Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting re-directed to same sites while browsing in firefox


  • This topic is locked This topic is locked
14 replies to this topic

#1 TLoV

TLoV

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 27 March 2012 - 02:11 AM

From my thread: http://www.bleepingcomputer.com/forums/topic446966.html

Here's my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by David at 23:44:07 on 2012-03-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.978 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Users\David\AppData\Roaming\AeroRainbow\AeroRainbow.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\Magnify.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\David\AppData\Local\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Users\David\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\David\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Real\realplayer\update\realsched.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=1587&gct=hp
uSearch Bar = Preserve
mStart Page = about:blank
mSearchAssistant = about:blank
BHO: AutorunsDisabled - No File
BHO: HP Smart BHO Class - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: QTTabBar AutoLoader: {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - mscoree.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - Yontoo Layers
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: QTTabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QTTab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [img3.ahk] C:\Users\David\Desktop\img3.ahk
uRun: [AeroRainbow.exe] C:\Users\David\AppData\Roaming\AeroRainbow\AeroRainbow.exe
uRun: [ActualWindowManagerCenter.exe] C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
uRun: [SetPointII.exe] C:\Program Files\Logitech\SetPoint II\SetPointII.exe
uRun: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Magnify.exe] C:\Windows\System32\Magnify.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
uPolicies-explorer: HideSCABattery = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Free YouTube Download - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A311D6FC-5248-46A1-9981-7A6B9E66939A} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AutorunsDisabled - No File
BHO-X64: HP Print Enhancer - No File
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: dTPodcastBHO - No File
BHO-X64: HP Smart BHO Class - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: QTTabBar AutoLoader: {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - mscoree.dll
BHO-X64: QTTabBar AutoLoader - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Yontoo Layers
BHO-X64: Yontoo Layers - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: QTTabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB-X64: QTTab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\76qu4sw5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\David\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
.
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1303604550
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1303604699
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1303604554
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1303604477
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1303604148
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1303603932
FF - user.js: browser.migration.version - 1
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage_override.mstone - rv:1.9.2.11
FF - user.js: extensions.dwpSwitcher.debugMode - false
FF - user.js: extensions.dwpSwitcher.lastJSONUpdateTimestamp - 1303979874
FF - user.js: extensions.dwpSwitcher.remoteScriptBaseURL - hxxp://download.divx.com/hiQ/scripts/
FF - user.js: extensions.dwpSwitcher.supportedSitesJSONString - {\r\n \supportedSites\: {\r\n \updateBaseUrl\: {\r\n \url\: \hxxp://download.divx.com/hiQ/scripts/\\r\n },\r\n \site\: [{\r\n \siteName\: \Youtube\,\r\n \regExp\: \/youtube\\\\.com\\\\/watch/\,\r\n \remoteSpecificScript\: \hiQYoutube-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \Break\,\r\n \regExp\: \/break\\\\.com/\,\r\n \remoteSpecificScript\: \hiQBreak-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \DailyMotion\,\r\n \regExp\: \/dailymotion\\\\.com\\\\/video/\,\r\n \remoteSpecificScript\: \hiQDailyMotion-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \ESPN\,\r\n \regExp\: \/espn\\\\.go\\\\.com/\,\r\n \remoteSpecificScript\: \hiQEspn-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \FoxNews\,\r\n \regExp\: \/video\\\\.foxnews\\\\.com/\,\r\n \remoteSpecificScript\: \hiQFoxNews-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \Facebook\,\r\n \regExp\: \/facebook\\\\.com/\,\r\n \remoteSpecificScript\: \hiQFacebook-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \FunnyOrDie\,\r\n \regExp\: \/funnyordie\\\\.com\\\\/videos/\,\r\n \remoteSpecificScript\: \hiQFunnyOrDie-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \GameReactor\,\r\n \regExp\: \/gamereactor\\\\.eu\\\\/grtv/\,\r\n \remoteSpecificScript\: \hiQGrTv-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \Metacafe\,\r\n \regExp\: \/metacafe\\\\.com\\\\/watch/\,\r\n \remoteSpecificScript\: \hiQMetacafe-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \Revision3\,\r\n \regExp\: \/revision3\\\\.com/\,\r\n \remoteSpecificScript\: \hiQRevision3-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \TheOnion\,\r\n \regExp\: \/theonion\\\\.com/\,\r\n \remoteSpecificScript\: \hiQTheOnion-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \Vimeo\,\r\n \regExp\: \/vimeo\\\\.com/\,\r\n \remoteSpecificScript\: \hiQVimeo-2.1.1.11.min.js\\r\n },\r\n {\r\n \siteName\: \Xiyou\,\r\n \regExp\: \/xiyou\\\\.cntv\\\\.cn\\\\/video/\,\r\n \remoteSpecificScript\: \hiQXiyou-2.1.1.11.min.js\\r\n }]\r\n }\r\n}
FF - user.js: extensions.dwpSwitcher.updateURL - hxxp://download.divx.com/hiQ/hiQSupported.json
FF - user.js: extensions.enabledItems - {27182e60-b5f3-411c-b545-b44205977502}:1.0,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94,{6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2,FFToolbar@bitdefender.com:2.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11
FF - user.js: extensions.lastAppVersion - 3.6.11
FF - user.js: extensions.update.notifyUser - false
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1306195635
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-31 494424]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-17 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-17 110032]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-18 44768]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-8-25 820568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-17 652360]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-2-20 301720]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-18 1153368]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-1-8 5716848]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-3-18 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
S2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
S2 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-4-28 21712]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1038088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;\??\C:\Windows\system32\drivers\psmounter.sys --> C:\Windows\system32\drivers\psmounter.sys [?]
S3 PSVolAcc;PSVolAcc;C:\Windows\system32\drivers\PSVolAcc.sys --> C:\Windows\system32\drivers\PSVolAcc.sys [?]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-8-25 33184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-8-25 21328]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S4 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-8-25 20336]
S4 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2011-3-16 57184]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2012-03-27 02:29:59 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
2012-03-24 23:25:32 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49F91DB7-F87A-4C40-AB65-70F41043834B}\offreg.dll
2012-03-23 11:36:37 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49F91DB7-F87A-4C40-AB65-70F41043834B}\mpengine.dll
2012-03-23 05:17:41 -------- d-----w- C:\Users\David\AppData\Local\GHISLER
2012-03-23 05:15:18 545 ----a-w- C:\Windows\UC.PIF
2012-03-23 05:15:18 545 ----a-w- C:\Windows\RAR.PIF
2012-03-23 05:15:18 545 ----a-w- C:\Windows\PKZIP.PIF
2012-03-23 05:15:18 545 ----a-w- C:\Windows\PKUNZIP.PIF
2012-03-23 05:15:18 545 ----a-w- C:\Windows\NOCLOSE.PIF
2012-03-23 05:15:18 545 ----a-w- C:\Windows\LHA.PIF
2012-03-23 05:15:18 545 ----a-w- C:\Windows\ARJ.PIF
2012-03-23 05:15:18 -------- d-----w- C:\Users\David\AppData\Roaming\GHISLER
2012-03-23 05:15:18 -------- d-----w- C:\Program Files\totalcmd
2012-03-22 19:36:15 -------- d-----w- C:\Users\David\AppData\Local\Mozilla Firefox
2012-03-22 08:58:07 -------- d-----w- C:\Program Files (x86)\QTTabBar
2012-03-22 02:38:27 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2012-03-22 02:38:27 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2012-03-21 16:22:46 -------- d-----w- C:\Users\David\AppData\Local\adaware
2012-03-19 16:26:49 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-03-18 16:45:35 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-18 16:45:33 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-18 16:45:32 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-18 16:45:01 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-18 16:08:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-18 08:13:04 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-18 08:08:57 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-03-18 08:08:24 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-03-18 08:08:15 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-18 03:15:31 -------- d-----w- C:\Users\David\AppData\Roaming\Avira
2012-03-18 03:10:17 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-03-18 03:10:16 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-03-18 03:10:14 -------- d-----w- C:\ProgramData\Avira
2012-03-18 03:10:14 -------- d-----w- C:\Program Files (x86)\Avira
2012-03-17 22:59:01 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-17 22:59:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-17 04:54:27 -------- d-----w- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2012-03-17 04:54:03 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-17 04:54:03 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-16 23:30:43 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-16 22:44:51 -------- d-----w- C:\Users\David\AppData\Roaming\PC Tools
2012-03-16 22:41:44 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-03-16 22:34:42 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-03-16 22:34:41 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-16 22:33:37 -------- d-----w- C:\ProgramData\PC Tools
2012-03-16 22:33:36 -------- d-----w- C:\Users\David\AppData\Roaming\TestApp
2012-03-16 21:40:01 -------- dc----w- C:\Users\David\AppData\Local\MigWiz
2012-03-16 20:12:20 -------- d-----w- C:\Users\David\Demo-Transferring-files-and-settings-from-another-computer_files
2012-03-16 06:18:37 -------- d-sh--w- C:\found.000
2012-03-16 02:56:46 -------- d-----w- C:\$WINDOWS.~BT
2012-03-14 20:47:15 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-14 20:47:15 -------- d-----w- C:\Program Files\AVAST Software
2012-03-14 18:47:05 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 18:47:05 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:47:04 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 12:18:46 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 12:18:43 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 12:18:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 12:18:42 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 12:18:42 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 12:18:42 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 12:17:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 12:17:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 12:17:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 12:17:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 06:37:23 -------- d-----w- C:\boot
2012-03-14 06:19:07 -------- d-----w- C:\Program Files\Windows Imaging
2012-03-14 06:13:27 -------- d-----w- C:\Program Files\Windows AIK
2012-03-13 15:15:25 -------- d-----w- C:\Users\David\AppData\Local\{246706E8-8583-4A20-B789-702314B3D6D8}
2012-03-12 21:30:58 -------- d-----w- C:\Users\David\AppData\Local\{F1AC0A98-0B42-42D5-AC21-B7BA6955DB35}
2012-03-12 21:30:45 -------- d-----w- C:\Users\David\AppData\Local\{1179659D-AA63-4611-BCCB-4FE508C5D151}
2012-03-08 18:38:21 -------- d-----w- C:\Users\David\AppData\Roaming\LibreOffice
2012-03-08 18:25:59 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.5
2012-03-05 15:38:38 -------- d-----w- C:\Users\David\AppData\Local\{692007E0-E06A-44B4-8099-F6661E89F19D}
2012-03-04 15:34:46 -------- d-----w- C:\Users\David\AppData\Local\{EA60C185-8821-4443-B2D4-58E0395448A7}
2012-03-04 02:51:23 -------- d-----w- C:\Users\David\AppData\Local\{2E8F2AE6-B8A2-414F-82D9-F222580690DA}
2012-03-03 23:53:21 362 ----a-w- C:\installed programs list.bat
2012-03-03 23:07:53 -------- d-----w- C:\Users\David\AppData\Roaming\EMCO
2012-03-03 23:07:06 -------- d-----w- C:\Program Files\EMCO
2012-03-03 20:07:14 -------- d-----w- C:\Program Files\LibreOfficePortable
2012-03-03 19:31:57 -------- d-----w- C:\Program Files (x86)\Directory Tree List Maker
2012-03-03 19:22:36 -------- d-----w- C:\Windows\DirTree
2012-03-03 18:04:50 -------- d-----w- C:\Users\David\AppData\Roaming\KRKsoft
2012-03-03 18:04:48 -------- d-----w- C:\Program Files (x86)\Directory Lister Pro
2012-03-03 15:41:40 -------- d-----w- C:\Users\David\AppData\Local\Karen's Power Tools
2012-03-03 15:41:23 -------- d-----w- C:\Program Files (x86)\Karen's Power Tools
2012-03-03 15:41:11 -------- d-----w- C:\ProgramData\Karen's Power Tools
2012-03-03 14:50:36 -------- d-----w- C:\Users\David\AppData\Local\{57FFCB97-422D-43CD-A9C1-58EA63079BD8}
2012-03-02 23:32:49 -------- d-----w- C:\Users\David\AppData\Local\{CF47ADF7-F38D-45AC-92E8-0CF10B0163FB}
2012-03-02 23:32:32 -------- d-----w- C:\Users\David\AppData\Local\{1E98B825-595C-4199-85B6-28AC6C7BB8EE}
2012-03-01 22:31:02 -------- d-----w- C:\ProgramData\MemeoCommon
2012-03-01 22:22:59 -------- d-----w- C:\Users\David\AppData\Roaming\Memeo
2012-03-01 22:22:33 -------- d-----w- C:\Users\David\AppData\Roaming\Seagate
2012-03-01 22:21:39 -------- d-----w- C:\Program Files (x86)\Common Files\Memeo
2012-03-01 22:21:35 -------- d-----w- C:\Program Files (x86)\Memeo
2012-03-01 22:20:59 -------- d-----w- C:\Program Files (x86)\Seagate
.
==================== Find3M ====================
.
2012-03-21 00:40:10 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-03-21 00:40:10 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-03-18 17:16:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 19:56:53 4314391 ----a-w- C:\ProgramData\bdinstall.bin
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-23 09:59:23 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-20 18:19:24 13464 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys
2012-02-20 18:19:17 43672 ----a-w- C:\Windows\System32\drivers\psmounter.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2010-07-08 17:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 23:44:46.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 27 March 2012 - 05:04 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image You have more than one antivirus (AV) program running. Your logs show Ad-Watch Live! Anti-Virus, avast! and Avira all running. Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer. Please use the following instructions to remove all but one of the AV applications.

Download AppRemover from here saving it to your desktop.
  • Double click to run AppRemover
  • Follow the prompts to remove all but one of the AV applications
  • Reboot
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Commands
    [EmptyTemp]
    [ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
  • Open OTL again and press "Run Scan" to produce a fresh log
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL Fix log
  • OTL.txt log
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 TLoV

TLoV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 27 March 2012 - 11:16 PM

Just curious... Is there a reason you guys specifically say to save these files to out desktop?

Edit: here are my logs.

Attached Files


Edited by TLoV, 28 March 2012 - 02:31 AM.


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 28 March 2012 - 10:38 AM

Hi,

We ask you to save them on your desktop to make them easier to find (we deal with users of all levels of abilities). Most of the tools will run from anywhere though.

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    @Alternate Data Stream - 505738 bytes -> C:\C:._tmp_
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • OTL Fix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 TLoV

TLoV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 29 March 2012 - 12:44 AM

when I used OTL for the second "run fix" I got this:

========== OTL ==========
Unable to delete ADS C:\C:._tmp_ .
Unable to delete ADS C:\ProgramData\TEMP:430C6D84 .
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .

OTL by OldTimer - Version 3.2.39.2 log created on 03282012_093209

and here's my MWB log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
David :: THEBEAST [administrator]

Protection: Enabled

3/28/2012 8:10:55 PM
mbam-log-2012-03-28 (20-10-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 651415
Time elapsed: 2 hour(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 29 March 2012 - 10:52 AM

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 TLoV

TLoV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 March 2012 - 02:20 AM

Well, I noticed it started up much faster the last time I booted windows. Firefox still hangs every now and then (I... probably should have mentioned that earlier -_-;). I haven't been re-directed in a while, but like I said in my original thread that happens pretty rarely so only time can really say if this all made a difference.

Is there anything else I need to do?

Attached Files



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 30 March 2012 - 08:58 PM

Please do this next:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 TLoV

TLoV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 31 March 2012 - 06:13 AM

Here ya go.

Attached Files



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 31 March 2012 - 12:20 PM

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\$Recycle.Bin\S-1-5-21-91620775-3784390689-3418475064-1000\$REOQ3F5.exe
    C:\Users\David\Essential Installers\windows.7.codec.pack.v2.9.0.setup.exe
    F:\David_Backup\2012-03-01_14-31-02\Memeo\2012-03-01_14-31-02\C_\Users\David\Essential Installers\windows.7.codec.pack.v2.9.0.setup.exe
    :Commands
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Please include the following in your next post:
  • OTL Fix log
  • Are there any remaining problems with your PC?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 TLoV

TLoV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 31 March 2012 - 01:04 PM

To answer your question. I have been dealing with trying to create a system image with Macrium Reflect, but I get an error shown in the attached image.

Attached Files


Edited by TLoV, 31 March 2012 - 01:08 PM.


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 01 April 2012 - 07:21 PM

Hi,

I would try uninstalling/reinstalling your imaging software, as it may have been corrupted somehow by the malware or our cleanup efforts. If that doesn't help you should contact their support.

Your logs look good. All I have left for you is some very important cleanup:

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 TLoV

TLoV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 02 April 2012 - 01:37 PM

Well I did everything. Only time will tell me if I'm clean for sure, but I haven't been re-directed in quite some time so that's a good sign. I really appreciate you helping me here. Thanks.

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 02 April 2012 - 10:55 PM

You're welcome, TLoV. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 03 April 2012 - 09:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users