Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Unable to run malware programs, Proxy Se ...
Go to first new post Blekko Lavasoft search engine removal
Go to first new post Trojan virus
Go to first new post WhiteSmoke virus?
Go to first new post possable infection request help ( hijack ...
Go to first new post Cannot download files (including Microso ...
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post Please check my log...Computer running S ...
Go to first new post Unable to use HJT
Go to first new post Files keep deleting themselves! NEED HEL ...
Go to first new post After virus: CMD loads before desktop
Go to first new post Firefox -> google -> url hijack
Go to first new post Unknown Command Prompt running after eve ...
Go to first new post WmiPrvSE.exe hogging CPU 30 - 50%
Go to first new post bitcoin miner infected on my PC
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Being redirected in FireFox


(!)

Reply
Page 1 of 2 1 2
peacepleasure's Avatar
Computer Specs
Member with 32 posts.
THREAD STARTER
  
Join Date: Mar 2010
Experience: Intermediate
11-Jul-2012, 01:40 AM #1
Being redirected in FireFox
Hello, For the past few days I have noticed that my yahoo searches will redirect me to the incorrect website where I will have to "go back" click again and then it will take me to the intended website. I think my system is infected with a redirect virus. Here is my Hijackthis log. Thank you

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:35:33 PM, on 7/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EssentialFax\essfaxcontrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\nelson\My Documents\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={86BEF95B-82DD-43F3-A438-9D25EFE7ED98}&mid=a8a345dcfeef47d09378d15231806068-34a33f4687bce889f2413026ded9842f43c6cac8&lang=en&ds=ft011&pr=sa&d=2012-07-08 02:12:44&v=11.1.0.12&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Essential Fax Print Controller] "C:\Program Files\EssentialFax\essfaxcontrol.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\nelson\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [BitTorrent] rundll32.exe "C:\Documents and Settings\nelson\Local Settings\Application Data\Chronicles of Albian\BitTorrent\svvag.dll",CreateInstance
O4 - HKUS\S-1-5-19\..\Run: [BitTorrent] rundll32.exe "C:\Documents and Settings\nelson\Local Settings\Application Data\Chronicles of Albian\BitTorrent\svvag.dll",CreateInstance (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [BitTorrent] rundll32.exe "C:\Documents and Settings\nelson\Local Settings\Application Data\Chronicles of Albian\BitTorrent\svvag.dll",CreateInstance (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [BitTorrent] rundll32.exe "C:\Documents and Settings\nelson\Local Settings\Application Data\Chronicles of Albian\BitTorrent\svvag.dll",CreateInstance (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [BitTorrent] rundll32.exe "C:\Documents and Settings\nelson\Local Settings\Application Data\Chronicles of Albian\BitTorrent\svvag.dll",CreateInstance (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VideoCam Suite.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12598 bytes
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
17-Jul-2012, 04:25 AM #2
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
peacepleasure's Avatar
Computer Specs
Member with 32 posts.
THREAD STARTER
  
Join Date: Mar 2010
Experience: Intermediate
17-Jul-2012, 11:49 AM #3
Attached, are the results from the DDS tool.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
17-Jul-2012, 02:53 PM #4
Hi,

BitTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
peacepleasure's Avatar
Computer Specs
Member with 32 posts.
THREAD STARTER
  
Join Date: Mar 2010
Experience: Intermediate
17-Jul-2012, 08:45 PM #5
Attached are the logs that you requested. Thanks
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
18-Jul-2012, 05:38 AM #6
Hi,

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
peacepleasure's Avatar
Computer Specs
Member with 32 posts.
THREAD STARTER
  
Join Date: Mar 2010
Experience: Intermediate
18-Jul-2012, 10:59 AM #7
malwarebytes log
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
18-Jul-2012, 11:15 AM #8
Hi,

Have you allowed this port opening in firewall:
Quote:
"12080:TCP"= 12080:TCP:incoming connection


Open notepad and copy/paste the text in the quotebox below into it:

Code:
Folder::
c:\documents and settings\nelson\Application Data\searchquband
c:\documents and settings\All Users\Application Data\boost_interprocess
c:\documents and settings\nelson\Local Settings\Application Data\Ilivid Player
DirLook::
c:\documents and settings\nelson\AppData

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 5.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
peacepleasure's Avatar
Computer Specs
Member with 32 posts.
THREAD STARTER
  
Join Date: Mar 2010
Experience: Intermediate
19-Jul-2012, 10:19 AM #9
Hello, The ESET scan found 13 infected items. I cannot recall allowing the particular port you mentioned, to be opened. Attached are also the logs you requested. Thanks
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
19-Jul-2012, 03:17 PM #10
Hi,

Do you have that ESET report handy too? If not look for it in c:\program files\ESET folder.
peacepleasure's Avatar
Computer Specs
Member with 32 posts.
THREAD STARTER
  
Join Date: Mar 2010
Experience: Intermediate
19-Jul-2012, 07:52 PM #11
Haha, oops. Yep, it's attached. Sorry about that.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
20-Jul-2012, 03:23 AM #12
Hi,

Open notepad and copy/paste the text in the quotebox below into it:


Code:
Folder::
c:\documents and settings\nelson\AppData
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12080:TCP"=-
Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log. Any issues left?
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
peacepleasure's Avatar
Computer Specs
Member with 32 posts.
THREAD STARTER
  
Join Date: Mar 2010
Experience: Intermediate
20-Jul-2012, 09:18 AM #13
Hi, I am still getting redirected in firefox. I just did a search in yahoo and when I clicked on a respected site, it redirected me to merchantcirle.com. I have heard that it can be a hard one to irradiate. Anywho, attached is the combofix log. Thanks
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
21-Jul-2012, 04:48 AM #14
Hi,
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
peacepleasure's Avatar
Computer Specs
Member with 32 posts.
THREAD STARTER
  
Join Date: Mar 2010
Experience: Intermediate
21-Jul-2012, 09:39 AM #15
OTL.txt file
OTL logfile created on: 7/21/2012 7:29:44 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\nelson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.37% Memory free
5.09 Gb Paging File | 4.24 Gb Available in Paging File | 83.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 93.09 Gb Free Space | 62.46% Space Free | Partition Type: NTFS
Drive D: | 399.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LISA | User Name: nelson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\nelson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Program Files\EssentialFax\essfaxcontrol.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12072001\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\pcre.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\EssentialFax\essfaxcontrol.exe ()
MOD - C:\WINDOWS\system32\essfaxpm.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.SYS File not found
DRV - (PCIDump) -- File not found
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS File not found
DRV - (Nmea) -- system32\DRIVERS\pctnullport.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\nelson\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (NETwLx32) Intel(R) -- C:\WINDOWS\system32\drivers\NETwLx32.sys (Intel Corporation)
DRV - (ivusb) -- C:\WINDOWS\system32\drivers\ivusb.sys (Initio Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (VMUVC) -- C:\WINDOWS\system32\drivers\VMUVC.sys (Vimicro Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (swmsflt) -- C:\WINDOWS\system32\drivers\swmsflt.sys ()
DRV - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)
DRV - (vvftUVC) -- C:\WINDOWS\system32\drivers\vvftUVC.sys (Vimicro Corporation)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={86BEF95B-82DD-43F3-A438-9D25EFE7ED98}&mid=a8a345dcfeef47d09378d15231806068-34a33f4687bce889f2413026ded9842f43c6cac8&lang=en&ds=ft011&pr=sa&d=2012-07-08 02:12:44&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
IE - HKCU\..\SearchScopes\{C818B99E-245E-485F-812A-47AE5993D12B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MP3R7&o=15863&src=crm&q={searchTerms}&locale=en_US&ap n_ptnrs=RV&apn_dtid=YYYYYYYYUS&apn_uid=3a02b3ae-d6dd-44e2-a85f-56d9e53a022e&apn_sauid=2F49A54C-7441-4BAC-90E8-3D93A5A0DB72
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B19ea4b5a-7464-4073-84af-c43590c8d6e7%7D&mid=a8a345dcfeef47d09378d15231806068-34a33f4687bce889f2413026ded9842f43c6cac8&ds=ft011&v=11.1.0.12&lang=en&pr=sa &d=2012-07-08%2002%3A12%3A44&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\nelson\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/06 11:19:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp .com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/20 07:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 07:32:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/20 07:32:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp. com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/20 07:32:32 | 000,000,000 | ---D | M]

[2012/07/06 11:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nelson\Application Data\Mozilla\Extensions
[2012/07/16 16:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nelson\Application Data\Mozilla\Firefox\Profiles\suvodea6.default\extensions
[2012/03/18 00:50:29 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\nelson\Application Data\Mozilla\Firefox\Profiles\suvodea6.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/09/15 10:14:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\nelson\Application Data\Mozilla\Firefox\Profiles\suvodea6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2012/07/15 16:23:00 | 000,000,000 | ---D | M] (vshare.tv Community Toolbar) -- C:\Documents and Settings\nelson\Application Data\Mozilla\Firefox\Profiles\suvodea6.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2012/07/16 16:22:59 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\nelson\Application Data\Mozilla\Firefox\Profiles\suvodea6.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/11/08 10:28:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\nelson\Application Data\Mozilla\Firefox\Profiles\suvodea6.default\extensions\engine@conduit.co m
[2012/06/05 22:21:53 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\nelson\Application Data\Mozilla\Firefox\Profiles\suvodea6.default\searchplugins\askcom.xml
[2012/06/29 22:10:22 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\nelson\Application Data\Mozilla\Firefox\Profiles\suvodea6.default\searchplugins\Search_Results .xml
[2012/07/06 11:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/02/28 06:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\NELSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SUVODEA6.DEFAULT\EXTENSIONS\QBRCNFHKJB@QBRCNF HKJB.ORG.XPI
[2012/07/17 18:52:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/01 08:36:28 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/31 04:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/07/08 02:12:36 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/15 20:12:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/29 22:10:22 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/15 20:12:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/20 07:04:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Essential Fax Print Controller] C:\Program Files\EssentialFax\essfaxcontrol.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\nelson\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk = C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76E3CEAD-2DC5-498A-AD88-E9E280E9A421}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC7A7A89-45E7-4F99-BC9E-70177E229A62}: DhcpNameServer = 68.28.82.91 68.28.90.91
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\nelson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nelson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/04 00:46:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 15:51:24 | 000,652,831 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 07:28:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nelson\Desktop\OTL.exe
[2012/07/20 08:26:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/20 07:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\Application Data\HPAppData
[2012/07/20 07:36:32 | 000,713,728 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_d02d.dll
[2012/07/20 07:36:32 | 000,589,824 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpost_d02d.dll
[2012/07/20 07:36:32 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2012/07/20 07:36:32 | 000,315,392 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_d02a.dll
[2012/07/20 07:36:32 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2012/07/20 07:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/07/20 07:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2012/07/20 07:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012/07/20 07:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/07/20 07:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/07/18 22:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/18 17:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\.ehdc
[2012/07/18 17:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\Local Settings\Application Data\Sun
[2012/07/18 11:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/18 11:45:07 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/07/18 11:45:07 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/18 11:45:07 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/18 11:45:01 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/18 11:45:01 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/18 07:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\Application Data\Malwarebytes
[2012/07/18 07:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/18 07:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/18 07:29:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/18 07:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/17 18:12:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/17 18:10:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/17 18:10:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/17 18:10:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/17 18:10:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/17 18:09:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/17 18:09:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/17 09:26:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\nelson\Desktop\dds.com
[2012/07/16 18:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\Local Settings\Application Data\Downloaded Installations
[2012/07/13 10:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VSO
[2012/07/13 10:25:49 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\sipr3260.dll
[2012/07/13 10:25:48 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\Pncrt.dll
[2012/07/13 10:25:48 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv43260.dll
[2012/07/13 10:25:48 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv33260.dll
[2012/07/13 10:25:48 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv23260.dll
[2012/07/13 10:25:48 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\cook3260.dll
[2012/07/13 10:25:43 | 000,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2012/07/13 10:25:40 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2012/07/13 10:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2012/07/12 19:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Dracula - Love Kills Collector's Edition
[2012/07/12 19:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dracula - Love Kills Collector's Edition
[2012/07/10 23:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\My Documents\Hijack This
[2012/07/08 18:48:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nelson\Application Data\SecuROM
[2012/07/08 18:48:20 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2012/07/08 18:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\Local Settings\Application Data\Oblivion
[2012/07/08 18:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\My Documents\My Games
[2012/07/08 02:11:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/05 19:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\Application Data\Skunk Studios
[2012/07/05 18:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Fierce Tales - The Dog's Heart Collector's Edition
[2012/07/05 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fierce Tales - The Dog's Heart Collector's Edition
[2012/07/05 18:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dark Heritage - Guardians of Hope
[2012/07/05 18:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dark Heritage - Guardians of Hope
[2012/07/05 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Flux Family Secrets - The Book of Oracles
[2012/07/05 18:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flux Family Secrets - The Book of Oracles
[2012/07/05 18:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Echoes of the Past - The Citadels of Time
[2012/07/05 18:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Echoes of the Past - The Citadels of Time
[2012/06/29 21:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nelson\Application Data\.minecraft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/21 07:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 07:28:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nelson\Desktop\OTL.exe
[2012/07/21 07:15:12 | 000,082,126 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/07/21 05:10:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-796845957-790525478-682003330-1004UA.job
[2012/07/20 23:26:01 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/20 20:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/20 17:10:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-796845957-790525478-682003330-1004Core.job
[2012/07/20 08:29:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/20 08:27:14 | 000,463,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/20 08:27:14 | 000,078,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/20 08:22:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/20 08:22:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/20 08:21:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/20 08:18:54 | 000,205,224 | ---- | M] () -- C:\WINDOWS\hpoins46.dat
[2012/07/20 07:59:37 | 000,163,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/20 07:57:10 | 000,057,749 | ---- | M] () -- C:\Documents and Settings\nelson\Desktop\HP Installation Error - XP.hta
[2012/07/20 07:32:39 | 000,205,820 | ---- | M] () -- C:\WINDOWS\hpoins46.dat.temp
[2012/07/20 07:31:54 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/07/20 07:31:05 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/07/20 07:04:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/18 22:05:29 | 000,082,126 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/07/18 11:44:26 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/18 11:44:26 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/18 11:44:26 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/18 11:44:25 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/07/18 11:44:25 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/18 11:44:24 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/07/18 07:29:41 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/17 09:26:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\nelson\Desktop\dds.com
[2012/07/16 18:25:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FaxMan
[2012/07/15 09:18:23 | 000,389,477 | ---- | M] () -- C:\Documents and Settings\nelson\Desktop\rephreshcoupon_cid74_201112.pdf
[2012/07/15 08:31:19 | 000,230,840 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/07/14 16:18:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/13 20:50:56 | 000,102,912 | ---- | M] () -- C:\Documents and Settings\nelson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 10:25:55 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2012/07/12 19:11:05 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Dracula - Love Kills Collector's Edition.lnk
[2012/07/12 19:11:05 | 000,001,246 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2012/07/11 20:25:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/11 20:25:31 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/11 06:40:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/08 18:48:20 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2012/07/07 12:59:32 | 000,114,386 | ---- | M] () -- C:\Documents and Settings\nelson\Desktop\direct_deposit form-zack.pdf
[2012/07/06 11:26:09 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/05 18:58:41 | 000,001,970 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Fierce Tales - The Dog's Heart Collector's Edition.lnk
[2012/07/05 18:39:04 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Dark Heritage - Guardians of Hope.lnk
[2012/07/05 18:29:11 | 000,001,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Flux Family Secrets - The Book of Oracles.lnk
[2012/07/05 18:20:43 | 000,001,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Echoes of the Past - The Citadels of Time.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 10:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 10:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 10:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 10:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 10:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 10:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 10:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 10:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 10:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 10:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/20 08:21:26 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk
[2012/07/20 08:21:26 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/07/20 08:21:26 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/07/20 08:21:26 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/07/20 07:31:54 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/07/20 07:25:14 | 000,205,224 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2012/07/20 07:25:14 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2012/07/18 19:42:20 | 004,275,463 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\TroubleshootingXP.rtf
[2012/07/18 18:07:00 | 000,057,749 | ---- | C] () -- C:\Documents and Settings\nelson\Desktop\HP Installation Error - XP.hta
[2012/07/18 18:03:21 | 000,205,820 | ---- | C] () -- C:\WINDOWS\hpoins46.dat.temp
[2012/07/18 18:03:21 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2012/07/18 07:29:40 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/17 18:12:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/17 18:12:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/17 18:10:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/17 18:10:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/17 18:10:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/17 18:10:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/17 18:10:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/15 09:18:20 | 000,389,477 | ---- | C] () -- C:\Documents and Settings\nelson\Desktop\rephreshcoupon_cid74_201112.pdf
[2012/07/13 10:25:54 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2012/07/12 19:11:05 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Dracula - Love Kills Collector's Edition.lnk
[2012/07/12 19:11:05 | 000,001,246 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2012/07/07 12:59:32 | 000,114,386 | ---- | C] () -- C:\Documents and Settings\nelson\Desktop\direct_deposit form-zack.pdf
[2012/07/06 11:19:41 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/05 18:58:41 | 000,001,970 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Fierce Tales - The Dog's Heart Collector's Edition.lnk
[2012/07/05 18:39:04 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Dark Heritage - Guardians of Hope.lnk
[2012/07/05 18:29:11 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Flux Family Secrets - The Book of Oracles.lnk
[2012/07/05 18:20:43 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Echoes of the Past - The Citadels of Time.lnk
[2012/05/17 12:08:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/04/03 19:30:32 | 000,005,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2012/04/03 17:58:41 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\essfaxpm.dll
[2012/02/15 19:18:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/11 23:09:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/11/12 14:19:01 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/11/05 13:55:14 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/09/01 18:38:00 | 000,102,912 | ---- | C] () -- C:\Documents and Settings\nelson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/22 21:27:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/20 23:06:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/20 21:46:21 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2011/07/20 21:11:31 | 000,082,126 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/07/20 21:10:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/07/20 21:10:15 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/07/20 21:10:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/07/20 21:10:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/07/20 21:10:13 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/07/20 21:10:12 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/07/20 21:10:11 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/07/20 21:10:11 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

< End of report >
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
redirect

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 04:21 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑