Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting to Happili


  • This topic is locked This topic is locked
9 replies to this topic

#1 kallista81

kallista81

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 18 March 2012 - 02:00 PM

Good afternoon,

I am having trouble with the Google search results redirecting to Happili.com I see online that many people have had this issue but so far I can't figure out how to get rid of it even though I have tried to follow the directions in various forums/pages. I have done all the pre-work before posting I think. I ran GMER but could not check the boxes as shown. It only allowed the bottom three to be checked (services, registry and files). Any help is greatly appreciated.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Elizabeth at 14:04:16 on 2012-03-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1836 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
StartupFolder: C:\Users\ELIZAB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: convergysworkathome.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://join-test.webex.com/client/T27L/webex/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AADAED85-2E78-4D5D-B794-76D5381B8280} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun-x64: [(Default)]
mRun-x64: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\jun9ohz7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Elizabeth\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Users\Elizabeth\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: The Camelizer: izer@camelcamelcamel.com - %profile%\extensions\izer@camelcamelcamel.com
FF - Ext: The Tracktor - Amazon Price Tracker: firetracktor@thetracktor.com - %profile%\extensions\firetracktor@thetracktor.com
FF - Ext: Amazon Browser Bar: abb@amazon.com - %profile%\extensions\abb@amazon.com
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Elizabeth\AppData\Roaming\Move Networks
FF - Ext: XULRunner: {6D01E75C-81D5-4CDD-9FE4-98953EA6F13A} - C:\Users\Elizabeth\AppData\Local\{6D01E75C-81D5-4CDD-9FE4-98953EA6F13A}
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-27 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-6-25 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-14 27192]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-18 652360]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-18 17:39:28 -------- d-----w- C:\Users\Elizabeth\AppData\Local\{C83558B5-4BF1-48C4-B47F-FCE70AD3FBD1}
2012-03-18 17:39:05 -------- d-----w- C:\Users\Elizabeth\AppData\Local\{E07410D7-2738-483C-863D-5188AC37EF4F}
2012-03-18 17:14:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-18 17:14:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-18 17:03:45 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-18 14:41:15 -------- d-----w- C:\Users\Elizabeth\AppData\Local\NPE
2012-03-18 02:25:37 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA1114E2-3E37-473E-BC6B-D7C85AF23F25}\offreg.dll
2012-03-17 01:35:15 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA1114E2-3E37-473E-BC6B-D7C85AF23F25}\mpengine.dll
2012-03-17 01:31:46 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-17 01:31:44 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-17 01:31:42 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-16 01:26:50 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-16 01:26:49 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-16 01:26:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-16 01:26:47 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-16 01:26:47 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-16 01:26:47 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-16 01:26:47 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-16 01:26:47 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-16 01:26:47 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-16 01:26:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-16 01:26:47 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-16 01:25:55 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-16 01:25:55 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-16 01:25:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-16 01:25:47 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-16 01:25:47 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-16 01:25:47 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-16 01:25:47 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-21 03:24:41 20992 ----a-w- C:\Windows\jestertb.dll
2012-02-21 00:18:04 -------- d-----w- C:\ProgramData\Leapfrog
2012-02-21 00:17:58 -------- d-----w- C:\Program Files (x86)\LeapFrog
.
==================== Find3M ====================
.
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 14:06:41.27 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:12 PM

Posted 19 March 2012 - 02:36 PM

Hello kallista81,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

Please download ComboFix from here:

Link


* IMPORTANT !!! Save ComboFix.exe to your Desktop.

  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Right click on ComboFix icon Posted Image and run as admin then follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

====================================================================================

I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • C:\Combofix.txt
  • aswMBR Log


How is your machine running now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 kallista81

kallista81
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 19 March 2012 - 07:50 PM

It seems to be better! I googled some things that redirected me before and had no issues tonight. Thank you! Below is the info you requested.


ComboFix 12-03-18.04 - Elizabeth 03/19/2012 19:59:36.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1937 [GMT -4:00]
Running from: c:\users\Elizabeth\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Elizabeth\AppData\Local\{6D01E75C-81D5-4CDD-9FE4-98953EA6F13A}
c:\users\Elizabeth\AppData\Local\{6D01E75C-81D5-4CDD-9FE4-98953EA6F13A}\chrome.manifest
c:\users\Elizabeth\AppData\Local\{6D01E75C-81D5-4CDD-9FE4-98953EA6F13A}\chrome\content\_cfg.js
c:\users\Elizabeth\AppData\Local\{6D01E75C-81D5-4CDD-9FE4-98953EA6F13A}\chrome\content\overlay.xul
c:\users\Elizabeth\AppData\Local\{6D01E75C-81D5-4CDD-9FE4-98953EA6F13A}\install.rdf
c:\users\Elizabeth\AppData\Roaming\Adobe\plugs
c:\users\Elizabeth\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 00:08 . 2012-03-20 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 17:14 . 2012-03-18 17:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-18 17:14 . 2012-03-18 17:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-18 17:03 . 2012-03-18 17:03 -------- d-----w- c:\program files (x86)\ESET
2012-03-18 14:41 . 2012-03-18 16:39 -------- d-----w- c:\users\Elizabeth\AppData\Local\NPE
2012-03-18 02:25 . 2012-03-18 17:04 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA1114E2-3E37-473E-BC6B-D7C85AF23F25}\offreg.dll
2012-03-17 01:35 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA1114E2-3E37-473E-BC6B-D7C85AF23F25}\mpengine.dll
2012-03-17 01:31 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-17 01:31 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-17 01:31 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-16 01:26 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 01:26 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-16 01:26 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-16 01:26 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-16 01:26 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 01:26 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-16 01:26 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 01:26 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-16 01:26 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-16 01:26 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-16 01:26 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-16 01:25 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-16 01:25 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-16 01:25 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-16 01:25 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-16 01:25 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-16 01:25 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 01:25 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-21 03:24 . 2012-02-21 03:24 20992 ----a-w- c:\windows\jestertb.dll
2012-02-21 00:22 . 2012-02-21 00:22 -------- d-----w- c:\program files\DIFX
2012-02-21 00:18 . 2012-02-21 00:18 -------- d-----w- c:\programdata\Leapfrog
2012-02-21 00:17 . 2012-02-21 00:21 -------- d-----w- c:\program files (x86)\LeapFrog
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2010-10-15 00:36 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:58 . 2012-02-17 02:30 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-17 02:30 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-17 02:30 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-17 02:30 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-17 02:30 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-04 1242448]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-24 102400]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-14 602168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-10-15 352976]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"BSDAppUpdater"="c:\program files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe" [2011-05-11 1660232]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
.
c:\users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 22:57 948672 ----a-r- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]
2010-06-01 22:33 1155928 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-07-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-06-25 338168]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-14 27192]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 79981168
*Deregistered* - 79981168
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 04:25]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 04:25]
.
2012-03-16 c:\windows\Tasks\HPCeeScheduleForElizabeth.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-26 324096]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-01 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: convergysworkathome.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\jun9ohz7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: The Camelizer: izer@camelcamelcamel.com - %profile%\extensions\izer@camelcamelcamel.com
FF - Ext: The Tracktor - Amazon Price Tracker: firetracktor@thetracktor.com - %profile%\extensions\firetracktor@thetracktor.com
FF - Ext: Amazon Browser Bar: abb@amazon.com - %profile%\extensions\abb@amazon.com
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Elizabeth\AppData\Roaming\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-19 20:11:26
ComboFix-quarantined-files.txt 2012-03-20 00:11
.
Pre-Run: 399,822,364,672 bytes free
Post-Run: 399,448,702,976 bytes free
.
- - End Of File - - E70045B08A38D3677278BBDC95DACB9E


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 20:14:21
-----------------------------
20:14:21.958 OS Version: Windows x64 6.1.7600
20:14:21.958 Number of processors: 2 586 0x603
20:14:21.959 ComputerName: ELIZABETH-HP UserName: Elizabeth
20:14:23.010 Initialize success
20:16:18.172 AVAST engine defs: 12031700
20:16:32.895 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:16:32.900 Disk 0 Vendor: WDC_WD5000BEVT-60A0RT0 02.01A02 Size: 476940MB BusType: 11
20:16:32.920 Disk 0 MBR read successfully
20:16:32.926 Disk 0 MBR scan
20:16:32.936 Disk 0 unknown MBR code
20:16:32.954 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:16:32.962 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 458603 MB offset 409600
20:16:32.968 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18033 MB offset 939628544
20:16:33.007 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
20:16:33.058 Disk 0 scanning C:\Windows\system32\drivers
20:16:43.439 Service scanning
20:17:21.545 Modules scanning
20:17:21.567 Disk 0 trace - called modules:
20:17:21.584 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:17:21.589 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800437f790]
20:17:21.594 3 CLASSPNP.SYS[fffff88000c2b43f] -> nt!IofCallDriver -> [0xfffffa8004379b10]
20:17:21.599 5 hpdskflt.sys[fffff88001f7a289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042d1060]
20:17:25.818 AVAST engine scan C:\Windows
20:17:39.128 AVAST engine scan C:\Windows\system32
20:21:26.235 AVAST engine scan C:\Windows\system32\drivers
20:21:38.645 AVAST engine scan C:\Users\Elizabeth
20:29:06.293 AVAST engine scan C:\ProgramData
20:37:58.024 Scan finished successfully
20:41:04.276 Disk 0 MBR has been saved successfully to "C:\Users\Elizabeth\Desktop\MBR.dat"
20:41:04.285 The log file has been saved successfully to "C:\Users\Elizabeth\Desktop\aswMBR.txt"

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:12 PM

Posted 20 March 2012 - 10:23 AM

Hi,

These logs are looking better.

I notice that you have MBAM installed.

I'd like you to update MBAM's virus definitions and run a scan please and copy/paste it's log in your next reply.
=================================================================================
Please copy/paste MBAM.log in your next reply.

Do you see any issues with your machine now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 kallista81

kallista81
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 21 March 2012 - 09:32 PM

So far so good! No redirecting issues! Thanks again, Elizabeth

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Elizabeth :: ELIZABETH-HP [administrator]

Protection: Disabled

3/21/2012 10:25:16 PM
mbam-log-2012-03-21 (22-25-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205004
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:12 PM

Posted 22 March 2012 - 09:24 AM

Hello Elizabeth,

We need to bring your Java up to date.

  • Update your Java version here:

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====================================================================================

I'd like us to scan your machine with ESET OnlineScan
  • Right click on the following link and open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


In your next reply, please copy/paste the contents of the following:
  • ESETScan


Do you have any oustanding issues?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 kallista81

kallista81
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 24 March 2012 - 11:35 PM

I updated Java and ran the ESET scan as requested but it didn't give me any sort of log to cut and paste. I am running it again to see if I get some results to share. No computer issues!

Thank you!

#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:12 PM

Posted 26 March 2012 - 10:39 AM

Hello kallista81,

Good work - your computer is clean :thumbsup:

Just a couple of housekeeping tasks now.

We need to delete ComboFix:

Please rename ComboFix.exe (right click ComboFix and select Rename) to Uninstall.exe and double click on it.

====================================================================================

Except for Malwarebytes, you can simply delete all other tools we used as they don't un-install.


Things to do to stay safe:

  • Make sure Windows Updates (including Internet Explorer) are current. Follow instructions here
  • Run Malwarebytes "Quick scan" once in a week to assure safety of your computer.
  • Download and install Secunia Personal Software Inspector (PSI): The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
  • When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
  • Read How did I get infected?, With steps so it does not happen again!

Happy and safe surfing!


Can you reply to say whether you have any more issues or not. If not we can close this topic.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 kallista81

kallista81
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 28 March 2012 - 08:14 PM

No other issues, thank you for everything!

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:12 PM

Posted 29 March 2012 - 04:24 PM

You are most welcome and I thank you for your generous donation :thumbup2:

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Edited by ratman, 29 March 2012 - 04:25 PM.

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users