Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware Toolbar/Hijacker/etc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 22nd, 2011, 5:02 pm

Attached is a copy of both the DDS.txt and Attach.txt

The "symptoms" the computer is experiencing when using all browsers, including Firefox and Google Chrome, is as follows:
1: When given a web address, it will temporarily go to the correct page, and then kick it out to a page that looks like a yahoo directory saying one of two things, that the page could not be found, or will give a listing of similar pages to the site initially visited.
2: When entering a web address--that has been correctly put in--the browser will not connect to the correct page, but will go to one of the two directories I have listed above, or will go to "Page Not Found." At times, in order to get it to one page, one must reenter the address multiple times. Refreshing does not work on Firefox--it just brings it back to the same list of directory assistance--and on Chrome it will occationally work. In the case of Firefox, one must hit the back button and it will sometimes go directly to the correct page.
3: Last night, I ran Malwarebytes' Anti-Malware and it found three suspicious objects that it quarentined, but it has not improved the quality of the browsing.
4: I have tried reinstalling Firefox, have reinstalled google, this does not seem to be improving the situation.
5: We were notified yesterday that our accounts had been compromised on the internet, so our passwords have been changed and our security for those accounts heightened, but are still being contacted by my husband's account (yahoo messager in particular) attempting to talk to us on my account even though my husband is standing right next to me [we don't use messager, but the way it's set up now, it automatically opens when you log into your email]. I realize this is likely a whole other beast, but I wanted to include it just in case it was related.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by McAlpine at 15:35:42.28 on Fri 04/22/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1128 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Expat Shield\bin\hsswd.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Steam\SteamService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Users\McAlpine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McAlpine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McAlpine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McAlpine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\McAlpine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McAlpine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McAlpine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McAlpine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\McAlpine\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\mcalpine\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.71.0.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mcalpine\appdata\roaming\mozilla\firefox\profiles\pj2y9m20.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pricegong\2.1.0\ff\components\PriceGongFF.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\onlive\firefoxplugin\npolgdet.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\mcalpine\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\mcalpine\appdata\roaming\move networks\plugins\npqmp071701000002.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R?2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-3-28 1242504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-27 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-27 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-27 61960]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-15 88176]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-9-23 21848]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
RUnknown X4HSEx;X4HSEx; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 scupdateservice;SecureIT Update Service;c:\program files\secureit\scmonitor\scupdateservice.exe --> c:\program files\secureit\scmonitor\SCUpdateService.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-22 06:27:35 388096 ----a-r- c:\users\mcalpine\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-22 06:27:33 -------- d-----w- c:\program files\Trend Micro
2011-04-22 04:00:40 -------- d-----w- c:\users\mcalpine\appdata\roaming\Malwarebytes
2011-04-22 03:58:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-22 03:58:48 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-22 03:58:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 03:58:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 01:03:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 01:03:20 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 01:01:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 01:01:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 01:01:26 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 01:01:26 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 01:01:26 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 01:00:58 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 01:00:58 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 01:00:30 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 01:00:02 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 00:59:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 00:58:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-08 21:15:10 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-04-01 12:23:32 -------- d-----w- C:\Expat Shield
2011-04-01 12:23:31 506880 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-04-01 12:23:28 -------- d-----w- c:\program files\Expat Shield
2011-03-31 19:51:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-31 19:50:59 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-31 19:50:59 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-31 19:50:59 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-03-31 19:50:59 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-31 19:50:59 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-31 19:50:59 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-31 19:50:59 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-03-31 19:50:59 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-31 19:50:59 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
.
==================== Find3M ====================
.
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:36:25.70 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2009 10:05:10 PM
System Uptime: 4/22/2011 2:05:12 AM (13 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Athlon(tm) 7550 Dual-Core Processor | Socket AM2 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 46.006 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.595 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP869: 4/15/2011 3:00:24 AM - Windows Update
RP870: 4/16/2011 3:00:23 AM - Windows Update
RP871: 4/16/2011 3:58:30 PM - Scheduled Checkpoint
RP872: 4/17/2011 3:00:21 AM - Windows Update
RP873: 4/18/2011 3:00:24 AM - Windows Update
RP874: 4/19/2011 12:00:01 AM - Scheduled Checkpoint
RP875: 4/19/2011 3:00:23 AM - Windows Update
RP876: 4/20/2011 3:00:21 AM - Windows Update
RP877: 4/21/2011 12:00:02 AM - Scheduled Checkpoint
RP878: 4/21/2011 3:00:23 AM - Windows Update
RP879: 4/22/2011 1:26:55 AM - Installed HiJackThis
RP880: 4/22/2011 1:50:03 AM - Windows Update
RP882: 4/22/2011 2:20:27 AM - Removed Free Ride Games Player
RP883: 4/22/2011 2:21:59 AM - Removed Skype Toolbars
RP884: 4/22/2011 2:23:07 AM - Removed Skype™ 4.2
RP885: 4/22/2011 3:00:21 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Agere Systems PCI-SV92EX Soft Modem
Amnesia: The Dark Descent Demo
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bing Bar
BufferChm
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX120 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
Conflict: Denied Ops Demo
Counter-Strike: Source
Counter-Strike: Source Beta
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D110
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
Discovery! A Seek and Find Adventure
EPSON Scan
EPSON Stylus NX400 Series Printer Uninstall
Expat Shield 1.57
foldit
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
Google Chrome
GPBaseService2
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Games
HP Imaging Device Functions 14.0
HP MediaSmart DVD
HP Odometer
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Recovery Manager RSS
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Support Information
HP Total Care Setup
HP Update
HPAppStudio
HPAsset component for HP Active Support Library
HPPhotoGadget
HPProductAssistant
HPSSupply
Java Auto Updater
Java(TM) 6 Update 20
LabelPrint
Left 4 Dead
Left 4 Dead 2
LightScribe System Software
LogMeIn Hamachi
LSI PCI-SV92EX Soft Modem
Machinarium Demo
Magic Workstation 0.94f
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mini Ninjas - Demo
Morrowind
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nancy Drew: Ransom of the Seven Ships - Demo
Nancy Drew: The White Wolf of Icicle Creek Demo
Network
Norton Internet Security
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
Oddworld: Abe's Exoddus Demo
OGA Notifier 2.0.0048.0
OnLive
OpenAL
OpenOffice.org 3.2
Pando Media Booster
Penumbra Overture
PictureMover
Portal
PriceGong 2.1.0
PS_AIO_07_D110_SW_Min
Python 2.6 pywin32-212
Python 2.6.1
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Serious Sam HD: The First Encounter Demo
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
sp44626
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Status
Steam
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
TES Construction Set
The Office Demo
The Treasures of Montezuma
The Weather Channel Desktop 6
Thief: Deadly Shadows
Toolbox
TrayApp
Unreal Development Kit
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Virtual Villagers 2: The Lost Children
VLC media player 0.9.2
W Photo Studio
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
4/22/2011 2:10:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
4/22/2011 2:10:04 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2011 2:08:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt SCFilter SRTSP SRTSPX
4/22/2011 2:08:06 AM, Error: Service Control Manager [7022] - The LogMeIn Hamachi 2.0 Tunneling Engine service hung on starting.
4/22/2011 2:08:05 AM, Error: Service Control Manager [7022] - The Client Virtualization Handler service hung on starting.
4/22/2011 2:07:12 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/22/2011 2:07:12 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
4/15/2011 3:14:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Outlook 2003 (KB2293428).
4/15/2011 3:12:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB976382).
4/15/2011 3:12:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Outlook 2003 (KB980373).
4/15/2011 3:11:56 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 (KB2449798).
4/15/2011 3:11:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2502786).
4/15/2011 3:11:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB975051).
4/15/2011 3:10:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB974554).
4/15/2011 3:10:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Web Components (KB947319).
4/15/2011 3:09:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2509503).
4/15/2011 3:09:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2522981).
4/15/2011 3:08:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2003 (KB2344911).
4/15/2011 3:07:56 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works Suite 2005 (KB943973).
4/15/2011 3:07:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2431831).
4/15/2011 3:05:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2003 (KB978551).
4/15/2011 3:05:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB951535).
4/15/2011 3:05:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2003 (KB2464588).
4/15/2011 3:04:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB972580).
4/15/2011 3:03:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289163).
4/15/2011 3:03:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2288613).
4/15/2011 3:02:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).
4/15/2011 12:03:25 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0023C3912DF7. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am
Advertisement
Register to Remove

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby askey127 » April 24th, 2011, 7:45 am

Hi anya0234,
------------------------------------------------
Before We Start
Please be aware that removing Malware is a potentially hazardous undertaking.
I will take care not to knowingly suggest courses of action that might damage your computer. However, it is impossible for me to foresee all interactions that may happen between your computer software and the tools we'll use to clear you of infection, so I cannot guarantee the safety of your system.
It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

MarketResearch
McAfee Security Scan Plus
Norton Internet Security
Pando Media Booster
Coupon Printer for Windows

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
Please Be patient. This tool removes hundreds of files and settings. It will let you know when it's done.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 24th, 2011, 2:27 pm

I'm still going through the process that you sent me, but I just wanted to let you know that following the steps you provided of going into the control panel, etc, I was unable to find 2 of the programs you asked me to uninstall: 1) MarketResearch 2) Norton Internet Security
Is it possible that they might be located somewhere else I didn't look, or be labeled something else? Let me know, and thanks for your help!
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 24th, 2011, 2:32 pm

And one other...issue...how do I determine what version of Norton Antivirus I have? The link asks that you select your version. Thanks again.
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby askey127 » April 24th, 2011, 3:20 pm

Your installed programs list says the version is "Norton Internet Security"
Run the removal tool even if you can't uninstall it the regular way.

When it asks to choose your product, click on the one labeled,
"I have a Norton 2006/2007/2008/2009/2010/2011 product"
Don't bother with saving your "key" unless you paid for Norton and want to re-install it later.
Just download and run the tool. Be patient as it scans and runs.

If you can't find "Market research" that's OK. We will get it later.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 25th, 2011, 9:35 am

Okay, seriously, I cannot find any kinda Norton product on our computer. I've looked in the Programs under the Control Panel--even searched for it, but I don't even have anything that begins with the letters N-o-. I have also looked under the All Programs in the Start menu and cannot find any trace of it there. I'm trying to follow the directions you sent, but by going to that site, following the instructions and clicking on the Automatic Removal, it says that I don't have any products that have this option. In other words, I can't get as far as the Norton Removal Tool for the desktop. Not trying to be dense, just not sure how to proceed. Sorry about the delay, if you have any ideas for me, please let me know!
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 25th, 2011, 9:37 am

Oh, and still haven't found the Norton Internet Security. Like I said, there's nothing in the Programs folder that even has the N-o- portion.
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby askey127 » April 25th, 2011, 11:29 am

You are completely misunderstanding what I am asking you to do.
There is a Norton removal tool available, but you have to click on a link, and save the download to your desktop, then RUN the downloaded file.
---------------------------------------------
Symantec did not remove everything as it should. This is a common problem.
To completely remove Norton, click on the link below here:
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US

When it asks to choose your Norton product, click on the one labeled,
"I have a Norton 2006/2007/2008/2009/2010/2011 product"
It may instruct to save your key, etc. Don't bother with saving your "key". Scroll down to Step 2 and click the DOWNLOAD button
Perform the DownLoad for your version of Windows (choose Save and save it to your desktop).
Then double click the downloaded file on your desktop.
Let it run until it's done. it may take a while.
This tool removes hundreds of files and settings. It will let you know when it's done.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 25th, 2011, 2:16 pm

Got the Norton Removal Tool done, and followed the instructions on the OTL.exe...but only one Notepad doc came up. I have included that. I tried running it 2x thinking that maybe that second report would come up but it still did not.

OTL logfile created on: 4/25/2011 1:10:49 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = c:\Users\McAlpine\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.80 Gb Total Space | 44.17 Gb Free Space | 15.40% Space Free | Partition Type: NTFS
Drive D: | 11.28 Gb Total Space | 1.59 Gb Free Space | 14.13% Space Free | Partition Type: NTFS

Computer Name: MCALPINE-PC | User Name: McAlpine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 02:09:24 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/04/22 00:15:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Users\McAlpine\Downloads\OTL.exe
PRC - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/03/17 03:37:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/22 08:52:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/11/03 03:30:38 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/03 03:30:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/15 13:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Expat Shield\bin\hsswd.exe
PRC - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2010/09/24 13:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/06/04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/03 20:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/05/18 15:45:16 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 00:15:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Users\McAlpine\Downloads\OTL.exe
MOD - [2011/03/28 11:48:30 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (scupdateservice)
SRV - [2011/04/22 02:09:24 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Start_Pending] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/03/17 03:37:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/03 03:30:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/15 13:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/12/03 20:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/24 07:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/12/08 21:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 03:37:35 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 12:51:44 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/22 14:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/07/09 17:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/26 17:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/12 12:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/11/12 12:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 07:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 21:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3813002812-403067811-3136601845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
IE - HKU\S-1-5-21-3813002812-403067811-3136601845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKU\S-1-5-21-3813002812-403067811-3136601845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-3813002812-403067811-3136601845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3813002812-403067811-3136601845-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3813002812-403067811-3136601845-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=524517"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.0.1
FF - prefs.js..extensions.enabledItems: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F}:1.7.4
FF - prefs.js..extensions.enabledItems: ru@dictionaries.addons.mozilla.org:0.4.4
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.24
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/30 22:14:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/04/23 08:03:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 13:24:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 13:24:33 | 000,000,000 | ---D | M]

[2009/09/18 14:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Extensions
[2011/04/21 23:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions
[2010/07/30 08:12:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/30 07:45:53 | 000,000,000 | ---D | M] (Quick Locale Switcher) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
[2011/04/21 23:38:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/31 18:32:02 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/04/02 11:11:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/22 04:10:01 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\dictionary-switcher@design-noir.de
[2011/03/25 17:22:05 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011/03/25 17:22:05 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\ru@dictionaries.addons.mozilla.org
[2010/09/10 17:12:24 | 000,002,426 | ---- | M] () -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\searchplugins\askcom.xml
[2011/04/22 02:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/29 17:05:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/01 07:23:31 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
[2011/04/23 08:03:40 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/08/29 17:05:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/04/21 23:43:45 | 000,001,949 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3813002812-403067811-3136601845-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3813002812-403067811-3136601845-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3813002812-403067811-3136601845-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-3813002812-403067811-3136601845-1000..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.co ... 1.71.0.cab (SysInfo Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\McAlpine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\McAlpine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{11415d77-0c69-11df-9cbd-00248cf86ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{11415d77-0c69-11df-9cbd-00248cf86ab2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 01:27:34 | 000,000,000 | ---D | C] -- C:\Users\McAlpine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/22 01:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/21 23:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/04/21 23:00:40 | 000,000,000 | ---D | C] -- C:\Users\McAlpine\AppData\Roaming\Malwarebytes
[2011/04/21 22:58:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/21 22:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/21 22:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/21 22:58:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/21 22:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 20:03:20 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 20:03:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 20:02:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/13 20:02:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/13 20:02:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 20:02:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/13 20:02:53 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 20:02:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 20:02:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/13 20:02:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 20:02:52 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/13 20:02:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/13 20:02:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/13 20:02:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/13 20:02:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/13 20:02:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/13 20:02:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 20:02:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/13 20:02:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 20:01:54 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 20:01:54 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/13 20:00:58 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 20:00:30 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/13 19:59:35 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/13 19:59:34 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/08 16:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/04/08 16:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/04/01 07:23:32 | 000,000,000 | ---D | C] -- C:\Expat Shield
[2011/04/01 07:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
[2011/04/01 07:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Expat Shield
[2011/03/30 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\McAlpine\Desktop\Artistic Muses
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/25 13:06:35 | 000,613,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/25 13:06:35 | 000,108,176 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 12:58:58 | 000,056,213 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/25 12:58:57 | 000,056,213 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/25 12:58:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 12:58:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 12:58:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/25 12:58:41 | 3219,615,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/25 12:41:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3813002812-403067811-3136601845-1000UA.job
[2011/04/22 04:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3813002812-403067811-3136601845-1000Core.job
[2011/04/22 01:27:34 | 000,001,954 | ---- | M] () -- C:\Users\McAlpine\Desktop\HiJackThis.lnk
[2011/04/21 22:58:50 | 000,000,936 | ---- | M] () -- C:\Users\McAlpine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/21 22:58:50 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/14 03:44:59 | 000,422,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/12 12:30:37 | 000,031,232 | ---- | M] () -- C:\Users\McAlpine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:15:35 | 000,008,592 | ---- | M] () -- C:\Users\McAlpine\AppData\Local\d3d9caps.dat
[2011/04/01 09:57:31 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/04/01 07:29:50 | 005,807,264 | ---- | M] () -- C:\Users\McAlpine\Desktop\HSS-1.57-install-anchorfree-76-conduit.exe
[2011/03/31 14:51:02 | 000,000,876 | ---- | M] () -- C:\Users\McAlpine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/31 14:51:02 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/31 11:50:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMcAlpine.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/22 01:27:34 | 000,001,954 | ---- | C] () -- C:\Users\McAlpine\Desktop\HiJackThis.lnk
[2011/04/21 22:58:50 | 000,000,936 | ---- | C] () -- C:\Users\McAlpine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/21 22:58:50 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/01 07:29:41 | 005,807,264 | ---- | C] () -- C:\Users\McAlpine\Desktop\HSS-1.57-install-anchorfree-76-conduit.exe
[2011/03/31 14:51:02 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/31 14:51:02 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/30 23:20:16 | 000,207,001 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/01/30 23:20:16 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/01/30 22:06:16 | 000,206,997 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/11/12 16:52:10 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/03 22:50:08 | 000,000,096 | ---- | C] () -- C:\Users\McAlpine\AppData\Local\fusioncache.dat
[2010/09/11 22:15:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/11 15:43:19 | 000,056,213 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/09/11 15:43:19 | 000,056,213 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/09 20:23:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/27 21:29:58 | 000,008,592 | ---- | C] () -- C:\Users\McAlpine\AppData\Local\d3d9caps.dat
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/11 23:24:34 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/05/11 23:24:34 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/05/11 23:24:34 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/05/11 23:24:34 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/05/11 23:24:34 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/05/11 23:24:34 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/05/11 23:24:34 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/05/11 23:24:34 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/05/11 23:24:34 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/05/11 23:24:34 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/05/11 23:24:34 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/05/11 23:24:34 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/05/11 23:24:34 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/05/11 23:24:34 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/05/11 23:24:34 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/05/11 23:24:34 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/03/31 19:34:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2010/02/05 13:34:47 | 000,065,329 | ---- | C] () -- C:\Program Files\Sec
[2009/09/25 12:36:18 | 000,009,814 | ---- | C] () -- C:\Users\McAlpine\AppData\Roaming\wklnhst.dat
[2009/09/18 15:04:38 | 000,031,232 | ---- | C] () -- C:\Users\McAlpine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/18 13:34:37 | 000,008,704 | ---- | C] () -- C:\Windows\System32\scsprembt.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/05/18 15:36:28 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/18 15:36:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/18 15:06:49 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/05/18 15:06:49 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,422,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,613,476 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,176 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/10/22 01:16:23 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\GetRightToGo
[2010/01/18 00:51:12 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\Kybtec Software
[2010/01/18 00:50:44 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\MipKukSoft
[2010/08/29 17:18:23 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\OpenOffice.org
[2009/09/18 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\PictureMover
[2010/09/11 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\SystemRequirementsLab
[2009/09/25 12:48:34 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\Template
[2010/03/22 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\TP
[2009/11/02 12:33:48 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\W Photo Studio
[2009/11/02 12:27:25 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\W Photo Studio Viewer
[2009/11/02 12:28:20 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\Walgreens
[2009/12/29 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\WinBatch
[2009/10/08 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\Windows SideBar
[2011/04/25 12:41:37 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby askey127 » April 25th, 2011, 3:31 pm

anya0234
Take a look at the rating from hpHosts for the site you are using for your searches (ask.com)
This is a safe link: http://hosts-file.net/default.asp?s=ask.com
You can hover your mouse pointer over the EMD rating on the right and see the issues.

Either you can completely get rid of that search engine yourself or you can have me do it. It will be much faster if you can do it.
That site also appears to masquerade as Secure Search in Yahoo. It is known to CAUSE the very redirects you now find so annoying.
It undoubtedly came as a toolbar.
I also would suggest getting rid of most or all toolbars. They mostly benefit the purveyors, not you.

For now, change your search engine in every browser to Google or Bing.
-----------------------------------------------------------
When you are done changing the search engine, we need to erase the "memorized" redirects.
Flush DNS Cache
  • Click the Microsoft Vista Start logo in the bottom left corner of the screen
  • Click All Programs
  • Click Accessories
  • RIGHT-click on Command Prompt
  • Select Run As Administrator
  • In the command window type the following, and then hit Enter: ipconfig /flushdns
  • You will see the following confirmation:
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache

Let me know what you would like me to do next, or tell me you are ready for the next steps.
We can do additional searches for the source of the problems, if it doesn't clear up.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 25th, 2011, 4:31 pm

Ok, I think I got all the steps down and already the internet is working so much nicer! Thanks so much for your help! Is there anything else that I need to do to keep everything in working order?
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 25th, 2011, 4:34 pm

Scratch that, I'm still having some redirects, but it is somewhat improved from before.
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 25th, 2011, 11:17 pm

So the first few hours the computer was working fairly well, but then it started redirecting itself more and more, this time always through the firefox saying "oops this page was not found" and even when you refresh, or reenter the address, it just goes to that same page not found. It's not 100% of the time, but about 60-80% of the time. Let me know what to do!
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby askey127 » April 26th, 2011, 8:30 am

anya0234,
That's OK.
Let's take the redirects out manually. We need to see where we are first:
----------------------------------------------
Perform a Custom Scan with OTL
Start OTL
In each of the following boxes, change the checked item to None
Processes
Modules
Services
Drivers

In the Standard Registry box, check Use SafeList
In the Extra Registry box, check Use SafeList

Then click the Run Scan button at the top.

Let the program run unhindered and pop up a Notepad File when it is done.
Post the Notepad file in your next reply. The file will also be saved as a new file named OTL.txt on your desktop.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware Toolbar/Hijacker/etc

Unread postby anya0234 » April 27th, 2011, 11:50 am

OTL logfile created on: 4/27/2011 10:21:18 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\McAlpine\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.80 Gb Total Space | 43.59 Gb Free Space | 15.20% Space Free | Partition Type: NTFS
Drive D: | 11.28 Gb Total Space | 1.59 Gb Free Space | 14.13% Space Free | Partition Type: NTFS

Computer Name: MCALPINE-PC | User Name: McAlpine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=524517"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.0.1
FF - prefs.js..extensions.enabledItems: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F}:1.7.4
FF - prefs.js..extensions.enabledItems: ru@dictionaries.addons.mozilla.org:0.4.4
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.24
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/30 22:14:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/04/23 08:03:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 13:24:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 13:24:33 | 000,000,000 | ---D | M]

[2009/09/18 14:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Extensions
[2011/04/21 23:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions
[2010/07/30 08:12:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/30 07:45:53 | 000,000,000 | ---D | M] (Quick Locale Switcher) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
[2011/04/21 23:38:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/31 18:32:02 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/04/02 11:11:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/22 04:10:01 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\dictionary-switcher@design-noir.de
[2011/03/25 17:22:05 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011/03/25 17:22:05 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\ru@dictionaries.addons.mozilla.org
[2011/04/22 02:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/29 17:05:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/01 07:23:31 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
[2011/04/23 08:03:40 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/08/29 17:05:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/04/21 23:43:45 | 000,001,949 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.co ... 1.71.0.cab (SysInfo Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\McAlpine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\McAlpine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{11415d77-0c69-11df-9cbd-00248cf86ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{11415d77-0c69-11df-9cbd-00248cf86ab2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/26 12:20:26 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/26 12:20:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/22 01:27:34 | 000,000,000 | ---D | C] -- C:\Users\McAlpine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/22 01:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/21 23:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/04/21 23:00:40 | 000,000,000 | ---D | C] -- C:\Users\McAlpine\AppData\Roaming\Malwarebytes
[2011/04/21 22:58:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/21 22:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/21 22:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/21 22:58:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/21 22:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 20:03:20 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 20:03:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 20:02:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/13 20:02:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/13 20:02:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 20:02:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/13 20:02:53 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 20:02:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 20:02:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/13 20:02:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 20:02:52 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/13 20:02:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/13 20:02:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/13 20:02:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/13 20:02:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/13 20:02:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/13 20:02:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 20:02:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/13 20:02:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 20:01:54 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 20:01:54 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/13 20:00:58 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 20:00:30 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/13 19:59:35 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/13 19:59:34 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/08 16:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/04/08 16:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/04/01 07:23:32 | 000,000,000 | ---D | C] -- C:\Expat Shield
[2011/04/01 07:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
[2011/04/01 07:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Expat Shield
[2011/03/30 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\McAlpine\Desktop\Artistic Muses
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/27 09:41:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3813002812-403067811-3136601845-1000UA.job
[2011/04/27 08:26:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 08:26:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 06:33:00 | 000,613,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 06:33:00 | 000,108,176 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/27 06:28:45 | 000,056,213 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/27 06:28:44 | 000,056,213 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/27 06:26:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 06:25:50 | 3219,615,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/22 04:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3813002812-403067811-3136601845-1000Core.job
[2011/04/22 01:27:34 | 000,001,954 | ---- | M] () -- C:\Users\McAlpine\Desktop\HiJackThis.lnk
[2011/04/21 22:58:50 | 000,000,936 | ---- | M] () -- C:\Users\McAlpine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/21 22:58:50 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/14 03:44:59 | 000,422,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/12 12:30:37 | 000,031,232 | ---- | M] () -- C:\Users\McAlpine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:15:35 | 000,008,592 | ---- | M] () -- C:\Users\McAlpine\AppData\Local\d3d9caps.dat
[2011/04/01 09:57:31 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/04/01 07:29:50 | 005,807,264 | ---- | M] () -- C:\Users\McAlpine\Desktop\HSS-1.57-install-anchorfree-76-conduit.exe
[2011/03/31 14:51:02 | 000,000,876 | ---- | M] () -- C:\Users\McAlpine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/31 14:51:02 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/31 11:50:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMcAlpine.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/22 01:27:34 | 000,001,954 | ---- | C] () -- C:\Users\McAlpine\Desktop\HiJackThis.lnk
[2011/04/21 22:58:50 | 000,000,936 | ---- | C] () -- C:\Users\McAlpine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/21 22:58:50 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/01 07:29:41 | 005,807,264 | ---- | C] () -- C:\Users\McAlpine\Desktop\HSS-1.57-install-anchorfree-76-conduit.exe
[2011/03/31 14:51:02 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/31 14:51:02 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/30 23:20:16 | 000,207,001 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/01/30 23:20:16 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/01/30 22:06:16 | 000,206,997 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/11/12 16:52:10 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/03 22:50:08 | 000,000,096 | ---- | C] () -- C:\Users\McAlpine\AppData\Local\fusioncache.dat
[2010/09/11 22:15:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/11 15:43:19 | 000,056,213 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/09/11 15:43:19 | 000,056,213 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/09 20:23:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/27 21:29:58 | 000,008,592 | ---- | C] () -- C:\Users\McAlpine\AppData\Local\d3d9caps.dat
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/11 23:24:34 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/05/11 23:24:34 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/05/11 23:24:34 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/05/11 23:24:34 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/05/11 23:24:34 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/05/11 23:24:34 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/05/11 23:24:34 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/05/11 23:24:34 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/05/11 23:24:34 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/05/11 23:24:34 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/05/11 23:24:34 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/05/11 23:24:34 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/05/11 23:24:34 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/05/11 23:24:34 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/05/11 23:24:34 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/05/11 23:24:34 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/03/31 19:34:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2010/02/05 13:34:47 | 000,065,329 | ---- | C] () -- C:\Program Files\Sec
[2009/09/25 12:36:18 | 000,009,814 | ---- | C] () -- C:\Users\McAlpine\AppData\Roaming\wklnhst.dat
[2009/09/18 15:04:38 | 000,031,232 | ---- | C] () -- C:\Users\McAlpine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/18 13:34:37 | 000,008,704 | ---- | C] () -- C:\Windows\System32\scsprembt.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/05/18 15:36:28 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/18 15:36:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/18 15:06:49 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/05/18 15:06:49 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,422,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,613,476 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,176 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

< End of report >
anya0234
Regular Member
 
Posts: 19
Joined: April 22nd, 2011, 1:55 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware