Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Victim of Hijacker Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 tazbass11

tazbass11

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 28 September 2011 - 09:20 PM

My problem came when researching prisoner constitutional rights for a school paper (using firefox to search). One of the links I had clicked for information turned out to be a essay writing site, so I went back and did a new search with "-essay" in the results so that I could get real research results. At this point, I was no longer able to visit any of the sites in the results. Each time I clicked a link, it would redirect me to fast-browser-search, and then take me to some spam site. So I ran my avira antivir software, which found nothing. Then I ran the spybot search and destroy which found 8 entries including "smitfraud". Then I ran Malwarebyte's tool, which found a few baddies, and wanted me to restart. I did so, thinking I had fixed the problem. To my dismay, after working for a few minutes, my search results were once again redirected. I ran the three previous programs again, with the spybot finding the same exact entries, and malwarebyte finding the same entries. Long story short, no matter how many times spybot and malwarebyte find and dispose of these same virus things, they always come back. So here I am at a loss. I will start with my system specs, then post he contents of the 4 log file things that are required (I should note that the virus did not affect google chrome, as that continued to work fine).

Self-built PC running windows 7
800 GB hard drive
8 GB memory
i7 processor
gtx 460 video card
etc., etc.

Contents of hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:50:49 PM, on 9/28/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
\.\globalroot\C:\Windows\svchost.exe
\.\globalroot\C:\Windows\svchost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [SpybotDeletingA6530] command.com /c del "C:\Windows\svchost.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4730] cmd.exe /c del "C:\Windows\svchost.exe_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [SpybotDeletingB7117] command.com /c del "C:\Windows\svchost.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2371] cmd.exe /c del "C:\Windows\svchost.exe_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Adobe Update] C:\Users\McFly\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7998 bytes


Contents of startup list:

StartupList report, 9/28/2011, 6:55:30 PM
StartupList version: 1.52.2
Started from : C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.EXE
Detected: Windows 7 (WinNT 6.00.3504)
Detected: Internet Explorer v9.00 (9.00.8112.16421)
* Using default options
==================================================

Running processes:

C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
\.\globalroot\C:\Windows\svchost.exe
\.\globalroot\C:\Windows\svchost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Malwarebytes' Anti-Malware (reboot) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

SpybotDeletingA6530 = command.com /c del "C:\Windows\svchost.exe_old"
SpybotDeletingC4730 = cmd.exe /c del "C:\Windows\svchost.exe_old"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

SpybotDeletingB7117 = command.com /c del "C:\Windows\svchost.exe_old"
SpybotDeletingD2371 = cmd.exe /c del "C:\Windows\svchost.exe_old"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\Mystify.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\PROGRA~2\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
URLRedirectionBHO - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL - {B4F3A835-0E21-4959-BA22-42B3008E02FF}
(no name) - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskUserS-1-5-21-234496993-1173736601-120710185-1000Core.job
GoogleUpdateTaskUserS-1-5-21-234496993-1173736601-120710185-1000UA.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Windows\svchost.exe_old||C:\Windows\svchost.exe_old


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
End of report, 5,533 bytes
Report generated in 0.032 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Contents of DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by McFly at 18:59:03 on 2011-09-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6203 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McFly\AppData\Local\Google\Chrome\Application\chrome.exe
-netsvcs
-netsvcs
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRunOnce: [SpybotDeletingB7117] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD2371] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [SpybotDeletingA6530] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC4730] cmd.exe /c del "C:\Windows\svchost.exe_old"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{016D8ACA-3359-483E-B8CA-F78F3BA1E9B3} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0A1D413D-BA1B-4A57-BBB4-A4D0081C9A5E} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce-x64: [SpybotDeletingA6530] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC4730] cmd.exe /c del "C:\Windows\svchost.exe_old"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\McFly\AppData\Roaming\Mozilla\Firefox\Profiles\7o5idq31.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/?cmd=home&popup=1
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\McFly\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-26 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-26 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-27 2358656]
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys --> C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-26 2255464]
.
=============== Created Last 30 ================
.
2011-09-29 01:46:27 388096 ----a-r- C:\Users\McFly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-29 01:46:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-28 23:52:51 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-09-28 23:52:04 20480 ----a-w- C:\Windows\svchost.exe
2011-09-28 23:52:04 20480 ------w- C:\Windows\svchost.exe_old
2011-09-28 22:43:31 -------- d-----w- C:\Users\McFly\AppData\Roaming\Malwarebytes
2011-09-28 22:43:25 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-28 22:43:17 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-28 22:43:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-28 22:35:44 -------- d-----w- C:\Users\McFly\AppData\Local\Google
2011-09-28 21:40:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-28 21:40:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-28 21:37:07 -------- d-----w- C:\Users\McFly\AppData\Roaming\Avira
2011-09-28 03:16:48 -------- d-----w- C:\Program Files (x86)\MagicTG
2011-09-28 01:56:11 -------- d-----w- C:\Users\McFly\AppData\Local\Apple Computer
2011-09-28 01:55:34 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-09-28 01:55:34 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-09-28 01:55:34 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-09-28 01:55:11 -------- d-----w- C:\Program Files\iPod
2011-09-28 01:55:10 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-09-28 01:55:10 -------- d-----w- C:\Program Files\iTunes
2011-09-28 01:55:10 -------- d-----w- C:\Program Files (x86)\iTunes
2011-09-28 01:20:18 -------- d-----w- C:\ProgramData\PopCap Games
2011-09-28 01:04:16 -------- d-----w- C:\Program Files (x86)\Build-a-Lot - The Elizabethan Era
2011-09-28 01:02:04 -------- d-----w- C:\Program Files (x86)\Diner Dash
2011-09-28 01:01:11 -------- d-----w- C:\ProgramData\Big Fish Games
2011-09-28 01:01:10 -------- d-----w- C:\Program Files (x86)\bfgclient
2011-09-28 01:00:35 -------- d-----w- C:\BigFishGamesCache
2011-09-28 00:56:58 -------- d-----w- C:\Users\McFly\AppData\Roaming\NVIDIA
2011-09-28 00:56:57 -------- d-----w- C:\Users\McFly\.thumbnails
2011-09-28 00:51:13 -------- d-----w- C:\Users\McFly\Calibre Library
2011-09-28 00:51:07 -------- d-----w- C:\Users\McFly\AppData\Roaming\calibre
2011-09-27 23:53:22 -------- d---a-w- C:\LOL Skins
2011-09-27 22:24:41 -------- d-----w- C:\Users\McFly\riotsGamesLogs
2011-09-27 22:24:20 -------- d-----w- C:\Users\McFly\AppData\Roaming\LolClient
2011-09-27 22:14:41 -------- d-----w- C:\Program Files (x86)\FreeTime
2011-09-27 22:09:57 -------- d-----w- C:\ProgramData\Freemake
2011-09-27 22:09:54 -------- d-----w- C:\Program Files (x86)\Freemake
2011-09-27 22:06:41 -------- d-----w- C:\Windows\PCHEALTH
2011-09-27 22:05:24 -------- d-----w- C:\Windows\pss
2011-09-27 22:05:16 -------- d-----w- C:\Users\McFly\AppData\Local\Microsoft Help
2011-09-27 22:03:46 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-09-27 22:03:46 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-09-27 22:03:46 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-09-27 22:02:35 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-09-27 17:02:01 -------- d-----w- C:\Program Files (x86)\Steam
2011-09-27 17:02:01 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-09-27 17:00:59 -------- d-----w- C:\Program Files (x86)\yWriter5
2011-09-27 16:59:40 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-09-27 16:57:02 -------- d-----r- C:\Program Files (x86)\Skype
2011-09-27 16:54:49 -------- d-----w- C:\Program Files (x86)\Calibre2
2011-09-27 16:54:31 -------- d-----w- C:\Fraps
2011-09-27 16:53:43 -------- d-----w- C:\Program Files\Blender Foundation
2011-09-27 16:41:18 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-09-27 16:41:18 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-09-27 16:41:18 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-09-27 16:41:18 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-09-27 16:41:18 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-09-27 16:38:19 -------- d-----w- C:\Riot Games
2011-09-27 16:33:36 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-09-27 16:33:19 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-09-27 16:27:59 -------- d-----w- C:\Program Files\Paint.NET
2011-09-27 16:27:51 -------- d-----w- C:\Users\McFly\AppData\Local\Paint.NET
2011-09-27 16:20:56 -------- d-----w- C:\Users\McFly\AppData\Local\Adobe
2011-09-27 16:12:08 -------- d-----w- C:\Users\McFly\AppData\Local\PMB Files
2011-09-27 16:12:08 -------- d-----w- C:\ProgramData\PMB Files
2011-09-27 16:12:02 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-09-27 15:37:47 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-27 15:34:21 -------- d-----w- C:\Users\McFly\AppData\Roaming\OpenOffice.org
2011-09-27 15:25:23 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-09-27 15:24:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-27 14:53:44 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-27 06:08:26 -------- d-----w- C:\Program Files\dl_cats
2011-09-27 06:08:15 144896 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\dlcxdrpp.dll
2011-09-27 06:08:05 -------- d-----w- C:\Program Files\Dell Photo AIO Printer 926
2011-09-27 06:06:39 415744 ----a-w- C:\Windows\System32\dlcxcoin.dll
2011-09-27 06:06:39 1462272 ----a-w- C:\Windows\System32\dlcxg.dll
2011-09-27 06:06:39 109056 ----a-w- C:\Windows\System32\dlcxvs.dll
2011-09-27 06:06:38 -------- d-----w- C:\dell
2011-09-27 06:00:43 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-09-27 06:00:42 -------- d-----w- C:\ProgramData\Avira
2011-09-27 06:00:42 -------- d-----w- C:\Program Files (x86)\Avira
2011-09-27 05:37:25 -------- d-sh--w- C:\Windows\Installer
2011-09-27 05:35:46 -------- d-----w- C:\NVIDIA
2011-09-27 05:33:45 -------- d-----w- C:\Windows\Panther
2011-09-27 05:19:00 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-09-27 05:19:00 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-09-27 05:13:41 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-09-27 05:13:41 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-09-27 05:09:29 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0687CB0A-64A1-43F4-BFCA-03979D6CBF9A}\mpengine.dll
2011-09-27 05:09:29 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-09-27 05:08:27 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-09-27 05:08:27 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-09-27 05:08:27 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-09-27 05:08:27 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-09-27 05:08:27 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-09-27 05:08:27 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-09-27 05:08:27 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-09-27 05:08:27 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-09-27 05:08:27 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-09-27 05:08:27 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-09-27 05:01:12 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-09-27 04:59:49 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2011-09-27 04:58:59 52224 ----a-w- C:\Windows\System32\rtutils.dll
2011-09-27 04:47:50 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-09-27 04:47:46 980072 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-09-27 04:47:46 836200 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-09-27 04:47:46 61544 ----a-w- C:\Windows\System32\nvshext.dll
2011-09-27 04:47:46 6136936 ----a-w- C:\Windows\System32\nvcpl.dll
2011-09-27 04:47:46 3021416 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-09-27 04:47:46 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-09-27 04:47:46 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-09-27 04:47:34 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-09-27 04:47:32 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-09-27 04:44:34 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-09-27 04:44:34 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-09-27 04:44:34 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-09-27 04:44:34 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-09-27 02:47:17 -------- d---a-w- C:\Program Files (x86)\Plants vs Zombies
.
==================== Find3M ====================
.
2011-08-03 11:50:00 8355944 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-07-31 07:35:48 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2011-07-31 07:35:46 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 18:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 18:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 18:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 18:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 18:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-06 01:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 18:59:44.06 ===============


Contents of Attach (from DDS) log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/26/2011 9:43:22 PM
System Uptime: 9/28/2011 5:41:23 PM (1 hours ago)
.
Motherboard: ASRock | | P55 Pro
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz | CPUSocket | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 451.696 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 230.742 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 802.11n Network Adapter
Device ID: PCI\VEN_14E4&DEV_4329&SUBSYS_7D001385&REV_01\4&5211695&0&00F0
Manufacturer: Broadcom
Name: Broadcom 802.11n Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4329&SUBSYS_7D001385&REV_01\4&5211695&0&00F0
Service: BCM43XX
.
==== System Restore Points ===================
.
RP20: 9/27/2011 3:04:39 PM - Installed Microsoft Publisher 2010
RP21: 9/27/2011 6:54:47 PM - Installed iTunes
RP22: 9/27/2011 10:35:34 PM - Windows Update
RP23: 9/28/2011 6:08:48 PM - Removed Java™ SE Development Kit 7 (64-bit)
RP24: 9/28/2011 6:09:41 PM - Installed Java™ SE Development Kit 7 (64-bit)
RP25: 9/28/2011 6:46:19 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
Avira AntiVir Personal - Free Antivirus
Big Fish Games: Game Manager
Build-a-Lot: The Elizabethan Era
calibre
Diner Dash
FormatFactory 2.70
Fraps
Freemake Video Converter version 2.3.4
Google Chrome
HiJackThis
Java Auto Updater
Java™ 6 Update 22
League of Legends
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Publisher 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 6.0.2 (x86 en-US)
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.3
Pando Media Booster
Portal
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype™ 5.5
Spybot - Search & Destroy
Steam
TeamViewer 6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
yWriter5
.
==== Event Viewer Messages From Past Week ========
.
9/26/2011 11:09:39 PM, Error: Service Control Manager [7030] - The dlcx_device service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/26/2011 11:00:58 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
9/26/2011 10:53:04 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
9/26/2011 10:24:54 PM, Error: Service Control Manager [7023] -
.
==== End Of File ===========================


If you need more information let me know. Sorry to be just another poster who needs help :(

Edited by tazbass11, 28 September 2011 - 09:22 PM.


BC AdBot (Login to Remove)

 


#2 tazbass11

tazbass11
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 02 October 2011 - 11:07 PM

It's been too long to let me edit this post, but after working on this for over a week, I think I've finally kicked it. Please close this thread and mark as solved.

I used many of the scanners listed by the helpers in other posts, and I also forcibly deleted the various temp folders that popped up on my malwarebyte scan and spybot scans. Also, I uninstalled an old version of adobe reader I had that someone suggested might carry some problems. After a few restarts, and more scans, I seem to be home free. No more scans report any issues, and so far I do not have the internet search issue anymore. I hope I am free of this, but time will only tell.

I was disappointed at having gone so long without any replies, especially since I saw at least one other thread started the day after mine, who had a reply within three days. But I understand that time is a commodity and you guys do the best you can. Fear not, you have helped me because I just went to other threads and did some of the things that were suggested in them. Eventually I fixed it myself (I hope). Thanks for this site, and forum, and all the help you give people. :)

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 02 October 2011 - 11:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users