Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Issue


  • Please log in to reply
4 replies to this topic

#1 Vertiglow

Vertiglow

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIDDLE OF EVERY THING
  • Local time:11:18 PM

Posted 23 December 2012 - 12:26 AM

I have spent the last 15 hours trying to figure this one out, No Luck, Time to ask the big dogs. :-) So every time I do a google search- I am redirected to Click.livesearch.com This is an Xp computer. The only thing that has brought some relief to one of the browsers was installing an add on called redirect cleaner 2.1.1 in firefox- no longer are my searches being redirected in firefox but poor IE is still out of luck. Sorry if this entire post seems sort of hateful - Im less than a couple more hours from throwing this computer through a window lol.

Side node This is not My computer- It belongs to a friend of mine who has given me full permission to attempt to remove this pesky booger. So I am not familiar with what processes should be running on this computer.

Edited by Vertiglow, 23 December 2012 - 01:53 AM.


BC AdBot (Login to Remove)

 


#2 Vertiglow

Vertiglow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIDDLE OF EVERY THING
  • Local time:11:18 PM

Posted 23 December 2012 - 12:42 AM

JUST RAN SCANS NO REPAIRS ATTEMPTED
JUST TRYING TO HELP OUT- I KNOW YOUR JOB IS EXTREMELY TEDIOUS AND TIME CONSUMING :thumbsup:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java™ 6 Update 30
Java 7 Update 10
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
Trend Micro HiJackThis HiJackThis.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````



a little info

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:53 PM, on 12/22/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5492 bytes







MORE INFO



OTL LOG-

SETTINGS

PROCESSES-USE SAFE LIST
SERVICES-USE SAFE LIST
STANDARD REGISTRY- USE SAFE LIST
MODULES - NO COMPANY NAME
DRIVERS- USE SAFELIST
EXTRA REGISTY -USE SAFELIST
SCAN ALL USERS SELECTED
OUTPUT MINIMAL
FILE SCANS 30 DAYS
USE NO-COMPANY-NAME "WHITELIST SELECTED"
FILES CREATED WITHIN "FILE AGE SELECTED"
FILES MODIFIED WITHIN "FILE AGE SELECTED"



OTL logfile created on: 12/22/2012 11:45:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bob\Desktop\New Folder (2)
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.07 Mb Total Physical Memory | 152.30 Mb Available Physical Memory | 29.86% Memory free
1.22 Gb Paging File | 0.73 Gb Available in Paging File | 59.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 458.00 Gb Free Space | 98.33% Space Free | Partition Type: NTFS

Computer Name: BK-FB7 | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\New Folder (2)\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12122200\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()


========== Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (efavdrv) -- C:\WINDOWS\system32\drivers\efavdrv.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Bob\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\..\SearchScopes,DefaultScope = {98C5B896-7EC6-4A64-8327-BCA9CE403EC6}
IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\..\SearchScopes\{18EA4479-294C-4FC0-AEE0-A22070C9CE66}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\..\SearchScopes\{2570176A-BADE-4E4A-9ACD-DB2BBBA732FF}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\..\SearchScopes\{7D6C8A86-15C7-430C-B602-EA331A475D5E}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\..\SearchScopes\{98C5B896-7EC6-4A64-8327-BCA9CE403EC6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-682003330-1965331169-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: redirectcleaner%40example.net:2.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/21 20:30:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/22 23:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/12/22 23:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
[2012/12/22 23:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2p9ygy3v.default\extensions
[2012/12/21 19:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\6ot7a680.default\extensions
[2012/12/21 19:35:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\6ot7a680.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/22 23:10:57 | 000,030,750 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2p9ygy3v.default\extensions\redirectcleaner@example.net.xpi
[2012/12/22 23:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/19 15:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/12/19 15:33:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/22 22:41:08 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1965331169-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1965331169-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-1965331169-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-1965331169-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-1965331169-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6BB849F-1561-470B-97F1-7B99B2992F9F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/16 08:15:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/22 23:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/22 22:46:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/12/22 22:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\RK_Quarantine
[2012/12/22 21:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/12/22 19:04:00 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2012/12/22 19:00:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\Administrative Tools
[2012/12/22 18:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Doctor Web
[2012/12/22 18:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\HiJackThis
[2012/12/22 17:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/12/22 17:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\Sun
[2012/12/22 17:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/22 17:31:38 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/12/22 17:31:38 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/12/22 17:31:14 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/22 17:31:14 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/22 17:31:14 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/12/22 17:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/12/22 00:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\New Folder (2)
[2012/12/22 00:23:24 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/21 23:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/12/21 22:58:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/12/21 22:26:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/12/21 20:30:20 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/12/21 20:30:20 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/12/21 20:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/12/21 20:30:18 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/12/21 20:30:17 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/12/21 20:30:17 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/12/21 20:30:15 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/12/21 20:30:15 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/12/21 20:30:14 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/12/21 20:29:49 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/12/21 20:29:48 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/12/21 20:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/12/21 20:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/12/21 19:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/21 19:59:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/21 19:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/21 19:47:05 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Bob\Desktop\rkill.exe
[2012/12/21 19:36:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Recent
[2012/12/21 19:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Opener
[2012/12/21 19:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESPNMotion
[2012/12/21 19:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIGStream
[2012/12/21 19:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/12/21 19:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free Opener
[2012/12/21 19:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/21 19:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Chameleon
[2012/12/17 19:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla
[2012/12/17 19:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Mozilla
[2012/12/17 19:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/12/17 19:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\Amazon Browser Bar
[2012/12/17 19:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2012/12/17 19:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\New Folder
[2012/12/17 18:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/12/17 18:22:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/17 18:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/12/17 18:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/22 23:36:36 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\HiJackThis.lnk
[2012/12/22 23:13:33 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/22 23:13:32 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Gurygad.job
[2012/12/22 23:13:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/22 23:13:27 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/22 23:08:54 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/22 23:08:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/12/22 23:07:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/22 22:41:08 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/22 22:25:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bob\defogger_reenable
[2012/12/22 21:56:07 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/12/22 17:56:40 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\url.htm
[2012/12/22 17:48:36 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\AnviSoft.url
[2012/12/22 17:40:46 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\ddddd.htm
[2012/12/22 17:31:00 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/12/22 17:30:55 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/12/22 17:30:55 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/22 17:30:54 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/22 17:30:54 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/12/22 17:30:53 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/12/22 13:06:44 | 001,674,762 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\AutoRuns.arn
[2012/12/22 00:50:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/21 23:27:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\MBR.dat
[2012/12/21 23:05:50 | 000,000,373 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Browser redirects - click.livesearch, click.searchwebresults, etc ....url
[2012/12/21 22:56:05 | 000,257,708 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\New Folder (2).zip
[2012/12/21 22:07:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/21 22:07:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/21 20:30:21 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/12/21 20:30:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/12/21 19:59:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/21 19:47:17 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Bob\Desktop\rkill.exe
[2012/12/21 19:42:37 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/21 19:41:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/21 19:37:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/21 19:28:25 | 000,400,108 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Chameleon2.zip
[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/06 13:02:10 | 000,002,788 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\thesalemnewsonline.com Auctions.url
[2012/11/29 09:43:28 | 000,131,072 | RHS- | M] () -- C:\WINDOWS\System32\ctl3dv29.dll
[2012/11/26 19:47:40 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel Photo Album 6.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/22 23:08:54 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/22 23:08:54 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/22 23:08:54 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/12/22 22:25:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bob\defogger_reenable
[2012/12/22 22:19:08 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/22 18:10:05 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\HiJackThis.lnk
[2012/12/22 17:48:36 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\AnviSoft.url
[2012/12/22 17:40:45 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\ddddd.htm
[2012/12/22 13:06:43 | 001,674,762 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\AutoRuns.arn
[2012/12/22 01:09:01 | 000,001,157 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\url.htm
[2012/12/21 23:27:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\MBR.dat
[2012/12/21 23:05:50 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Browser redirects - click.livesearch, click.searchwebresults, etc ....url
[2012/12/21 22:56:05 | 000,257,708 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\New Folder (2).zip
[2012/12/21 20:30:21 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/12/21 20:30:16 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/21 19:59:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/21 19:28:23 | 000,400,108 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Chameleon2.zip
[2012/12/20 20:32:51 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/12/17 18:24:35 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/12/17 18:24:32 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2012/12/06 13:02:09 | 000,002,788 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\thesalemnewsonline.com Auctions.url
[2012/11/29 09:43:29 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\Gurygad.job
[2012/11/29 09:43:28 | 000,131,072 | RHS- | C] () -- C:\WINDOWS\System32\ctl3dv29.dll
[2012/10/29 16:55:45 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Bob\Application Datauser_gensett.xml
[2012/09/13 16:41:33 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/20 13:56:50 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Bob\Allowed
[2012/02/15 18:30:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 09:17:23 | 000,000,848 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/12/20 14:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imwords.dat
[2011/12/20 14:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2011/12/20 14:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\im_markovian.dat
[2011/12/19 22:13:19 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/12/19 21:49:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/12/19 11:34:56 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2011/12/16 12:20:03 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/12/16 10:40:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/16 10:28:01 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\fusioncache.dat
[2011/12/16 08:18:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/16 08:11:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/16 00:46:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/16 00:43:47 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/29 18:40:20 | 000,100,256 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== ZeroAccess Check ==========

[2011/12/16 08:11:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\muweb.dll:BDU

< End of report >



MORE INFO




DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
Run by Bob at 0:23:55 on 2012-12-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.109 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F6BB849F-1561-470B-97F1-7B99B2992F9F} : DHCPNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\2p9ygy3v.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-12-21 21:26; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-12-22 23:10; redirectcleaner@example.net; c:\documents and settings\bob\application data\mozilla\firefox\profiles\2p9ygy3v.default\extensions\redirectcleaner@example.net.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-21 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-21 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-21 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-21 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-21 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-21 676936]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-21 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 efavdrv;efavdrv;\??\c:\windows\system32\drivers\efavdrv.sys --> c:\windows\system32\drivers\efavdrv.sys [?]
S3 mbamchameleon;mbamchameleon;\??\c:\windows\system32\drivers\mbamchameleon.sys --> c:\windows\system32\drivers\mbamchameleon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-23 04:46:33 -------- d-s---w- C:\ComboFix
2012-12-23 03:52:39 -------- d-----w- c:\windows\pss
2012-12-23 01:04:00 -------- d-s-a-r- C:\cmdcons
2012-12-23 00:16:34 -------- d-----w- c:\documents and settings\bob\Doctor Web
2012-12-23 00:10:05 388096 ----a-r- c:\documents and settings\bob\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-12-22 23:32:10 -------- d-----w- c:\documents and settings\bob\local settings\application data\Sun
2012-12-22 23:31:38 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-22 23:31:14 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-22 06:23:24 -------- d-----w- C:\JRT
2012-12-22 05:42:34 -------- d-----w- c:\program files\ESET
2012-12-22 04:58:33 -------- d--h--w- c:\windows\PIF
2012-12-22 04:26:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-22 02:30:17 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-22 02:29:49 41224 ----a-w- c:\windows\avastSS.scr
2012-12-22 02:29:22 -------- d-----w- c:\program files\AVAST Software
2012-12-22 02:29:22 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-12-22 01:59:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-22 01:59:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-22 01:36:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-22 01:36:39 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-22 01:36:20 -------- d-----w- c:\program files\ESPNMotion
2012-12-22 01:36:20 -------- d-----w- c:\program files\DIGStream
2012-12-22 01:36:17 -------- d-----w- c:\program files\Free Opener
2012-12-22 01:28:43 -------- d-----w- c:\program files\Chameleon
2012-12-18 01:10:25 -------- d-----w- c:\documents and settings\bob\local settings\application data\Mozilla
2012-12-18 01:07:51 -------- d-----w- c:\documents and settings\bob\local settings\application data\Amazon Browser Bar
2012-12-18 01:07:30 -------- d-----w- c:\program files\Amazon Browser Bar
2012-12-18 00:18:56 -------- d-----w- c:\program files\Trend Micro
2012-11-29 15:43:28 131072 --sha-r- c:\windows\system32\ctl3dv29.dll
.
==================== Find3M ====================
.
2012-12-22 23:30:54 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-22 04:07:54 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-22 04:07:54 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 12:13:28 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd(3).dll
2012-11-02 02:02:42 375296 -c--a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 -c--a-w- c:\windows\system32\synceng.dll
2010-03-30 00:40:20 100256 -c--a-w- c:\program files\common files\LinkInstaller.exe
.
============= FINISH: 0:24:18.34 ===============


I CAN POST ATTACH.TXT IF YOU NEED IT SORRY IF CAPS LOCK BOTHERS YOU IT MAKES IT EASIER FOR ME TO READ LOL

Edited by Vertiglow, 23 December 2012 - 01:55 AM.


#3 Vertiglow

Vertiglow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIDDLE OF EVERY THING
  • Local time:11:18 PM

Posted 23 December 2012 - 01:11 AM

OK SORRY BUT THIS FASCINATES ME -- AFTER ACTUALLY READING THE OTL REPORT THIS SECTION SEEMS RATHER SUSPICIOUS - IDK I WILL LET YOU GUYS DO THIS - YOU HAVE BEEN AT IT A LOT LONGER THAN I HAVE :-)

I'M A PEN TESTER AND WEB/SOFTWARE DEV- ON THE SIDE SO I AT LEAST HAVE TO FIGURE THIS OUT :-S CURIOSITY KILLS ME SOMETIMES

Auctions.url
[2012/11/29 09:43:29 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\Gurygad.job
[2012/11/29 09:43:28 | 000,131,072 | RHS- | C] () -- C:\WINDOWS\System32\ctl3dv29.dll
[2012/10/29 16:55:45 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Bob\Application Datauser_gensett.xml
[2012/09/13 16:41:33 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/20 13:56:50 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Bob\Allowed
[2012/02/15 18:30:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 09:17:23 | 000,000,848 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/12/20 14:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imwords.dat
[2011/12/20 14:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2011/12/20 14:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\im_markovian.dat
[2011/12/19 22:13:19 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/12/19 21:49:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/12/19 11:34:56 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2011/12/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2011/12/16 12:20:03 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/12/16 10:40:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/16 10:28:01 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application

other weird things
ctl3dv29.dll located in c/windows/System32 "cant find a reference anywhere
LinkInstaller.exe located in program files / common files

Sorry If my post has became obsessive - but its in my nature lol

Edited by Vertiglow, 23 December 2012 - 03:00 PM.


#4 Vertiglow

Vertiglow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIDDLE OF EVERY THING
  • Local time:11:18 PM

Posted 23 December 2012 - 06:58 PM

Debating on Reformat- Should I just go for the reformat?

#5 Vertiglow

Vertiglow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIDDLE OF EVERY THING
  • Local time:11:18 PM

Posted 25 December 2012 - 10:00 PM

Never mind, Fixed it. Thank you anyways. :-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users