Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Requesting Help with Suspected Browser Redirect Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 4th, 2012, 9:10 am

Hi Tony :) Hopefully we have it narrowed down.

MBR Scan
  • Download MBR Scan from here
  • Save the program to your desktop.
  • Double Click on the icon to launch the program.
  • Click the Dump button.
  • Close the program.
  • A file Dump_Hdd0_DR0.mbr will be created in the same folder that the tool is run from. (Your desktop)


Then


Virus Total
  • Go to http://www.virustotal.com
  • Click on "Choose File"
  • When the box opens navigate to the file that MBR scan just created.
  • Click open,
  • Then click "scan it"
  • Wait for the scan to finish and post the results here.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.
Advertisement
Register to Remove

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 4th, 2012, 10:16 am

Before I forget to mention it, I'll be traveling for 5 days beginning on 9/8; no email or internet connection during that time. In case our efforts take that long, wouldn't want you to think I'd stopped responding w/o cause. Thanks again.




SHA256: d8e9236bd1889bbe9aa79fd751e7b8504b81a6b9ef26699bd5c90010a49c7f16
SHA1: 6f0849dc625e624ae432069a5298de7abc8db1d6
MD5: e0829052e9e0a36a146ebb66c87517e2
File size: 512 bytes ( 512 bytes )
File name: Dump_Hdd0_DR0.mbr
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-09-04 14:07:46 UTC ( 0 minutes ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120904
AntiVir - 20120904
Antiy-AVL - 20120904
Avast - 20120904
AVG - 20120904
BitDefender - 20120904
ByteHero - 20120830
CAT-QuickHeal - 20120904
ClamAV - 20120904
Commtouch - 20120904
Comodo - 20120904
DrWeb - 20120904
Emsisoft - 20120904
eSafe - 20120904
ESET-NOD32 - 20120904
F-Prot - 20120903
F-Secure - 20120904
Fortinet - 20120830
GData - 20120904
Ikarus - 20120904
Jiangmin - 20120904
K7AntiVirus - 20120903
Kaspersky - 20120904
McAfee - 20120904
McAfee-GW-Edition - 20120904
Microsoft - 20120904
Norman - 20120904
nProtect - 20120904
Panda - 20120904
PCTools - 20120904
Rising - 20120904
Sophos - 20120904
SUPERAntiSpyware - 20120903
Symantec - 20120904
TheHacker - 20120903
TotalDefense - 20120904
TrendMicro - 20120904
TrendMicro-HouseCall - 20120904
VBA32 - 20120904
VIPRE - 20120904
ViRobot - 20120904
VirusBuster - 20120904
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 4th, 2012, 3:16 pm

Hi Tony :) Still not sure whats causing this but atleast its not your MBR

Please download GooredFix from the location below and save it to your Desktop
Download me
  • Now Ensure all Firefox windows are closed.
  • To run the tool, double-click it.
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Then

Run OTL again :)

So in you next reply post the GooredFix log and the OTL log and if theres any change in the behaviour.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 4th, 2012, 4:34 pm

Here we are.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:09 on 04/09/2012 (JMT)
Firefox version 14.0.1 (en-US)

========== GooredScan ==========

Removing Orphan:
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:37 07/08/2012]

C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\ea3wzgla.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [20:06 14/03/2011]

C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions\
staged-xpis [14:09 26/11/2010]
{20a82645-c095-46ed-80e3-08825760534b} [14:09 26/11/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:12 18/06/2009]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [19:22 20/11/2011]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [23:59 13/06/2011]

-=E.O.F=




OTL logfile created on: 9/4/2012 4:11:34 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\JMT\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 77.89% Memory free
7.24 Gb Paging File | 6.52 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): C:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.03 Gb Total Space | 52.80 Gb Free Space | 17.90% Space Free | Partition Type: NTFS

Computer Name: JET-MAIN | User Name: JMT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/31 12:02:03 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/31 09:34:56 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JMT\Desktop\OTL.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/08 18:40:58 | 000,128,560 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2003/11/07 05:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE


========== Modules (No Company Name) ==========

MOD - [2012/09/04 02:47:14 | 001,806,336 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12090400\algo.dll
MOD - [2012/06/13 06:52:27 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/13 06:52:25 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 06:52:25 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/13 06:52:16 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/05/14 07:11:10 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/14 07:09:27 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/14 07:09:16 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/12/20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe


========== Services (SafeList) ==========

SRV - [2012/08/31 12:02:03 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/29 11:03:23 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\yeddef.sys -- (yeddef)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\qcmdmxp.sys -- (qcusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\qcserxp.sys -- (qcserxp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\JMT\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/02 02:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/08/25 23:33:38 | 005,386,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/06/22 19:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 17:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/01/15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/07/23 10:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 10:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 10:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/07/13 12:32:16 | 000,044,672 | ---- | M] (Net6, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/11/07 05:50:00 | 000,014,092 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcfltr)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6071210
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=6071210
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{C9DB3E52-7E89-4062-BB58-E8EA37FE2181}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/11/20 15:22:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/28 07:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/29 11:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/29 11:21:55 | 000,000,000 | ---D | M]

[2010/11/26 10:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Extensions
[2012/08/28 17:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\ea3wzgla.default\extensions
[2011/03/14 16:06:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\ea3wzgla.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/28 17:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions
[2010/11/26 10:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/26 10:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions\staged-xpis
[2012/08/07 17:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/11 10:39:00 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JMT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EA3WZGLA.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/03/28 14:44:03 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JMT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EA3WZGLA.DEFAULT\EXTENSIONS\OVSQDLGIHF@OVSQDLGIHF.ORG.XPI
[2012/08/28 07:18:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 11:21:10 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 162100 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Disabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Disabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/03 08:37:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scan ... ProExe.cab (Scanner.SysScanner)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/ ... earadj.CAB (CTAdjust Class)
O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://216.85.228.130:1009/net6helper.cab (Net6Launcher Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/ ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://medspheremeetings.webex.com/cli ... eatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B27B511E-3224-4157-8C06-9B214956C328}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\JMT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JMT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/04 16:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JMT\Desktop\GooredFix Backups
[2012/09/04 16:07:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\JMT\Desktop\GooredFix.exe
[2012/09/04 10:05:17 | 000,147,456 | ---- | C] (Eric_71) -- C:\Documents and Settings\JMT\Desktop\MbrScan.exe
[2012/09/03 14:38:58 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JMT\Desktop\tdsskiller.exe
[2012/09/03 08:29:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/03 08:26:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/03 08:26:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/03 08:26:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/03 08:26:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/03 08:26:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/02 10:14:15 | 004,743,334 | R--- | C] (Swearware) -- C:\Documents and Settings\JMT\Desktop\ComboFix.exe
[2012/09/01 11:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JMT\Desktop\RK_Quarantine
[2012/09/01 11:38:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/31 12:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/31 12:02:25 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/31 12:02:25 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/31 12:02:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/31 12:02:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/31 12:02:18 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/31 09:44:44 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\JMT\Desktop\jxpiinstall.exe
[2012/08/31 09:38:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/08/31 09:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/08/31 09:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/31 09:35:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\JMT\Desktop\aswMBR.exe
[2012/08/31 09:34:55 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JMT\Desktop\OTL.exe
[2012/08/31 09:32:24 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\JMT\Desktop\erunt-setup.exe
[2012/08/29 12:43:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\JMT\Desktop\dds.com
[2012/08/29 11:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/08/29 11:21:19 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/08/29 11:21:07 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/08/29 11:21:07 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/08/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/08/29 11:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/08/29 11:15:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/08/29 11:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/29 10:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/08/29 10:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/08/29 10:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JMT\Local Settings\Application Data\Sun
[2012/08/29 10:35:02 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/08/29 10:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/09 19:08:25 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/07 17:48:27 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2009/03/31 15:32:18 | 000,816,660 | ---- | C] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\CitrixSAClient.exe

========== Files - Modified Within 30 Days ==========

[2012/09/04 16:22:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1083122780-658728187-3054398155-1009UA.job
[2012/09/04 16:08:26 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/04 16:08:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/04 16:08:14 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
[2012/09/04 16:07:29 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\JMT\Desktop\GooredFix.exe
[2012/09/04 15:50:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/04 15:12:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
[2012/09/04 10:22:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1083122780-658728187-3054398155-1009Core.job
[2012/09/04 10:05:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JMT\Desktop\Dump_Hdd0_DR0.mbr
[2012/09/04 10:05:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JMT\Desktop\Dump_DR0.mbr
[2012/09/04 10:05:17 | 000,147,456 | ---- | M] (Eric_71) -- C:\Documents and Settings\JMT\Desktop\MbrScan.exe
[2012/09/03 14:39:03 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JMT\Desktop\tdsskiller.exe
[2012/09/03 08:37:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/03 08:29:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/09/03 08:19:36 | 004,743,334 | R--- | M] (Swearware) -- C:\Documents and Settings\JMT\Desktop\ComboFix.exe
[2012/09/02 10:24:22 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\JMT\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/02 10:16:29 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\JMT\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/09/02 10:10:47 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\JMT\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/09/02 09:49:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/01 11:37:11 | 001,376,768 | ---- | M] () -- C:\Documents and Settings\JMT\Desktop\RogueKiller.exe
[2012/08/31 19:25:50 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mSecure.lnk
[2012/08/31 14:34:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JMT\Desktop\MBR.dat
[2012/08/31 12:02:04 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/31 12:02:01 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/31 12:02:01 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/31 12:02:01 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/31 12:02:01 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/31 12:02:00 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/31 09:44:45 | 000,894,952 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\JMT\Desktop\jxpiinstall.exe
[2012/08/31 09:37:08 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\JMT\Desktop\ERUNT.lnk
[2012/08/31 09:35:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\JMT\Desktop\aswMBR.exe
[2012/08/31 09:34:56 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JMT\Desktop\OTL.exe
[2012/08/31 09:32:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\JMT\Desktop\erunt-setup.exe
[2012/08/29 12:43:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\JMT\Desktop\dds.com
[2012/08/29 11:21:19 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/08/29 11:21:07 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/08/29 11:21:07 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/08/29 11:21:05 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/08/29 11:03:23 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/29 11:03:23 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/29 10:43:29 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\JMT\Desktop\New Internet Shortcut.url
[2012/08/29 10:34:37 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/08/28 08:37:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/28 07:18:18 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/28 04:57:00 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 05:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/20 09:02:30 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/20 08:18:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/09/04 10:05:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JMT\Desktop\Dump_DR0.mbr
[2012/09/04 10:05:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JMT\Desktop\Dump_Hdd0_DR0.mbr
[2012/09/03 08:29:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/09/03 08:29:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/03 08:26:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/03 08:26:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/03 08:26:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/03 08:26:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/03 08:26:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/01 11:37:10 | 001,376,768 | ---- | C] () -- C:\Documents and Settings\JMT\Desktop\RogueKiller.exe
[2012/08/31 14:34:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JMT\Desktop\MBR.dat
[2012/08/31 09:37:08 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\JMT\Desktop\ERUNT.lnk
[2012/08/29 11:23:45 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
[2012/08/29 11:23:45 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
[2012/08/29 10:43:14 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\JMT\Desktop\New Internet Shortcut.url
[2012/08/09 19:08:26 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/15 11:08:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 14:20:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/08 13:34:15 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/08 13:34:15 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/08 13:34:15 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/08 13:34:15 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/08 13:34:14 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/08 13:34:14 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/08 13:34:14 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/08 13:34:14 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/08 13:34:14 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/08 13:34:14 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/08 13:34:14 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/08 13:34:14 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/08 13:34:14 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/08 13:34:14 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/08 13:34:14 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/08 13:34:14 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/08 13:34:02 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin
[2012/01/08 13:33:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini
[2011/11/20 15:14:40 | 000,148,931 | ---- | C] () -- C:\WINDOWS\hphins31.dat
[2011/11/20 15:14:40 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat
[2011/11/20 14:58:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2011/11/20 14:58:18 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/11/20 14:58:18 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/11/20 11:34:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/11/17 18:45:05 | 000,077,425 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2011/11/17 18:02:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2011/05/13 10:05:51 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat.temp
[2011/01/29 13:14:34 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\JMT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/26 21:22:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/26 10:09:11 | 000,001,208 | RHS- | C] () -- C:\Documents and Settings\JMT\ntuser.pol
[2010/11/26 10:09:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\JMT\Local Settings\Application Data\fusioncache.dat
[2010/10/04 21:49:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/01/02 21:50:26 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
[2008/01/02 21:50:26 | 000,000,164 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat

< End of report >
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 5th, 2012, 10:19 am

Hi Tony :) Hopefully we could finish this today. I'm nearly sure I have the problem.... Eventually :)

This scan should pick up the problem. Please be patient as it will take a while.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 5th, 2012, 1:16 pm

Hello maxi - ESET scan looks productive. Here is the log. :)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aeff0d472123f847b2901c69a8e0abab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-05 04:48:24
# local_time=2012-09-05 12:48:24 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=183063
# found=10
# cleaned=0
# scan_time=6750
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\001vlo1w.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi JS/Redirector.NBX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\ea3wzgla.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi JS/Redirector.NBX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi JS/Redirector.NBX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadpelidbmgpigbbjaepddnkckajjidg\background.html Win32/BHO.OEI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\0xkj5ov4.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi JS/Redirector.NBX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Tony\My Documents\My Software\cdbxp_setup_4.3.8.2631.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1622\A2438267.dll a variant of Win32/Bunndle application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1622\A2438284.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1622\A2438286.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 5th, 2012, 3:11 pm

Hi tony, Thats what I wanted to see :)

Run OTL Script

We need to run an OTL Fix

  • Double click on OTL.exe to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    
    :files
    C:\Documents and Settings\Tony\My Documents\My Software\cdbxp_setup_4.3.8.2631.exe
    C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\0xkj5ov4.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi
    C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadpelidbmgpigbbjaepddnkckajjidg\background.html
    C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi
    C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\ea3wzgla.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi
    C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\001vlo1w.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
    
    :commands
    
    [emptytemp]
    [clearallrestorepoints]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Then
Update and run a "quick scan" with Malwarebytes.


In your next reply please include:
The OTL log.
The Mbam log.
Any issues you are still having.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 5th, 2012, 3:41 pm

maxi, this is looking good. Did some Google searches in Chrome and FF w/o any attempted redirects or any such nonsense. MBAM came back clean. What will our next step be?

OTL and MBAM logs.



All processes killed
========== FILES ==========
C:\Documents and Settings\Tony\My Documents\My Software\cdbxp_setup_4.3.8.2631.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\0xkj5ov4.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadpelidbmgpigbbjaepddnkckajjidg\background.html moved successfully.
C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi moved successfully.
C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\ea3wzgla.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi moved successfully.
C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\001vlo1w.default\extensions\ovsqdlgihf@ovsqdlgihf.org.xpi moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: backup Jena
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Emily
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JMT
->Temp folder emptied: 693186 bytes
->Temporary Internet Files folder emptied: 662831 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 690372528 bytes
->Google Chrome cache emptied: 28133059 bytes
->Flash cache emptied: 544 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Tony
->Temp folder emptied: 591796 bytes
->Temporary Internet Files folder emptied: 44084 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17111417 bytes
->Flash cache emptied: 492 bytes

User: vhaispthompw

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47211 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 704.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.59.1 log created on 09052012_151447

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





Malwarebytes Anti-Malware 1.62.0.1300
http://www.malwarebytes.org

Database version: v2012.09.05.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
JMT :: JET-MAIN [administrator]

9/5/2012 3:23:09 PM
mbam-log-2012-09-05 (15-23-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286288
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 5th, 2012, 3:48 pm

Good news :) Nearly there

Security Check

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 5th, 2012, 4:21 pm

Here we are...



Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 6th, 2012, 10:24 am

Hi Tony :) Looking good :happy8:

There are a few things to do before your done. Your Internet Explorer and Adobe Reader are out of date. You should Uninstall "Adobe Reader 8" via add/remove programs in Control Panel and install the latest version from the link below.

You can get the latest Adobe Reader from here (Untick Mcafee Security Scan)

Also I would recommend you update to IE8 as using IE7 is leaving you wide open to infection. You can download it from here


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now safely remove any tools left on your Desktop

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Malwarebytes' Anti-Malware
I recommend you update this program and do a quick scan once a Week.


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Gary r and wingman on how to stay safe and secure online

Happy surfing and stay clean!
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 6th, 2012, 12:27 pm

maxi :D Thank you so much for the assistance! Things are working well here now. I have followed your clean up and restore instructions and will definitely study the other material you provided.
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 6th, 2012, 1:43 pm

Your very welcome :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby NonSuch » September 6th, 2012, 2:10 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware