the b flix virus

This is a discussion on the b flix virus within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Whenever I try to use Yahoo! with Chrome, I get redirected to a site about thebflix.info. I do not have


 
 
Thread Tools Search this Thread
Old 06-11-2013, 03:03 PM   #1
Registered Member
 
Join Date: Oct 2012
Posts: 5
OS: Windows 7



Whenever I try to use Yahoo! with Chrome, I get redirected to a site about thebflix.info. I do not have this problem when I use Safari. Malwarebyte didn't find the virus and neither did Zone Alarm.

Thanks
Matt

GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-11 16:49:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596.17GB
Running: gmer.exe; Driver: C:\Users\dresbamr\AppData\Local\Temp\fwtoipow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Users\dresbamr\AppData\Roaming\Google\Google Talk\googletalk.exe[4468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Users\dresbamr\AppData\Roaming\Google\Google Talk\googletalk.exe[4468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Users\dresbamr\AppData\Roaming\SearchProtect\bin\cltmng.exe[4516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Users\dresbamr\AppData\Roaming\SearchProtect\bin\cltmng.exe[4516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Users\dresbamr\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Users\dresbamr\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}\Connection@Name isatap.{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}?\Device\{FAF16281-B077-4498-9F0D-AD1E466BB9B2}?\Device\{E02C720B-7FDC-440E-84C6-8A3A750C2BD1}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{4F899CEE-D810-40A0-BFF3-2626EC39F72F}"?"{FAF16281-B077-4498-9F0D-AD1E466BB9B2}"?"{E02C720B-7FDC-440E-84C6-8A3A750C2BD1}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{4F899CEE-D810-40A0-BFF3-2626EC39F72F}?\Device\TCPIP6TUNNEL_{FAF16281-B077-4498-9F0D-AD1E466BB9B2}?\Device\TCPIP6TUNNEL_{E02C720B-7FDC-440E-84C6-8A3A750C2BD1}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}@InterfaceName isatap.{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D}@EnableDHCP 0

---- Files - GMER 2.1 ----

File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea 0 bytes
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea\BIT5D72.tmp 0 bytes
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea\cbshandler 0 bytes
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea\cbshandler\state 12 bytes

---- EOF - GMER 2.1 ----



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by dresbamr at 16:56:24 on 2013-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6052.2512 [GMT -5:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\windows\system32\WLANExt.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\xampp\mysql\bin\mysqld.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Users\dresbamr\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\dresbamr\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Users\dresbamr\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\igfxext.exe
C:\PROGRA~2\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.simplespeedy.info/
uProxyOverride = <local>;*.local
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
mURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll
BHO: continuetosave: {2E99379D-9139-87DD-B6FF-A5E3B16F6080} - C:\ProgramData\continuetosave\51081a6044d2e.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: continuetosave: {AE891139-6F9C-D354-5FA6-349A96333EDE} - LocalServer32 - <no file>
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [googletalk] C:\Users\dresbamr\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Google Update] "C:\Users\dresbamr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SearchProtect] C:\Users\dresbamr\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [ToshibaServiceStation] rem "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [SVPWUTIL] rem C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] rem "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\dresbamr\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\dresbamr\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\dresbamr\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\dresbamr\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KOOBIT~1.LNK - C:\Program Files (x86)\KooBits 4.0\KooBits 4.0.exe
StartupFolder: C:\Users\dresbamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.2
TCP: Interfaces\{176EFC60-52B2-4BF6-9CC5-0804BA7FCF2C} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{2872705D-46DF-4803-AA43-CAB11FE2DD54} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{2872705D-46DF-4803-AA43-CAB11FE2DD54} : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{2872705D-46DF-4803-AA43-CAB11FE2DD54}\6457E6E69702641627D6 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{2872705D-46DF-4803-AA43-CAB11FE2DD54}\6457E6E69702641627D6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{2872705D-46DF-4803-AA43-CAB11FE2DD54}\7586561647669656C64602C4962627162797 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{2872705D-46DF-4803-AA43-CAB11FE2DD54}\7586561647669656C64602C4962627162797 : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{2872705D-46DF-4803-AA43-CAB11FE2DD54}\C6567696F6E6 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{2872705D-46DF-4803-AA43-CAB11FE2DD54}\C6567696F6E6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{2872705D-46DF-4803-AA43-CAB11FE2DD54}\D496649643632303C402A45647071636B6024424833402355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D} : NameServer = 0.0.0.0
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\guard32.dll c:\progra~2\softqu~1\sprote~1.dll c:\progra~2\contin~1\sprote~1.dll c:\progra~2\simple~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dresbamr\AppData\Roaming\Mozilla\Firefox\Profiles\1ek2z2o7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN31579210252814422
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke B Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&SearchSource=61&CUI=UN31579210252814422&UM=UM_ID&UP=SP8553BC69-E998-42BC-8871-171E2B4CC4FA
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN31579210252814422&UM=UM_ID&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\dresbamr\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\dresbamr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\dresbamr\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=3212_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 68d7a1a200000000000074e50b71b90d
FF - user.js: extensions.BabylonToolbar.instlDay - 15559
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.614:23:26
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
user_pref('extensions.dealply.partner', 'vita');
.
user_pref('extensions.dealply.channel', 'vitausfilewincom');
.
user_pref('extensions.dealply.installId', 'v24300284748591217881462012112114430417');
.
user_pref('extensions.dealply.installIdSource', 'inst');
.
user_pref('extensions.dealply.sampleGroup', '7');
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAzztB0F0C0A0AtC0AtBtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=1888619707
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAzztB0F0C0A0AtC0AtBtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=1888619707
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAzztB0F0C0A0AtC0AtBtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=1888619707&q=
FF - user.js: extensions.funmoods.id - DC0EA1382FCAA1A2
FF - user.js: extensions.funmoods.instlDay - 15667
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:22:36
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN115648039770047-1002&toolbarId=base&affiliateId=1042&Lan={dfltLng}&utid=68d7a1a200000000000074e50b71b90d&q=
FF - user.js: extensions.zonealarm.id - 68d7a1a200000000000074e50b71b90d
FF - user.js: extensions.zonealarm.instlDay - 15691
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.411:21:55
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1042
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN115648039770047-1002
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2011-11-22 482384]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-2-19 39768]
R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2012-11-21 11864]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-2-20 93984]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-8-30 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-8-30 827560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-10 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-22 2656280]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-19 968880]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2011-11-22 20592]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-5-26 174680]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-10 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-11-22 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Apache2.4;Apache2.4;C:\xampp\apache\bin\httpd.exe [2012-6-6 22016]
S3 FileZillaServer;FileZillaServer;C:\xampp\FileZillaFTP\FileZillaServer.exe [2012-5-11 632320]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240]
S3 pwdrvio;pwdrvio;C:\windows\System32\pwdrvio.sys [2012-1-21 19936]
S3 pwdspio;pwdspio;C:\windows\System32\pwdspio.sys [2012-1-21 13280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-13 19456]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-22 57216]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-2-13 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-06-11 20:47:00 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E5199FA-C753-484C-9829-6291791D4CF2}\mpengine.dll
2013-06-10 19:50:17 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-06-10 19:50:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-25 21:05:12 -------- d-----w- C:\Program Files\iPod
2013-05-25 21:05:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-25 21:05:11 -------- d-----w- C:\Program Files\iTunes
2013-05-25 21:05:11 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-25 20:02:01 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-25 20:02:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-25 20:02:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-25 20:02:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-25 20:02:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-25 20:02:00 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-25 20:02:00 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-25 20:02:00 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-25 20:02:00 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-25 20:02:00 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-20 18:00:19 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-20 18:00:19 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-05-20 18:00:19 144384 ----a-w- C:\windows\System32\cdd.dll
2013-05-20 17:59:53 1930752 ----a-w- C:\windows\System32\authui.dll
2013-05-20 17:59:52 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-05-20 17:59:52 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-05-20 17:59:52 111448 ----a-w- C:\windows\System32\consent.exe
2013-05-20 17:59:24 48640 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-05-20 17:59:24 230400 ----a-w- C:\windows\System32\wwansvc.dll
2013-05-20 17:59:21 3153920 ----a-w- C:\windows\System32\win32k.sys
.
==================== Find3M ====================
.
2013-06-11 20:36:01 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:36:01 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 0708 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-05-01 08:59:12 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59:12 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 10:35:05 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-03-19 0333 112640 ----a-w- C:\windows\System32\smss.exe
.
============= FINISH: 16:56:52.76 ===============
Attached Files
File Type: zip DDS.txt.zip (11.6 KB, 10 views)

__________________
dresbamr is offline  
Old 06-14-2013, 04:55 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,754
OS: XP Win7 Ubuntu 10.10



Hello and welcome to TSF.

Please uninstall the following programs via Programs and Features in Control Panel.

µTorrent & uTorrentBar Toolbar=========> uTorrent is a p2p appplication, a practice which can make you vulnerable to data and identity theft. Please read this sticky:

Perils of P2P File Sharing

I would strongly urge you to remove them via Add or Remove Programs in Control Panel as suggested in our
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help page.

Quote:
  • p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link
---------

AVG 2012
AVG 2013
AVG SafeGuard toolbar
=========> You have ZoneAlarm installed. It's not a good idea to have more than one antivirus installed, even if one is disabled.

As stated in our pre-posting sticky...
Quote:
  • • If you have more than one antivirus software installed, leave only ONE and uninstall the others.
======================

Next,

Download the adwCleaner
  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

================

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message and let me know how things are.

__________________

amateur is offline  
Old 06-17-2013, 11:47 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,754
OS: XP Win7 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
svchost virus, or something even worse
So over the past few days I have been doing extensive research on the inner workings of my computer in an attempt to fix a really nasty virus that is effecting, or perhaps simply using the windows process svchost. I thought I had everything under control until today when I changed from Norton...
pumpprodigy Resolved HJT Threads 1 01-15-2012 01:09 AM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
Same Virus Twice... PC slower with Error Messages - AntiVirus or Virus caused this?
I have Vista 32 bit, and my PC was working fine until I downloaded the same virus twice. I was unsure what had caused it the first time as I was downloading numerous things, but I only realised what it was after trying to re-download one of the programmes a second time after the first virus....
StoneWall_ Inactive Malware Help Topics 2 09-02-2011 06:07 PM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 05:03 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts