go\Broadband2Go.exe ()
MOD - C:\Program Files\VirginMobile\Broadband2Go\libxvi010.dll ()
MOD - C:\Program Files\VirginMobile\Broadband2Go\eap_supplicant.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Ad-Aware Service) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (SBAMSvc) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Barb\AppData\Local\Temp\catchme.sys File not found
DRV - (ATMFVsp) -- system32\DRIVERS\ATMFVsp.sys File not found
DRV - (ATMFNVsp) -- system32\DRIVERS\ATMFNVsp.sys File not found
DRV - (ATMFNET) -- system32\DRIVERS\ATMFNET.sys File not found
DRV - (ATMFMdm) -- system32\DRIVERS\ATMFMdm.sys File not found
DRV - (ATMFFLT) -- system32\DRIVERS\ATMFFLT.sys File not found
DRV - (ATMFCVsp) -- system32\DRIVERS\ATMFCVsp.sys File not found
DRV - (ATMFBUS) -- system32\DRIVERS\ATMFBUS.sys File not found
DRV - (aswMBR) -- C:\Users\Barb\AppData\Local\Temp\aswMBR.sys File not found
DRV - (gfibto) -- C:\WINDOWS\System32\drivers\gfibto.sys (GFI Software)
DRV - (sbapifs) -- C:\WINDOWS\System32\drivers\sbapifs.sys (GFI Software)
DRV - (bcm) -- C:\WINDOWS\System32\drivers\drxvi314.sys (Beceem Communications Inc.)
DRV - (bcmbusctr) -- C:\WINDOWS\System32\drivers\BcmBusCtr.sys (Beceem Communications Inc.)
DRV - (DIFMVsp) -- C:\WINDOWS\System32\drivers\DIFMVsp.sys (DEVGURU Co., LTD.( www.devguru.co.kr))
DRV - (DIFMNVsp) -- C:\WINDOWS\System32\drivers\DIFMNVsp.sys (DEVGURU Co., LTD.( www.devguru.co.kr))
DRV - (DIFMMdm) -- C:\WINDOWS\System32\drivers\DIFMMdm.sys (DEVGURU Co., LTD.( www.devguru.co.kr))
DRV - (DIFMNET) -- C:\WINDOWS\System32\drivers\DIFMNET.sys (DEVGURU Co., LTD.)
DRV - (DIFMCVsp) -- C:\WINDOWS\System32\drivers\DIFMCVsp.sys (DEVGURU Co., LTD.( www.devguru.co.kr))
DRV - (DIFMBUS) -- C:\WINDOWS\System32\drivers\DIFMBUS.sys (DEVGURU Co., LTD.)
DRV - (DIFMCDF) -- C:\WINDOWS\System32\drivers\DIFMCDF.sys (DEVGURU Co., LTD.)
DRV - (LVUVC) -- C:\WINDOWS\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys ()
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (iComp) -- C:\WINDOWS\System32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (DSXUSB) -- C:\WINDOWS\System32\drivers\DSXUSB.sys (OLYMPUS OPTICAL CO.,LTD.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{3925FC94-8FDF-4529-82E1-B1E9CBBB30D1}: "URL" = {searchterms} - Ask.com Search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search
IE - HKLM\..\SearchScopes\{C36CE9A6-1529-404B-B2A2-1F95AEF0F71F}: "URL" = {searchTerms} - Yahoo! Search Results

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Lavasoft
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {7217E6AC-A2C7-40DE-B209-00403739B91B}
IE - HKCU\..\SearchScopes\{3925FC94-8FDF-4529-82E1-B1E9CBBB30D1}: "URL" = {searchterms} - Ask.com Search
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = {searchTerms} - Google Search
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = Inbox Toolbar
IE - HKCU\..\SearchScopes\{C36CE9A6-1529-404B-B2A2-1F95AEF0F71F}: "URL" = {searchTerms} - Yahoo! Search Results
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Barb\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Barb\AppData\Roaming\Move Networks [2011/01/29 00:15:44 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: Lavasoft
CHR - default_search_provider: blekko (Enabled)
CHR - default_search_provider: search_url = Lavasoft
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Barb\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Barb\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Barb\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Barb\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/25 20:36:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat ()
O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Temp] rundll32.exe "C:\Users\Barb\AppData\Local\VirtualStore\Temp\sqixnei.dll",DllRegisterServerW File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.28.34.132 68.28.37.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0954FD61-F33A-4050-AC8C-C5F6D832B6BA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56897B15-F715-4E2D-9650-6C25A7E20719}: DhcpNameServer = 157.246.2.210 157.246.2.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4589D72-F320-4EDC-830E-9BC92A7F6300}: DhcpNameServer = 68.28.34.132 68.28.37.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5845700-4AD2-4B77-A676-56EA3207B93A}: NameServer = 66.1.1.7 68.29.1.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Barb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Barb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/10 10:27:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/27 10:32:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Barb\Desktop\OTL.exe
[2012/11/27 08:42:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Barb\Desktop\aswMBR.exe
[2012/11/25 20:37:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/25 20:30:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/25 19:56:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/25 19:56:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/25 19:56:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/25 19:56:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/25 19:52:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/25 19:51:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/25 19:47:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/11/25 19:44:10 | 005,006,177 | R--- | C] (Swearware) -- C:\Users\Barb\Desktop\ComboFix.exe
[2012/11/24 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/11/24 13:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/11/23 03:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/11/23 03:38:26 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Roaming\LavasoftStatistics
[2012/11/23 03:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/11/23 03:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/11/23 03:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/11/23 03:23:44 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2012/11/23 03:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2012/11/23 03:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/11/23 03:22:48 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Local\adawarebp
[2012/11/23 03:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/11/23 03:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/11/23 03:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/11/23 03:20:06 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Roaming\Ad-Aware Antivirus
[2012/11/17 03:03:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/17 03:03:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/17 03:03:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/17 03:03:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/17 03:03:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/17 03:03:21 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/17 03:03:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/17 03:03:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/16 00:04:34 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/16 00:02:40 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/14 07:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
[2012/11/14 07:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2012/11/02 23:01:11 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/11/02 23:01:10 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/11/02 23:01:10 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/11/02 23:01:10 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/11/02 23:01:09 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/11/02 23:01:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/02 22:41:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/11/02 22:41:11 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/11/02 22:41:10 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/11/02 13:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012/11/02 13:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012/11/02 11:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2012/11/02 11:44:56 | 000,000,000 | ---D | C] -- C:\Users\Barb\AppData\Roaming\BitTorrent
[2012/11/02 10:47:02 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/11/02 10:47:01 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/11/02 10:46:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/11/02 10:46:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/11/02 10:46:20 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/11/02 10:46:02 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/11/02 10:46:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/11/01 15:22:28 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2012/11/01 15:22:27 | 000,021,064 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\DIFMCIT.DLL
[2012/11/01 15:22:26 | 000,168,520 | ---- | C] (DEVGURU Co., LTD.( www.devguru.co.kr)) -- C:\Windows\System32\drivers\DIFMVsp.sys
[2012/11/01 15:22:26 | 000,168,520 | ---- | C] (DEVGURU Co., LTD.( www.devguru.co.kr)) -- C:\Windows\System32\drivers\DIFMNVsp.sys
[2012/11/01 15:22:26 | 000,168,520 | ---- | C] (DEVGURU Co., LTD.( www.devguru.co.kr)) -- C:\Windows\System32\drivers\DIFMCVsp.sys
[2012/11/01 15:22:26 | 000,105,032 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\DIFMNET.sys
[2012/11/01 15:22:26 | 000,029,640 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\DIFMCDF.sys
[2012/11/01 15:22:25 | 000,168,520 | ---- | C] (DEVGURU Co., LTD.( www.devguru.co.kr)) -- C:\Windows\System32\drivers\DIFMMdm.sys
[2012/11/01 15:22:25 | 000,082,632 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\DIFMBUS.sys
[2012/11/01 15:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Franklin
[2012/11/01 15:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirginMobile
[2012/11/01 15:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\VirginMobile

========== Files - Modified Within 30 Days ==========

[2012/11/27 10:32:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barb\Desktop\OTL.exe
[2012/11/27 10:29:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/27 10:03:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/27 10:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1000UA.job
[2012/11/27 09:44:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1001UA.job
[2012/11/27 09:09:32 | 000,617,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/27 09:09:32 | 000,109,022 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/27 09:07:54 | 000,000,512 | ---- | M] () -- C:\Users\Barb\Desktop\MBR.dat
[2012/11/27 09:05:26 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/27 09:03:49 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/27 09:03:47 | 000,083,284 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/11/27 09:03:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 09:03:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 09:03:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/27 09:03:03 | 266,549,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/27 08:43:26 | 000,083,284 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/11/27 08:43:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Barb\Desktop\aswMBR.exe
[2012/11/27 08:40:38 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1001Core.job
[2012/11/26 19:49:07 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149368611-1618043523-3955195772-1000Core.job
[2012/11/25 20:36:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/25 20:25:07 | 000,002,595 | ---- | M] () -- C:\Users\Barb\Desktop\Microsoft Word.lnk
[2012/11/25 19:44:28 | 005,006,177 | R--- | M] (Swearware) -- C:\Users\Barb\Desktop\ComboFix.exe
[2012/11/25 17:45:08 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Broadband2Go.lnk
[2012/11/25 16:26:44 | 000,002,521 | ---- | M] () -- C:\Users\Barb\Desktop\HiJackThis.lnk
[2012/11/25 16:19:47 | 000,002,380 | ---- | M] () -- C:\Users\Barb\Desktop\attach.zip
[2012/11/24 02:25:13 | 000,001,940 | ---- | M] () -- C:\Users\Barb\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/11/24 00:08:08 | 000,015,872 | ---- | M] () -- C:\Users\Barb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/23 03:23:43 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2012/11/17 03:47:18 | 000,312,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/08 23:17:24 | 000,001,999 | ---- | M] () -- C:\Users\Barb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/02 11:46:59 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk

========== Files Created - No Company Name ==========

[2012/11/27 09:07:54 | 000,000,512 | ---- | C] () -- C:\Users\Barb\Desktop\MBR.dat
[2012/11/25 19:56:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/25 19:56:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/25 19:56:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/25 19:56:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/25 19:56:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/25 16:19:47 | 000,002,380 | ---- | C] () -- C:\Users\Barb\Desktop\attach.zip
[2012/11/24 13:39:34 | 000,002,521 | ---- | C] () -- C:\Users\Barb\Desktop\HiJackThis.lnk
[2012/11/23 03:26:09 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/02 13:46:29 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2012/11/02 13:46:28 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/11/02 13:46:28 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/11/02 11:46:59 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/11/01 15:20:47 | 002,131,104 | ---- | C] () -- C:\Windows\System32\drivers\macxvi350.bin
[2012/11/01 15:20:47 | 000,000,144 | ---- | C] () -- C:\Windows\System32\drivers\macxvi.cfg
[2012/11/01 15:20:45 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Broadband2Go.lnk
[2012/04/22 20:12:26 | 011,463,168 | R--- | C] () -- C:\Users\Barb\Broadband2GoSetup.msi
[2012/04/15 12:54:49 | 000,000,043 | ---- | C] () -- C:\Users\Barb\jagex_cl_runescape_LIVE.dat
[2012/04/15 12:54:49 | 000,000,024 | ---- | C] () -- C:\Users\Barb\random.dat
[2012/02/23 23:52:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/23 23:52:27 | 001,929,576 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3050A_J611.dll
[2012/02/02 15:15:38 | 000,003,299 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012/02/01 18:40:24 | 000,000,632 | RHS- | C] () -- C:\Users\Barb\ntuser.pol
[2011/11/20 19:02:35 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/08/22 09:27:55 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/07/20 01:24:07 | 000,000,326 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/18 21:44:00 | 000,001,940 | ---- | C] () -- C:\Users\Barb\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/08 18:55:09 | 000,000,680 | ---- | C] () -- C:\Users\Barb\AppData\Local\d3d9caps.dat
[2010/12/24 20:57:22 | 000,000,000 | ---- | C] () -- C:\Windows\Dssole.INI
[2010/11/14 11:28:06 | 000,000,312 | ---- | C] () -- C:\Users\Barb\AppData\Roaming\wklnhst.dat
[2010/09/25 20:13:53 | 015,983,616 | ---- | C] () -- C:\Users\Barb\Cricket Broadband Setup-v1.0 (build 1950).msi
[2010/03/31 20:40:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/03 10:16:26 | 000,015,872 | ---- | C] () -- C:\Users\Barb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 09:33:15 | 000,083,284 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/31 09:33:13 | 000,083,284 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/30 09:29:07 | 000,027,240 | ---- | C] () -- C:\Users\Barb\AppData\Roaming\nvModes.001
[2009/08/30 08:43:55 | 000,027,240 | ---- | C] () -- C:\Users\Barb\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/08 14:46:41 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\.minecraft
[2012/11/25 19:49:00 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\Ad-Aware Antivirus
[2012/11/23 22:38:16 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\BitTorrent
[2010/09/26 07:41:42 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\Cricket
[2010/09/28 07:13:14 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\Epson
[2010/12/24 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\InterTrust
[2010/09/27 19:31:42 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\Leadertech
[2011/09/08 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\Skip-Bo
[2010/12/29 07:20:02 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\Template
[2012/03/23 19:29:02 | 000,000,000 | ---D | M] -- C:\Users\Barb\AppData\Roaming\Visan

========== Purity Check ==========


< End of report >
__________________
JamesAdamik is offline  
Old 11-27-2012, 10:59 AM   #15
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



and Extras.txt.....

OTL Extras logfile created on: 11/27/2012 10:34:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barb\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 67.65% Memory free
6.08 Gb Paging File | 5.10 Gb Available in Paging File | 83.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.10 Gb Total Space | 26.09 Gb Free Space | 26.07% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.99 Gb Free Space | 17.02% Space Free | Partition Type: NTFS

Computer Name: BARB-LAPTOP | User Name: Barb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0195260B-261E-47B2-AAA1-B7F57AABAD13}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16EAB66E-95AC-4F99-BDAC-A81B4810A6D7}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A0176DE-92B6-46EF-A272-8E1BACFF629D}" = lport=137 | protocol=17 | dir=in | app=system |
"{20A92BFF-E97B-4E96-857A-7E50A0C2893E}" = lport=139 | protocol=6 | dir=in | app=system |
"{39162856-A987-4C66-9EC8-CA1323E20ADB}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A788225-8FDF-4537-ABBE-8D4CC4E92A97}" = rport=138 | protocol=17 | dir=out | app=system |
"{743F1C29-CE21-4B0C-A9AF-62B4F4FE699F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7625F118-E816-4D8C-BF62-D5B8FD7C0471}" = rport=139 | protocol=6 | dir=out | app=system |
"{82CE8035-B15E-49B9-9640-BE15B9B2356B}" = rport=137 | protocol=17 | dir=out | app=system |
"{C68CF329-FDFF-4947-B1D2-0FDB4D29BA2C}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0429329E-0464-4D91-A359-809821A0E16F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{05D3FAA0-F2DC-432F-AA2B-6F565814D674}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0A852CAB-9C74-437D-9CF6-53690275875E}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{196671AB-219A-4A7D-8FCC-8A12A94B03AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4FCFA440-F699-4B56-8729-44702917A230}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6CABE043-26E4-44B0-AC41-7C0464E06D97}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{77403D5F-6275-4BF9-850C-91F062BD4BCB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7B19512D-22D9-4091-B5EC-272A7A76728E}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{7E605224-9C64-47B0-91B8-6C28A321AB47}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{821BADB0-455E-4764-B791-F1697DBB0365}" = protocol=17 | dir=in | app=c:\users\mike\appdata\local\akamai\netsession_win.exe |
"{871D6F90-78C4-47AA-99A3-34DA466941B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{88C9AA56-FACD-4533-A58C-2A09A7F464BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9FF2B94A-090D-4047-B003-A8069945EE3E}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{B576D741-6854-4188-9EEF-727EC31E27C1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BC32BC8A-2215-493A-8CD5-07011D53C21C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2225A28-D372-4849-9161-F99CCE210C59}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{DDEAB787-1165-4D4D-B954-2CFC8F3C014A}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{E2E9DB56-9AE1-4386-BB4C-2AF251C70F7D}" = protocol=6 | dir=in | app=c:\users\mike\appdata\local\akamai\netsession_win.exe |
"{EBD79006-D140-4DD3-8BA5-44078780CFEE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F4B9FC23-9637-463C-8BCF-CB67AB600783}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F55BC89E-745A-4208-88C6-B6558614481F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F8D72FCE-3373-418D-A9BA-E8177ECD6C1D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCE21A2C-A02C-4786-A723-919B1FD4DB2F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6FB3A94A-CAA8-4A7B-8E1D-CBB34A5E5FB8}" = KODAK Share Button App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player 2002
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE47EB5B-1789-4480-AD6D-7753473E9DDE}" = HP Deskjet 3050A J611 series Basic Device Software
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE7B959B-BEB0-456C-BB55-60F5EAD8E9B0}" = Cricket Broadband 1.0
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{e05859e4-7455-4d01-a9dc-1da760a5d903}" = Ad-Aware Antivirus
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E43D6020-C645-4DE1-A203-6F7A46D032B8}" = Broadband2Go
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9652A2B-6547-4CA7-A06B-1365FE264B7D}" = HP Deskjet 3050A J611 series Product Improvement Study
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F88A8A28-6FC5-490d-9E5C-F9850C08320B}" = Franklin EVDO USB Modem
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"7d36ef944c575875947eb52dbaae52e2" = Aloha Solitaire
"7-Zip" = 7-Zip 9.22beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"adawaretb" = Ad-Aware Security Add-on
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Akamai" = Akamai NetSession Interface
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BitTorrent" = BitTorrent
"Bodog Poker_is1" = Bodog Poker
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON NX125 NX127 Series" = EPSON NX125 NX127 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uno & Skip-Bo" = Uno & Skip-Bo(remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = My HP Games
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"MP3MyMP3 3.0" = MP3MyMP3 3.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/25/2012 5:58:20 PM | Computer Name = Barb-laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/25/2012 7:39:28 PM | Computer Name = Barb-laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/25/2012 8:26:29 PM | Computer Name = Barb-laptop | Source = Application Hang | ID = 1002
Description = The program HiJackThis.exe version 2.0.0.4 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 15a0 Start Time: 01cdcb6c9398f7af Termination Time: 7

Error - 11/25/2012 9:38:24 PM | Computer Name = Barb-laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/25/2012 9:40:53 PM | Computer Name = Barb-laptop | Source = EventSystem | ID = 4609
Description =

Error - 11/25/2012 9:41:45 PM | Computer Name = Barb-laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/25/2012 9:46:59 PM | Computer Name = Barb-laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/26/2012 12:21:21 AM | Computer Name = Barb-laptop | Source = Application Error | ID = 1000
Description = Faulting application PEV.exe, version 0.0.0.0, time stamp 0x4e06cfe8,
faulting module PEV.exe, version 0.0.0.0, time stamp 0x4e06cfe8, exception code
0x40000015, fault offset 0x0008d1c0, process id 0x123c, application start time 0x01cdcb8d7bccd9da.

Error - 11/26/2012 12:33:25 AM | Computer Name = Barb-laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/26/2012 1:34:39 AM | Computer Name = Barb-laptop | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 10/27/2010 1:01:43 PM | Computer Name = Barb-laptop | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/28/2010 6:01:30 AM | Computer Name = Barb-laptop | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/5/2011 1:34:15 AM | Computer Name = Barb-laptop | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/29/2011 1:54:26 AM | Computer Name = Barb-laptop | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 11/26/2012 1:34:41 AM | Computer Name = Barb-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/26/2012 1:34:46 AM | Computer Name = Barb-laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 11/26/2012 1:46:02 AM | Computer Name = Barb-laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 11/26/2012 11:50:28 PM | Computer Name = Barb-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/26/2012 11:50:31 PM | Computer Name = Barb-laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 11/27/2012 1:03:14 PM | Computer Name = Barb-laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:01:25 AM on 11/27/2012 was unexpected.

Error - 11/27/2012 1:03:35 PM | Computer Name = Barb-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2012 1:05:02 PM | Computer Name = Barb-laptop | Source = Service Control Manager | ID = 7022
Description =

Error - 11/27/2012 1:05:02 PM | Computer Name = Barb-laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 11/27/2012 1:05:02 PM | Computer Name = Barb-laptop | Source = Service Control Manager | ID = 7026
Description =


< End of report >
__________________
JamesAdamik is offline  
Old 11-27-2012, 11:11 AM   #16
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\ProgramData\Search Protection\_run.bat

Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-27-2012, 11:20 AM   #17
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



https://www.virustotal.com/file/d818...is/1354043967/
__________________
JamesAdamik is offline  
Old 11-27-2012, 02:00 PM   #18
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    Quote:

    :Services

    :OTL
    IE - HKLM\..\SearchScopes\{3925FC94-8FDF-4529-82E1-B1E9CBBB30D1}: "URL" = {searchterms} - Ask.com Search
    IE - HKCU\..\SearchScopes\{3925FC94-8FDF-4529-82E1-B1E9CBBB30D1}: "URL" = {searchterms} - Ask.com Search
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = {searchTerms | blekko}
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    [2012/11/23 03:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
    [2012/11/24 02:25:13 | 000,001,940 | ---- | M] () -- C:\Users\Barb\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2012/11/24 00:08:08 | 000,015,872 | ---- | M] () -- C:\Users\Barb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 11-27-2012, 02:39 PM   #19
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



ok i have tried to run that code twice.... each time otl run for a second then says not responding with an hourglass for a cursor and does nothing. plus all my desktop icons disapear.
__________________
JamesAdamik is offline  
Old 11-27-2012, 02:50 PM   #20
Registered Member
 
Join Date: Nov 2012
Posts: 35
OS: Vista



in the meantime here is the ADW Cleaner file....

# AdwCleaner v2.009 - Logfile created 11/27/2012 at 14:49:31
# Updated 24/11/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Barb - BARB-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Barb\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Viewpoint
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.54] : keyword = "blekko",
File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2096 octets] - [27/11/2012 14:49:31]
########## EOF - C:\AdwCleaner[R1].txt - [2156 octets] ##########

__________________
JamesAdamik is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Toshiba Blue Screens and Freezes
Hello, I've been getting BSODs and constant freezes for a while now. They started happening right after my laptop was forcibly turned off by a dead battery. · OS - Windows 7 · 64-bit · Windows 7 · OEM version (came pre-installed on system) · Age of system (hardware) 2 years (2010) · Age of...
Orbacedo BSOD, App Crashes And Hangs 4 11-14-2012 06:06 PM
[SOLVED] VIRUS????
Hello, Could someone PLEASE help me? I'm getting a lot of page 404 error, "Welcome to nginx!" when trying to load a page from my bookmark or even a simple search result from Google. Thank you very much for your time!!!!!! ***************************** . DDS (Ver_2011-08-26.01) -...
bcdinh Resolved HJT Threads 48 03-19-2012 06:33 PM
BSOD issues -_- (maybe ram related)
Ok so i've been getting BSOD errors for the past year, some due to unstable CPU which i fixed pretty much right away. But i've had issues with my ram and it's timings as I'm using a lanparty t3eh9 i5 mobo. Specs are as follows: CPU- i5 760 @ 4ghz 1.27v RAM - Ripjaws 2x4gb @ 1600mhz 1.66v...
Mauler1987 BSOD, App Crashes And Hangs 31 12-29-2011 12:29 AM
Browser problem (firefox, Chrome, IE)
Hi All, it's my first post here and I'm hoping that someone can help. For some reason if I type 'firefox d' into google, wanting to type 'firefox download' my browser will crash. Firefox crashes and wants to submit a report. Chrome comes up with an "aw snap" error, IE locks up and eventually...
radio1979 Windows XP Support 15 10-29-2011 01:10 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 03:22 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts