Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Updates Fail, Firefox won't connect, IE does, but redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » October 30th, 2011, 6:33 am

Hi rjmc,
pgmigg is unavailable at present, so if it's ok with yourself i will continue helping you.
It's my home office pc. It is not connected to a business network.

You say this is your Home office PC, can you confirm if it is used for business purposes or not?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 1st, 2011, 4:55 pm

Hello Cypher,

Thanks for your help. It was, but not for the past 6 months or so.

joy
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 2nd, 2011, 6:24 am

Hi,
Thanks for your help.

You're welcome.
How is your computer performing now are you having any problems?

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 23


Next.

Java SE Runtime Environment (JRE).

Please download from HERE

  • Find Java SE 7u1.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

  • Please download TFC and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click TFC.exe and select " Run as administrator " to run it.
  • If prompted, click Yes to reboot.
  • NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 4th, 2011, 8:12 pm

Hi Cypher,

I couldn't run ESET Online. At the initialization period, it says "Can not get update. Is proxy configured?"

rjmc
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 5th, 2011, 6:55 am

Hi rjmc,
It's to your own benefit to reply to my posts as soon as possible, the quicker we can get your PC clean the better.
Malware can change over time making it more difficult to remove.

Try running this alternative scan, be sure to disable your AV and run TFC prior to the scan.
Also let me know how your PC is performing now.

PANDA ONLINE SCAN

Please go Here to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply


Logs/Information to Post in your Next Reply

  • Results of the PANDA scan.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 8th, 2011, 1:07 am

Hi Cypher,

The only thing that has been fixed is IE doesn't redirect to ad pages. Other then that, pc seems to be running ok. I still have the problem with updates failing to download and install and firefox won't connect. I'm thinking about reinstalling my router, cuz I can't seem to connect to it either. Let me know how to proceed.

Thanks,
rjmc


;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-11-07 21:02:35
PROTECTIONS: 1
MALWARE: 27
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AntiVir Desktop No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\joylynn\appdata\roaming\microsoft\windows\cookies\joylynn@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\joylynn\appdata\roaming\microsoft\windows\cookies\joylynn@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@mediaplex[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@linksynergy[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\joylynn\appdata\roaming\microsoft\windows\cookies\joylynn@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@www.burstbeacon[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@ads.pointroll[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@zedo[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@atwola[1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@enhance[2].txt
09163365 Generic Trojan Virus/Trojan Yes 0 Yes No c:\users\joylynn\appdata\local\aol ocp\aolupdate\aolupdt32.exe
09167657 Generic Malware Virus/Trojan Yes 0 Yes No c:\users\joylynn\appdata\local\aol ocp\aolupdate\aolupdt32.dll
09167658 Generic Malware Virus/Trojan Yes 0 Yes No c:\programdata\displaytraymanager.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\qoobox\quarantine\c\windows\explorer.exe.vir
No c:\qoobox\quarantine\c\windows\system32\svchost.exe.vir
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 8th, 2011, 6:13 am

Hi rjmc,
I still have the problem with updates failing to download and install

Which updates are you having trouble installing exactly?
I'm thinking about reinstalling my router, cuz I can't seem to connect to it either.

Ok lets reset your router, run another OTL scan for me also and post the new log in your next reply.

Reset your Router to its default configuration.
  • This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know your router's default password, you can look it up. HERE
  • You will need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This should help to stop your router from being hijacked again.

Next.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done post the new log in your next reply.

Logs/Information to Post in your Next Reply

  • Which updates won't install?
  • OTL log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 8th, 2011, 9:57 am

Hi Cypher,

I reset the router, but no change on trying to connect with Firefox or Safari. Only IE works. There's something blocking the connection somehow. Not sure why IE works. Avira, Flash, Malwarebytes, Defender or any software that needs to be updated can't seem to get through. Panda didn't want to update, but I kept clicking the retry button until it went through. May have been a fluke, but it worked.

OTL logfile created on: 11/8/2011 5:40:24 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\joylynn\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 44.83% Memory free
6.96 Gb Paging File | 4.97 Gb Available in Paging File | 71.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.21 Gb Total Space | 47.67 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive D: | 8.88 Gb Total Space | 1.24 Gb Free Space | 13.94% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: joylynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 18:28:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\joylynn\Desktop\OTL.exe
PRC - [2011/09/26 01:30:10 | 000,087,040 | ---- | M] (Apple Inc.) -- C:\Users\joylynn\AppData\Local\AOL OCP\AOLUpdate\AOLupdt32.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/21 11:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/18 13:09:31 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/07/18 13:09:23 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/04/21 06:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 06:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/16 09:07:18 | 003,528,440 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/09/06 13:53:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/08/03 14:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/07/13 17:39:02 | 001,077,248 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 03:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/06/23 17:45:40 | 001,029,712 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2006/06/23 17:24:50 | 000,276,048 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2006/03/20 11:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/12/16 08:57:30 | 006,661,120 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2008/12/16 08:57:30 | 001,916,928 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2008/12/16 08:57:30 | 000,770,560 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2008/12/16 08:57:30 | 000,203,776 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2006/03/20 11:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (a2AntiMalware)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/21 11:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/18 13:09:31 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/18 13:09:23 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/01/11 22:56:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 11:24:36 | 000,156,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/04 17:19:28 | 000,047,712 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/06/23 17:24:50 | 000,276,048 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/21 11:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 11:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/18 13:09:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/06/09 13:05:11 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/17 18:54:14 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/01/18 01:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/01/18 01:00:00 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007/12/12 05:13:13 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/10/30 19:55:44 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/10/30 19:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 19:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/30 19:55:28 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/30 19:55:20 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/30 19:55:14 | 000,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/02 09:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/05/03 10:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [1997/04/15 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\Windows\System32\drivers\ATMhelpr.sys -- (ATMhelpr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3513781084-200415242-206230267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3513781084-200415242-206230267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3513781084-200415242-206230267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3513781084-200415242-206230267-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3513781084-200415242-206230267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3513781084-200415242-206230267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110829&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/18 21:27:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/03 21:29:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 12:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/16 19:08:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/01/14 02:59:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/18 21:27:46 | 000,000,000 | ---D | M]

[2008/08/27 11:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joylynn\AppData\Roaming\Mozilla\Extensions
[2011/09/26 16:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joylynn\AppData\Roaming\Mozilla\Firefox\Profiles\modvzzop.default\extensions
[2011/09/26 00:35:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\joylynn\AppData\Roaming\Mozilla\Firefox\Profiles\modvzzop.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/24 12:25:39 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\joylynn\AppData\Roaming\Mozilla\Firefox\Profiles\modvzzop.default\extensions\LogMeInClient@logmein.com
[2009/02/25 06:52:13 | 000,001,739 | ---- | M] () -- C:\Users\joylynn\AppData\Roaming\Mozilla\Firefox\Profiles\modvzzop.default\searchplugins\aim-search.xml
[2011/08/28 19:25:35 | 000,001,945 | ---- | M] () -- C:\Users\joylynn\AppData\Roaming\Mozilla\Firefox\Profiles\modvzzop.default\searchplugins\bing-zugo.xml
[2011/11/03 07:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 15:55:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/11/03 07:25:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/06/03 02:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/03 02:29:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/02 02:00:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 12:28:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/03 07:24:14 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/06/11 13:27:34 | 000,217,088 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwbe.dll
[2007/11/16 13:34:16 | 000,217,088 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwbe.dll_
[2011/07/01 13:44:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/10/27 03:22:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-3513781084-200415242-206230267-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3513781084-200415242-206230267-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe ()
O4 - HKU\S-1-5-21-3513781084-200415242-206230267-1000..\Run: [AOL OCP Update] C:\Users\joylynn\AppData\Local\AOL OCP\AOLUpdate\AOLupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3513781084-200415242-206230267-1000..\Run: [cdloader] C:\Users\joylynn\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3513781084-200415242-206230267-1000..\Run: [DisplayTrayManager] C:\ProgramData\DisplayTrayManager.dll (Apple Inc.)
O4 - HKU\S-1-5-21-3513781084-200415242-206230267-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3513781084-200415242-206230267-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3513781084-200415242-206230267-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3513781084-200415242-206230267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe ()
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3513781084-200415242-206230267-1000\..Trusted Domains: secureserver.net ([email] http in Trusted sites)
O15 - HKU\S-1-5-21-3513781084-200415242-206230267-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinner.com/games/v47/sk ... illgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://mypoints.worldwinner.com/games/v ... Loader.cab (FunGamesLoader Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/fr ... eecell.cab (FreeCell Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://www.charter.net/files/charter/se ... /fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A8AF857-B8D0-4BC1-9E14-B12EF29BC146}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\joylynn\Pictures\1 GB\P1000101.JPG
O24 - Desktop BackupWallPaper: C:\Users\joylynn\Pictures\1 GB\P1000101.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/27 07:15:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{80ceb365-4de2-11dd-88bb-001d609c520a}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{80ceb365-4de2-11dd-88bb-001d609c520a}\Shell\phone\command - "" = K:\autorun.exe
O33 - MountPoints2\{e52ebc9d-4037-11de-a988-001d609c520a}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{e52ebc9d-4037-11de-a988-001d609c520a}\Shell\phone\command - "" = K:\autorun.exe
O33 - MountPoints2\{f26fe9d4-cb34-11dc-bf67-001d609c520a}\Shell - "" = AutoRun
O33 - MountPoints2\{f26fe9d4-cb34-11dc-bf67-001d609c520a}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{f26fe9d5-cb34-11dc-bf67-001d609c520a}\Shell\AutoRun\command - "" = M:\d.com
O33 - MountPoints2\{f26fe9d5-cb34-11dc-bf67-001d609c520a}\Shell\explore\Command - "" = M:\d.com
O33 - MountPoints2\{f26fe9d5-cb34-11dc-bf67-001d609c520a}\Shell\open\Command - "" = M:\d.com
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 01:00:00 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011/11/07 00:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/11/04 07:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/03 07:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/03 07:24:46 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/11/03 07:24:46 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/11/03 07:24:46 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/11/03 07:21:27 | 020,197,256 | ---- | C] (Oracle Corporation) -- C:\Users\joylynn\Desktop\jre-7u1-windows-i586.exe
[2011/11/03 07:10:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\joylynn\Desktop\TFC.exe
[2011/10/27 03:24:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/27 03:19:17 | 000,000,000 | ---D | C] -- C:\Users\joylynn\AppData\Local\temp
[2011/10/27 03:13:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/27 03:13:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/27 03:13:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/27 03:12:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/27 03:12:59 | 000,000,000 | ---D | C] -- C:\ComboFix2
[2011/10/27 03:00:24 | 004,266,378 | R--- | C] (Swearware) -- C:\Users\joylynn\Desktop\ComboFix2.exe
[2011/10/27 02:49:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/26 03:19:02 | 004,275,391 | R--- | C] (Swearware) -- C:\Users\joylynn\Desktop\ComboFix.exe
[2011/10/22 18:28:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\joylynn\Desktop\OTL.exe
[2011/10/22 18:27:49 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\joylynn\Desktop\tdsskiller.exe
[2011/10/20 01:36:09 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\joylynn\Desktop\MGADiag.exe
[2011/10/17 06:54:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\joylynn\Desktop\dds.scr
[2011/10/16 19:32:19 | 000,000,000 | ---D | C] -- C:\Users\joylynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/16 18:17:15 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/10/16 18:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/10/16 17:54:36 | 000,000,000 | ---D | C] -- C:\Users\joylynn\AppData\Roaming\Avira
[2011/09/26 01:30:11 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\ProgramData\DisplayTrayManager.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2011/11/08 04:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 04:43:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 04:43:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 03:28:52 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A5DC2E62-20D3-4BB2-A30C-C5C329E38109}.job
[2011/11/08 00:11:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2011/11/07 21:57:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/07 17:00:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2011/11/07 00:49:57 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/07 00:49:57 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/07 00:43:54 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjoylynn.job
[2011/11/07 00:43:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 00:43:22 | 3622,363,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 03:58:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2011/11/03 07:24:12 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/11/03 07:24:12 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/11/03 07:24:12 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/11/03 07:24:11 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/11/03 07:21:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\joylynn\Desktop\TFC.exe
[2011/11/03 07:21:30 | 020,197,256 | ---- | M] (Oracle Corporation) -- C:\Users\joylynn\Desktop\jre-7u1-windows-i586.exe
[2011/10/27 03:22:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/27 03:00:26 | 004,266,378 | R--- | M] (Swearware) -- C:\Users\joylynn\Desktop\ComboFix2.exe
[2011/10/26 03:19:15 | 004,275,391 | R--- | M] (Swearware) -- C:\Users\joylynn\Desktop\ComboFix.exe
[2011/10/25 16:19:54 | 000,054,272 | ---- | M] () -- C:\Users\joylynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 18:28:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\joylynn\Desktop\OTL.exe
[2011/10/22 18:28:03 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\joylynn\Desktop\tdsskiller.exe
[2011/10/20 01:40:41 | 000,459,264 | ---- | M] () -- C:\Users\joylynn\Desktop\CKScanner.exe
[2011/10/20 01:36:36 | 003,514,358 | ---- | M] () -- C:\Users\joylynn\Desktop\WVCheck.exe
[2011/10/20 01:36:09 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\joylynn\Desktop\MGADiag.exe
[2011/10/17 06:54:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\joylynn\Desktop\dds.scr
[2011/10/16 20:55:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/16 19:55:08 | 000,002,617 | ---- | M] () -- C:\Users\joylynn\Desktop\HiJackThis.lnk
[2011/10/16 18:12:39 | 001,008,092 | ---- | M] () -- C:\Users\joylynn\Desktop\jllik.scr

========== Files Created - No Company Name ==========

[2011/11/06 12:14:31 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForjoylynn.job
[2011/10/27 03:13:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/27 03:13:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/27 03:13:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/27 03:13:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/27 03:13:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/20 01:40:41 | 000,459,264 | ---- | C] () -- C:\Users\joylynn\Desktop\CKScanner.exe
[2011/10/20 01:36:34 | 003,514,358 | ---- | C] () -- C:\Users\joylynn\Desktop\WVCheck.exe
[2011/10/16 20:10:48 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2011/10/16 19:32:19 | 000,002,617 | ---- | C] () -- C:\Users\joylynn\Desktop\HiJackThis.lnk
[2011/10/16 18:24:45 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/16 18:12:31 | 001,008,092 | ---- | C] () -- C:\Users\joylynn\Desktop\jllik.scr
[2011/09/01 03:31:34 | 000,006,407 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/05/07 06:28:22 | 000,009,450 | -HS- | C] () -- C:\Users\joylynn\AppData\Local\vcld8ur6r20st846jff156851eb2b12575o
[2011/05/07 06:28:22 | 000,009,450 | -HS- | C] () -- C:\ProgramData\vcld8ur6r20st846jff156851eb2b12575o
[2010/03/18 21:05:32 | 000,201,462 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/01/26 02:00:24 | 000,146,891 | ---- | C] () -- C:\Windows\hpoins31.dat
[2010/01/22 07:05:56 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2010/01/22 07:05:56 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2010/01/22 07:05:56 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2010/01/22 07:05:56 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2010/01/22 07:05:56 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2010/01/22 06:15:56 | 000,000,036 | ---- | C] () -- C:\Users\joylynn\AppData\Local\housecall.guid.cache
[2009/11/29 23:46:01 | 000,000,000 | ---- | C] () -- C:\Users\joylynn\AppData\Roaming\wklnhst.dat
[2009/10/15 20:01:34 | 000,001,356 | ---- | C] () -- C:\Users\joylynn\AppData\Local\d3d9caps.dat
[2009/06/11 02:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2008/12/11 14:11:44 | 000,000,945 | ---- | C] () -- C:\Windows\hpomdl31.dat
[2008/09/14 22:33:06 | 000,000,008 | ---- | C] () -- C:\Users\joylynn\AppData\Local\.mpid
[2008/08/31 02:00:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/31 02:00:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/03 16:51:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/31 04:44:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/25 03:25:34 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/03/25 03:25:33 | 000,065,536 | ---- | C] () -- C:\Windows\System32\adistres.dll
[2008/02/06 07:17:47 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2008/01/30 03:00:54 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/01/14 03:13:55 | 000,054,272 | ---- | C] () -- C:\Users\joylynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/02 15:07:12 | 000,001,284 | ---- | C] () -- C:\Windows\photoimpression.ini
[2007/12/02 13:28:32 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007/11/02 12:11:32 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/09/27 07:08:42 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/09/27 06:56:01 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/09/27 06:53:37 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/09/27 06:53:37 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/09/12 09:19:56 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2007/07/19 07:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 002,482,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:24:01 | 046,249,416 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2006/03/20 11:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 11:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006/03/20 11:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/03/20 11:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 11:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006/03/20 11:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006/03/20 11:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006/03/20 11:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006/03/20 11:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1999/03/21 09:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Thanks,
rjmc
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 8th, 2011, 12:29 pm

Hi rjmc,

Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Creat.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE - HKU\S-1-5-21-3513781084-200415242-206230267-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
    FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    [2010/04/17 15:55:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/11/03 07:25:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3513781084-200415242-206230267-1000\..Trusted Domains: secureserver.net ([email] http in Trusted sites)
    O15 - HKU\S-1-5-21-3513781084-200415242-206230267-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
    [2011/11/08 04:43:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/08 04:43:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/07 17:00:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
    [2011/11/06 03:58:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RegCure.job
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayTrayManager]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ceb365-4de2-11dd-88bb-001d609c520a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e52ebc9d-4037-11de-a988-001d609c520a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f26fe9d4-cb34-11dc-bf67-001d609c520a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f26fe9d5-cb34-11dc-bf67-001d609c520a}]
    
    :files
    c:\users\joylynn\BITE4F2.tmp
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [resethosts]
    [clearallrestorepoints]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download Junction.zip and save it to your desktop.

  • Right click Junction.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next
  • Click Browse
  • When the "select a destination" box opens, click My Computer > Local Disk (C:) > Windows > OK
  • Back at the Extraction Wizard, click Next.
  • Untick "Show Extracted Files" and click Finish

  • Click on Start > All programs > Accessories > Run, Copy and paste the contents of the codebox below into the run box.
    (Do Not include Code:) Then click OK:
Code: Select all
cmd /c junction -s c:\ >log.txt&log.txt&del log.txt
  • A command window will open and the system will be scanned. (Click Agree to the prompt)
  • Please be patient & wait untill a log file opens in notepad.
  • Copy and paste the contents of that file in your next reply.


Logs/Information to Post in your Next Reply

  • OTL log.
  • Junction log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 8th, 2011, 7:50 pm

Hi Cypher,

Attached is the OTL log. I extracted junction.zip in windows folder, but when I ran the code a command window popped up and disappeared. I don't even get a chance to read what it says, cuz it just flashes on the screen and disappears. Did I do something wrong?

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3513781084-200415242-206230267-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=" removed from browser.search.defaulturl
Prefs.js: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry key HKEY_USERS\S-1-5-21-3513781084-200415242-206230267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\secureserver.net\email\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3513781084-200415242-206230267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control Web-Based Email Tools
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\Tasks\RegCure Program Check.job moved successfully.
C:\Windows\Tasks\RegCure.job moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayTrayManager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ceb365-4de2-11dd-88bb-001d609c520a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80ceb365-4de2-11dd-88bb-001d609c520a}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e52ebc9d-4037-11de-a988-001d609c520a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e52ebc9d-4037-11de-a988-001d609c520a}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f26fe9d4-cb34-11dc-bf67-001d609c520a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f26fe9d4-cb34-11dc-bf67-001d609c520a}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f26fe9d5-cb34-11dc-bf67-001d609c520a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f26fe9d5-cb34-11dc-bf67-001d609c520a}\ not found.
========== FILES ==========
File\Folder c:\users\joylynn\BITE4F2.tmp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\joylynn\Desktop\cmd.bat deleted successfully.
C:\Users\joylynn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: joylynn
->Flash cache emptied: 1656 bytes

User: LogMeInRemoteUser

User: Public

Total Flash Files Cleaned = 0.00 mb
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 9th, 2011, 7:40 am

Hi rjmc,
I extracted junction.zip in windows folder, but when I ran the code a command window popped up and disappeared. I don't even get a chance to read what it says, cuz it just flashes on the screen and disappears.
Did you save Junction.zip to your desktop and extract it there?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 9th, 2011, 8:45 am

Hi Cypher,

I saved junction.zip on the desktop, but didn't extract it on the desktop. I extracted it in C: > Windows folder.
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 9th, 2011, 12:37 pm

Hi rjmc,
I saved junction.zip on the desktop, but didn't extract it on the desktop. I extracted it in C: > Windows folder.

junction.exe needs to be saved to your C:\ drive. So it appears as C:\junction.exe.
Can you confirm that is the location where you have saved it?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 9th, 2011, 6:14 pm

Hi Cypher,

I moved junction.exe to the c drive, so it appears as C:\junction.exe and then ran the code. Same thing happened. It flashed and disappeared. In IE, the ad page redirects started again.

Thanks,
rjmc
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 10th, 2011, 7:20 am

Hi rjmc,
I moved junction.exe to the c drive, so it appears as C:\junction.exe and then ran the code. Same thing happened. It flashed and disappeared

Ok lets try this.

  • Copy all text in the quote box (below)...to Notepad, Do not include the word Quote:
    @ECHO OFF
    cd c:\
    junction -s c:\>log.txt
    start log.txt
    del %0
  • Save it to your desktop as File name: junc.bat.
  • Save as type: All Files.
    Image
    junc.bat<<------------- you should see this on your desktop.
  • Right click on junc.bat and select " Run as administrator " to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • A file should appear on your Desktop. Please post the contents of this file.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware