Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

apype.com


  • Please log in to reply
14 replies to this topic

#1 Mcglynn77

Mcglynn77

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 06 February 2013 - 07:45 PM

I need help. My homepage has been stolen by this evil hijacker.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 06 February 2013 - 08:32 PM

Welcome Mcglynn77
Let's get some info and logs.


MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
>>>

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>


Junkware Removal Tool
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

>>>>

Now I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 09 February 2013 - 03:39 PM

MiniToolBox by Farbar  Version:10-01-2013
Ran by Matt (administrator) on 09-02-2013 at 15:26:10
Running from "C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3R8726C0"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Matt-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card
   Physical Address. . . . . . . . . : 00-22-5F-01-78-86
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4013:85f5:13f9:6170%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, February 09, 2013 3:22:54 PM
   Lease Expires . . . . . . . . . . : Sunday, February 10, 2013 3:22:54 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 301998687
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-F3-82-01-00-21-70-74-5C-5B
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
   Physical Address. . . . . . . . . : 00-21-70-74-5C-5B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.gateway.2wire.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:34c2:b:9cbb:e70(Preferred)
   Link-local IPv6 Address . . . . . : fe80::34c2:b:9cbb:e70%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 18:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{88A3A91A-31A8-4122-909C-28517617BE48}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  homeportal
Address:  192.168.1.254

Name:    google.com
Addresses:  2001:4860:4002:801::1003
   74.125.227.32
   74.125.227.33
   74.125.227.34
   74.125.227.35
   74.125.227.36
   74.125.227.37
   74.125.227.38
   74.125.227.39
   74.125.227.40
   74.125.227.41
   74.125.227.46

Pinging google.com [74.125.227.33] with 32 bytes of data:

Reply from 74.125.227.33: bytes=32 time=58ms TTL=49

Reply from 74.125.227.33: bytes=32 time=58ms TTL=49

Ping statistics for 74.125.227.33:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 58ms, Maximum = 58ms, Average = 58ms

Server:  homeportal
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=90ms TTL=47

Reply from 98.138.253.109: bytes=32 time=185ms TTL=47

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 90ms, Maximum = 185ms, Average = 137ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=28ms TTL=128

Reply from 127.0.0.1: bytes=32 time=5ms TTL=128

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 5ms, Maximum = 28ms, Average = 16ms

===========================================================================
Interface List
12 ...00 22 5f 01 78 86 ...... Dell Wireless 1395 WLAN Mini-Card
10 ...00 21 70 74 5c 5b ...... Broadcom 440x 10/100 Integrated Controller
  1 ........................... Software Loopback Interface 1
19 ...00 00 00 00 00 00 00 e0  isatap.gateway.2wire.net
22 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
23 ...00 00 00 00 00 00 00 e0  isatap.{88A3A91A-31A8-4122-909C-28517617BE48}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.67     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.67    281
     192.168.1.67  255.255.255.255         On-link      192.168.1.67    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.67    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.67    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.67    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
11     18 ::/0                     On-link
  1    306 ::1/128                  On-link
11     18 2001::/32                On-link
11    266 2001:0:9d38:953c:34c2:b:9cbb:e70/128
                                    On-link
12    281 fe80::/64                On-link
11    266 fe80::/64                On-link
11    266 fe80::34c2:b:9cbb:e70/128
                                    On-link
12    281 fe80::4013:85f5:13f9:6170/128
                                    On-link
  1    306 ff00::/8                 On-link
11    266 ff00::/8                 On-link
12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/08/2013 05:42:09 PM) (Source: Application Error) (User: )
Description: Faulting application javaw.exe, version 7.0.90.5, time stamp 0x50613ce1, faulting module nvoglv32.dll, version 8.15.11.8621, time stamp 0x4a37bfdd, exception code 0xc0000005, fault offset 0x005994be,
process id 0x12b0, application start time 0xjavaw.exe0.

Error: (02/06/2013 08:23:57 PM) (Source: Application Error) (User: )
Description: Faulting application javaw.exe, version 7.0.90.5, time stamp 0x50613ce1, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000374, fault offset 0x000b06b7,
process id 0x179c, application start time 0xjavaw.exe0.

Error: (02/06/2013 06:58:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2013 06:58:19 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index metadata cannot be read.   (0xc0041801)

Error: (02/06/2013 06:58:19 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index metadata cannot be read.   (0xc0041801)

Error: (02/06/2013 06:58:19 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found.   (0x80070490)

Error: (02/06/2013 06:58:16 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index metadata cannot be read.   (0xc0041801)

Error: (02/06/2013 06:58:16 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
0x%08x (0xc0041800 - The content index cannot be read.  )

Error: (02/06/2013 06:58:16 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
The content index metadata cannot be read.   (0xc0041801)

Error: (02/06/2013 06:58:16 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
The content index cannot be read.   (0xc0041800)


System errors:
=============
Error: (02/09/2013 03:23:08 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/09/2013 03:23:07 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/09/2013 03:23:06 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/09/2013 03:23:03 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/09/2013 03:23:01 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/09/2013 02:40:35 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/09/2013 02:40:33 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/09/2013 02:40:33 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/09/2013 02:40:32 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/09/2013 02:40:28 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2


Microsoft Office Sessions:
=========================
Error: (02/08/2013 05:42:09 PM) (Source: Application Error)(User: )
Description: javaw.exe7.0.90.550613ce1nvoglv32.dll8.15.11.86214a37bfddc0000005005994be12b001ce064aa040c930

Error: (02/06/2013 08:23:57 PM) (Source: Application Error)(User: )
Description: javaw.exe7.0.90.550613ce1ntdll.dll6.0.6002.185414ec3e3d5c0000374000b06b7179c01ce04d05810ae80

Error: (02/06/2013 06:58:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2013 06:58:19 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
The content index metadata cannot be read.   (0xc0041801)

Error: (02/06/2013 06:58:19 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index metadata cannot be read.   (0xc0041801)

Error: (02/06/2013 06:58:19 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found.   (0x80070490)
Search.TripoliIndexer

Error: (02/06/2013 06:58:16 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index metadata cannot be read.   (0xc0041801)
Search.JetPropStore

Error: (02/06/2013 06:58:16 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
0x%08x (0xc0041800 - The content index cannot be read.  )

Error: (02/06/2013 06:58:16 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index metadata cannot be read.   (0xc0041801)

Error: (02/06/2013 06:58:16 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index cannot be read.   (0xc0041800)


CodeIntegrity Errors:
===================================
  Date: 2013-02-07 15:53:42.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-07 15:53:41.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-07 15:53:41.417
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-07 15:53:40.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-07 15:53:40.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-07 15:53:40.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-07 15:52:12.860
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-07 15:52:12.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-07 15:52:11.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-07 15:52:11.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (Version: 2.0.4)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.149)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Advanced Audio FX Engine
Advanced Video FX Engine
AOL Toolbar
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar Updater (Version: 1.2.0.20007)
Auto Avatar Prerequisites (Version: 1.10.0011)
avast! Internet Security (Version: 6.0.1367.0)
Bing Bar (Version: 7.1.391.0)
Bloggie Software (Version: 03.01.0099)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
Broadcom Management Programs (Version: 10.15.03)
Cisco EAP-FAST Module (Version: 2.0.26)
Cisco LEAP Module (Version: 1.0.11)
Cisco PEAP Module (Version: 1.0.12)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 7.1.102.7)
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card (Version: 4.170.25.12)
Dell WUSB (Version: 1.3.98.8)
DivX Setup (Version: 2.4.1.4)
Driver Whiz (Version: 8.0.1)
Google Chrome (Version: 24.0.1312.57)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.135)
Hawkes Update Service Manager (Version: 1.0.1)
iCloud (Version: 2.1.1.3)
Intel® PROSet/Wireless Software (Version: 11.5.0000)
Intermediate Algebra (Fall 2012 Student) (Version: 6.2.5)
iTunes (Version: 11.0.1.12)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (Version: 6.0.310)
Laptop Integrated Webcam Driver (1.04.01.1011) 
LEGO® Stop Animation Studio (Version: 1.0.0.14)
Lexmark 3600-4600 Series
Lexmark Fax Solutions
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
McAfee Security Scan Plus (Version: 3.0.313.1)
mCorev32.ism_new (Version: 11.02.0000)
mCPlug (Version: 11.02.0000)
mDriver (Version: 11.02.0000)
MediaDirect (Version: 3.5)
mHelp (Version: 11.02.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Media Video 9 VCM
mMHouse (Version: 11.02.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 16.0 (x86 en-US) (Version: 16.0)
Mozilla Firefox 4.0b8 (x86 en-US) (Version: 4.0b8)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
Mozilla Maintenance Service (Version: 16.0)
mPfMgr (Version: 11.02.0000)
mWMI (Version: 11.02.0000)
MyTomTom 3.2.0.802 (Version: 3.2.0.802)
NVIDIA Drivers (Version: 1.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OutlookAddinSetup (Version: 1.0.0)
Plants vs. Zombies
QuickTime (Version: 7.73.80.64)
RICOH Media Driver ver.2.07.01.04 (Version: 2.07.01.04)
Safari (Version: 5.34.57.2)
SigmaTel Audio (Version: 5.10.5210.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
SpeedyPC Pro (Version: 3.1.6.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
Windows Driver Package - Digital Blue (CoachUsb) Image  (05/15/2009 4.75.1.0.32) (Version: 05/15/2009 4.75.1.0.32)
Windows Driver Package - Digital Blue (CoachVid) Image  (05/15/2009 4.75.1.0.32) (Version: 05/15/2009 4.75.1.0.32)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 2045.31 MB
Available physical RAM: 1204.71 MB
Total Pagefile: 4331.88 MB
Available Pagefile: 2505.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.12 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:220.29 GB) (Free:88.68 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.4 GB) NTFS

========================= Users: ========================================

User accounts for \\MATT-PC

Administrator            ASPNET                   Guest                   
Matt                    


**** End of log ****



#4 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 09 February 2013 - 03:48 PM

here is the adw cleaner log.

 

# AdwCleaner v2.111 - Logfile created 02/09/2013 at 15:40:44
# Updated 05/02/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Matt - MATT-PC
# Boot Mode : Normal
# Running from : C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TK810LL9\AdwCleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0 (en-US)

File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ej0h6xlg.default\prefs.js

C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ej0h6xlg.default\user.js ... Deleted !

Deleted : user_pref("FirstSearch.aol_toolbar.search.hasDoneFirst", 1);
Deleted : user_pref("aol_toolbar.button.netflix_46519.click", "1");
Deleted : user_pref("aol_toolbar.button.radio_46530.click", "1");
Deleted : user_pref("aol_toolbar.button.twitter_40883.click", "1");
Deleted : user_pref("aol_toolbar.button.yahoo_mail_46508.click", "1");
Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;e[...]
Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{58CDF97A-6B2F-D529-A1AD-21C3730A94BB}");
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9085");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "9");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "1");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "15");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "1");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1360432259571");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "15-01-2013");
Deleted : user_pref("aol_toolbar.search.focusnewtab", true);
Deleted : user_pref("aol_toolbar.search.instd", "2013011555009173");
Deleted : user_pref("aol_toolbar.search.newtab", true);
Deleted : user_pref("aol_toolbar.search.oid", "15-01-2013");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "2");
Deleted : user_pref("aol_toolbar.surf.lastDate", "8");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "1");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "54");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "398");
Deleted : user_pref("aol_toolbar.surf.total", "467");
Deleted : user_pref("aol_toolbar.surf.week", "16");
Deleted : user_pref("aol_toolbar.surf.year", "451");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "-2");
Deleted : user_pref("aol_toolbar.weather.degf", "28");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/21.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Haze");
Deleted : user_pref("aol_toolbar.weather.update", "1360432259613");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6142 octets] - [09/02/2013 15:40:44]

########## EOF - C:\AdwCleaner[S1].txt - [6202 octets] ##########



#5 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 09 February 2013 - 04:09 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows Vista ™ Home Premium x86
Ran by Matt on Sat 02/09/2013 at 15:52:51.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{c0415407-4ed2-48e1-900e-ee869abdd1f3}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{c0415407-4ed2-48e1-900e-ee869abdd1f3}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-198231331-892274647-4213309580-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{c0415407-4ed2-48e1-900e-ee869abdd1f3}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{c0415407-4ed2-48e1-900e-ee869abdd1f3}

 

~~~ Files

Successfully deleted: [File] "C:\Users\Public\Desktop\Play More Great Games!.url"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\speedypc software"
Failed to delete: [Folder] "C:\Program Files\a youtube downloader free"
Successfully deleted: [Folder] "C:\Program Files\speedypc software"
Successfully deleted: [Folder] "C:\Program Files\Common Files\speedypc software"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\microsoft\windows\start menu\programs\speedypc software"

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\ej0h6xlg.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\[email protected]
Successfully deleted the following from C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\ej0h6xlg.default\prefs.js

user_pref("browser.newtab.url", "hxxp://apype.com");
user_pref("browser.startup.homepage", "hxxp://apype.com");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
user_pref("keyword.URL", "hxxp://apype.com/results.php?q=");
Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\ej0h6xlg.default\minidumps [1 files]

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/09/2013 at 16:03:11.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 09 February 2013 - 05:24 PM

I see  a removal. is the page OK now?

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 10 February 2013 - 08:05 AM


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows Vista ™ Home Premium x86
Ran by Matt on Sat 02/09/2013 at 15:52:51.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{c0415407-4ed2-48e1-900e-ee869abdd1f3}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{c0415407-4ed2-48e1-900e-ee869abdd1f3}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-198231331-892274647-4213309580-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{c0415407-4ed2-48e1-900e-ee869abdd1f3}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{c0415407-4ed2-48e1-900e-ee869abdd1f3}

 

~~~ Files

Successfully deleted: [File] "C:\Users\Public\Desktop\Play More Great Games!.url"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\speedypc software"
Failed to delete: [Folder] "C:\Program Files\a youtube downloader free"
Successfully deleted: [Folder] "C:\Program Files\speedypc software"
Successfully deleted: [Folder] "C:\Program Files\Common Files\speedypc software"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\microsoft\windows\start menu\programs\speedypc software"

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\ej0h6xlg.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\[email protected]
Successfully deleted the following from C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\ej0h6xlg.default\prefs.js

user_pref("browser.newtab.url", "hxxp://apype.com");
user_pref("browser.startup.homepage", "hxxp://apype.com");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
user_pref("keyword.URL", "hxxp://apype.com/results.php?q=");
Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\ej0h6xlg.default\minidumps [1 files]

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/09/2013 at 16:03:11.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 10 February 2013 - 08:12 AM

The Apype.com is gone from firefox. thanks for the support, I was starting to go crazy dealing with it. this site is great.



#9 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 10 February 2013 - 08:16 AM

the apype.com / starburns is still coming up on internet explorer is there something i misssed?



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 10 February 2013 - 04:00 PM

Avoid using torrent downloads and Registry optimizers..

 

Go into Contol Panel >> Remove prorams and remove...

Java 7 Update 9 (Version: 7.0.90)
Java™ 6 Update 31 (Version: 6.0.310)

 

Reboot

 

Run these......

 

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

Do not reboot the computer, you will need to run the application again.
>>>>>

TDSS Alt
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.
 

Let me know if it's still there


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#11 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 10 February 2013 - 04:44 PM

16:37:53.0086 4236  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:37:53.0876 4236  ============================================================
16:37:53.0876 4236  Current date / time: 2013/02/10 16:37:53.0876
16:37:53.0876 4236  SystemInfo:
16:37:53.0877 4236 
16:37:53.0877 4236  OS Version: 6.0.6002 ServicePack: 2.0
16:37:53.0877 4236  Product type: Workstation
16:37:53.0877 4236  ComputerName: MATT-PC
16:37:53.0879 4236  UserName: Matt
16:37:53.0879 4236  Windows directory: C:\Windows
16:37:53.0879 4236  System windows directory: C:\Windows
16:37:53.0879 4236  Processor architecture: Intel x86
16:37:53.0879 4236  Number of processors: 2
16:37:53.0879 4236  Page size: 0x1000
16:37:53.0879 4236  Boot type: Normal boot
16:37:53.0879 4236  ============================================================
16:37:57.0614 4236  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:37:57.0620 4236  ============================================================
16:37:57.0620 4236  \Device\Harddisk0\DR0:
16:37:57.0620 4236  MBR partitions:
16:37:57.0620 4236  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
16:37:57.0620 4236  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x1B8957F8
16:37:57.0655 4236  ============================================================
16:37:57.0778 4236  C: <-> \Device\Harddisk0\DR0\Partition2
16:37:57.0811 4236  D: <-> \Device\Harddisk0\DR0\Partition1
16:37:57.0812 4236  ============================================================
16:37:57.0812 4236  Initialize success
16:37:57.0812 4236  ============================================================
16:38:08.0009 4384  ============================================================
16:38:08.0010 4384  Scan started
16:38:08.0010 4384  Mode: Manual;
16:38:08.0010 4384  ============================================================
16:38:09.0295 4384  ================ Scan system memory ========================
16:38:09.0295 4384  System memory - ok
16:38:09.0296 4384  ================ Scan services =============================
16:38:09.0748 4384  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:38:09.0756 4384  ACPI - ok
16:38:09.0924 4384  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:38:09.0926 4384  AdobeARMservice - ok
16:38:10.0112 4384  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:38:10.0119 4384  AdobeFlashPlayerUpdateSvc - ok
16:38:10.0182 4384  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:38:10.0195 4384  adp94xx - ok
16:38:10.0277 4384  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:38:10.0286 4384  adpahci - ok
16:38:10.0316 4384  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:38:10.0320 4384  adpu160m - ok
16:38:10.0360 4384  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:38:10.0365 4384  adpu320 - ok
16:38:10.0498 4384  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:38:10.0501 4384  AeLookupSvc - ok
16:38:10.0573 4384  [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters     C:\Windows\system32\aestsrv.exe
16:38:10.0575 4384  AESTFilters - ok
16:38:10.0663 4384  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
16:38:10.0671 4384  AFD - ok
16:38:10.0773 4384  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:38:10.0776 4384  agp440 - ok
16:38:10.0849 4384  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:38:10.0853 4384  aic78xx - ok
16:38:10.0916 4384  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
16:38:10.0918 4384  ALG - ok
16:38:10.0952 4384  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:38:10.0954 4384  aliide - ok
16:38:10.0992 4384  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:38:10.0994 4384  amdagp - ok
16:38:11.0017 4384  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:38:11.0019 4384  amdide - ok
16:38:11.0082 4384  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
16:38:11.0084 4384  AmdK7 - ok
16:38:11.0105 4384  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:38:11.0107 4384  AmdK8 - ok
16:38:11.0197 4384  [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
16:38:11.0202 4384  ApfiltrService - ok
16:38:11.0273 4384  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
16:38:11.0275 4384  Appinfo - ok
16:38:11.0462 4384  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:38:11.0466 4384  Apple Mobile Device - ok
16:38:11.0525 4384  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
16:38:11.0529 4384  arc - ok
16:38:11.0615 4384  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:38:11.0619 4384  arcsas - ok
16:38:11.0753 4384  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:38:11.0756 4384  aspnet_state - ok
16:38:11.0873 4384  [ 054DF24C92B55427E0757CFFF160E4F2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
16:38:11.0875 4384  aswFsBlk - ok
16:38:11.0947 4384  [ 9B88D53227E0BC1CE62A981B2FCD67C8 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
16:38:11.0951 4384  aswFW - ok
16:38:12.0057 4384  [ 258143605E77E4008F1758481D6A977D ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:38:12.0060 4384  aswMonFlt - ok
16:38:12.0137 4384  [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
16:38:12.0139 4384  aswNdis - ok
16:38:12.0197 4384  [ 2D26AAEE48A48E64129B4AE1D0AB3A3B ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
16:38:12.0203 4384  aswNdis2 - ok
16:38:12.0262 4384  [ 352D5A48EBAB35A7693B048679304831 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
16:38:12.0265 4384  aswRdr - ok
16:38:12.0324 4384  [ 8D34D2B24297E27D93E847319ABFDEC4 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:38:12.0336 4384  aswSnx - ok
16:38:12.0365 4384  [ 010012597333DA1F46C3243F33F8409E ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:38:12.0374 4384  aswSP - ok
16:38:12.0395 4384  [ F9F84364416658E9786235904D448D37 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
16:38:12.0399 4384  aswTdi - ok
16:38:12.0458 4384  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:38:12.0461 4384  AsyncMac - ok
16:38:12.0520 4384  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:38:12.0521 4384  atapi - ok
16:38:12.0612 4384  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:38:12.0621 4384  AudioEndpointBuilder - ok
16:38:12.0633 4384  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:38:12.0638 4384  Audiosrv - ok
16:38:12.0760 4384  [ 996E6D052438E8D8DFD501F31560B2E0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:38:12.0762 4384  avast! Antivirus - ok
16:38:12.0826 4384  [ 63D43BA2EA495A9F1C1740A513C7E00B ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
16:38:12.0828 4384  avast! Firewall - ok
16:38:12.0997 4384  BBSvc - ok
16:38:13.0047 4384  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:38:13.0055 4384  BBUpdate - ok
16:38:13.0075 4384  BCM42RLY - ok
16:38:13.0191 4384  [ CDF7F28FFD693B1B4137845DD1EF1CCC ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
16:38:13.0217 4384  BCM43XX - ok
16:38:13.0285 4384  [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
16:38:13.0288 4384  bcm4sbxp - ok
16:38:13.0383 4384  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:38:13.0472 4384  Beep - ok
16:38:13.0557 4384  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
16:38:13.0568 4384  BFE - ok
16:38:13.0662 4384  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
16:38:13.0681 4384  BITS - ok
16:38:13.0711 4384  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:38:13.0714 4384  blbdrive - ok
16:38:13.0775 4384  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:38:13.0778 4384  bowser - ok
16:38:13.0849 4384  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:38:13.0851 4384  BrFiltLo - ok
16:38:13.0871 4384  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:38:13.0874 4384  BrFiltUp - ok
16:38:13.0919 4384  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
16:38:13.0923 4384  Browser - ok
16:38:13.0956 4384  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:38:13.0960 4384  Brserid - ok
16:38:13.0993 4384  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:38:13.0996 4384  BrSerWdm - ok
16:38:14.0042 4384  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:38:14.0044 4384  BrUsbMdm - ok
16:38:14.0056 4384  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:38:14.0058 4384  BrUsbSer - ok
16:38:14.0126 4384  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:38:14.0129 4384  BTHMODEM - ok
16:38:14.0179 4384  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:38:14.0182 4384  cdfs - ok
16:38:14.0248 4384  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:38:14.0251 4384  cdrom - ok
16:38:14.0336 4384  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:38:14.0339 4384  CertPropSvc - ok
16:38:14.0398 4384  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
16:38:14.0401 4384  circlass - ok
16:38:14.0466 4384  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
16:38:14.0474 4384  CLFS - ok
16:38:14.0512 4384  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:38:14.0516 4384  clr_optimization_v2.0.50727_32 - ok
16:38:14.0669 4384  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:38:14.0717 4384  clr_optimization_v4.0.30319_32 - ok
16:38:14.0808 4384  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:38:14.0811 4384  CmBatt - ok
16:38:14.0856 4384  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:38:14.0859 4384  cmdide - ok
16:38:14.0913 4384  [ E645C205D9332B52178C33038B46A6F5 ] CoachUsb        C:\Windows\system32\DRIVERS\CoachUsb.sys
16:38:14.0916 4384  CoachUsb - ok
16:38:14.0949 4384  [ 7AEFE82C02D4933CEE4B7CB78C409845 ] CoachVid        C:\Windows\system32\DRIVERS\CoachVid.sys
16:38:14.0952 4384  CoachVid - ok
16:38:14.0970 4384  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:38:14.0973 4384  Compbatt - ok
16:38:14.0980 4384  COMSysApp - ok
16:38:15.0191 4384  cpuz132 - ok
16:38:15.0229 4384  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:38:15.0231 4384  crcdisk - ok
16:38:15.0258 4384  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
16:38:15.0261 4384  Crusoe - ok
16:38:15.0352 4384  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:38:15.0357 4384  CryptSvc - ok
16:38:15.0437 4384  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:38:15.0459 4384  DcomLaunch - ok
16:38:15.0557 4384  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:38:15.0562 4384  DfsC - ok
16:38:15.0760 4384  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
16:38:15.0817 4384  DFSR - ok
16:38:15.0933 4384  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:38:15.0938 4384  Dhcp - ok
16:38:16.0010 4384  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
16:38:16.0013 4384  disk - ok
16:38:16.0109 4384  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:38:16.0115 4384  Dnscache - ok
16:38:16.0179 4384  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:38:16.0187 4384  dot3svc - ok
16:38:16.0249 4384  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
16:38:16.0253 4384  DPS - ok
16:38:16.0308 4384  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:38:16.0311 4384  drmkaud - ok
16:38:16.0445 4384  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:38:16.0500 4384  DXGKrnl - ok
16:38:16.0569 4384  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
16:38:16.0573 4384  E1G60 - ok
16:38:16.0640 4384  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
16:38:16.0645 4384  EapHost - ok
16:38:16.0719 4384  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:38:16.0725 4384  Ecache - ok
16:38:16.0888 4384  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:38:16.0897 4384  ehRecvr - ok
16:38:16.0916 4384  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
16:38:16.0918 4384  ehSched - ok
16:38:16.0971 4384  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
16:38:16.0972 4384  ehstart - ok
16:38:17.0033 4384  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:38:17.0045 4384  elxstor - ok
16:38:17.0119 4384  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:38:17.0136 4384  EMDMgmt - ok
16:38:17.0174 4384  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:38:17.0176 4384  ErrDev - ok
16:38:17.0287 4384  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
16:38:17.0297 4384  EventSystem - ok
16:38:17.0478 4384  [ F10E7AA8BDF4488E3DFA989B8E7F7C9F ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
16:38:17.0495 4384  EvtEng - ok
16:38:17.0582 4384  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
16:38:17.0587 4384  exfat - ok
16:38:17.0632 4384  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:38:17.0638 4384  fastfat - ok
16:38:17.0714 4384  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:38:17.0716 4384  fdc - ok
16:38:17.0747 4384  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:38:17.0752 4384  fdPHost - ok
16:38:17.0778 4384  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:38:17.0783 4384  FDResPub - ok
16:38:17.0805 4384  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:38:17.0808 4384  FileInfo - ok
16:38:17.0826 4384  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:38:17.0828 4384  Filetrace - ok
16:38:17.0852 4384  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:38:17.0855 4384  flpydisk - ok
16:38:17.0928 4384  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:38:17.0934 4384  FltMgr - ok
16:38:18.0007 4384  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
16:38:18.0021 4384  FontCache - ok
16:38:18.0137 4384  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:38:18.0140 4384  FontCache3.0.0.0 - ok
16:38:18.0194 4384  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:38:18.0197 4384  Fs_Rec - ok
16:38:18.0264 4384  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:38:18.0267 4384  gagp30kx - ok
16:38:18.0346 4384  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:38:18.0349 4384  GEARAspiWDM - ok
16:38:18.0431 4384  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:38:18.0450 4384  gpsvc - ok
16:38:18.0593 4384  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:38:18.0596 4384  gupdate - ok
16:38:18.0604 4384  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:38:18.0607 4384  gupdatem - ok
16:38:18.0717 4384  [ 4635935FC972C582632BF45C26BFCB0E ] HawkesUpdater   C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
16:38:18.0719 4384  HawkesUpdater - ok
16:38:18.0833 4384  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:38:18.0841 4384  HdAudAddService - ok
16:38:18.0907 4384  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:38:18.0922 4384  HDAudBus - ok
16:38:18.0978 4384  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:38:18.0981 4384  HidBth - ok
16:38:19.0026 4384  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:38:19.0029 4384  HidIr - ok
16:38:19.0088 4384  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
16:38:19.0093 4384  hidserv - ok
16:38:19.0144 4384  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:38:19.0146 4384  HidUsb - ok
16:38:19.0210 4384  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:38:19.0216 4384  hkmsvc - ok
16:38:19.0289 4384  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:38:19.0292 4384  HpCISSs - ok
16:38:19.0393 4384  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:38:19.0401 4384  HSFHWAZL - ok
16:38:19.0452 4384  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:38:19.0479 4384  HSF_DPV - ok
16:38:19.0532 4384  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:38:19.0545 4384  HTTP - ok
16:38:19.0595 4384  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:38:19.0598 4384  i2omp - ok
16:38:19.0640 4384  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:38:19.0643 4384  i8042prt - ok
16:38:19.0678 4384  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:38:19.0686 4384  iaStorV - ok
16:38:19.0910 4384  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:38:19.0991 4384  idsvc - ok
16:38:20.0022 4384  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp      



#12 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 10 February 2013 - 04:46 PM

It still goes right to the apype/starburns homepage after i tried what you suggested. any other suggestions?



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 10 February 2013 - 05:23 PM

Appesrs we cut off the last 8 or 10 lines of that log.

 

 

 

 

Your orial51.html"]HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go [url="http://support.microsoft.com/kb/972034"]HERE[/url] click the button.  Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.

 

 

If it is stiil there....

In FireFox it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date

In Chrome it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

OR Disable All Extensions ,see if that worked,then you need to go back to one by one to see which ps the culprit.


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#14 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 10 February 2013 - 05:49 PM

Still is taking me to the apype page on internet explporer and firefox. after taking these steps. anything else you think i can do?



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 10 February 2013 - 07:04 PM

OK ,we will need a deeper look to find it. Must be hiding behind  adriver or something.

 

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.


Include this link back to here...

http://www.bleepingcomputer.com/forums/t/484404/apypecom/#entry2973949


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users