1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Redirecting for 4 months or so

Discussion in 'Virus & Other Malware Removal' started by Maestra76, Mar 8, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Maestra76

    Maestra76 Thread Starter

    Joined:
    Mar 8, 2011
    Messages:
    9
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:37:33 AM, on 3/8/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16722)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Jennie\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
    O2 - BHO: 66197ddb - {7256790A-FA7A-7E9D-EE16-2595D9019FB6} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: 66197ddb - {97726883-F00C-BBAA-7D44-FC19A63FE9FF} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (file missing)
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
    O2 - BHO: 66197ddb - {FAB3EAA4-A5EF-31F1-B451-3BAE70CB07DD} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (file missing)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
    O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WDSmartWare.lnk = C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Windows Backup (SDRSVC32) - Unknown owner - c:\programdata\msxml632.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Secure Socket Tunneling Protocol Service (SstpSvc32) - Unknown owner - c:\programdata\api-ms-win-core-localregistry-l1-1-032.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: Windows Modules Installer (TrustedInstaller32) - Unknown owner - c:\windows\system32\nlslexicons001032.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Block Level Backup Engine Service (wbengine32) - Unknown owner - c:\programdata\whealogr32.exe (file missing)
    O23 - Service: WD SmartWare Drive Manager Service (WDDMService.exe) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11765 bytes

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Jennie at 10:39:39.28 on Tue 03/08/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3839.2252 [GMT -6:00]
    .
    AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\explorer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Users\Jennie\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    BHO: {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No File
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
    BHO: 66197ddb: {7256790a-fa7a-7e9d-ee16-2595d9019fb6} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: 66197ddb: {97726883-f00c-bbaa-7d44-fc19a63fe9ff} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
    BHO: 66197ddb: {fab3eaa4-a5ef-31f1-b451-3bae70cb07dd} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
    TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [TaskTray]
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
    TB-X64: {F999A48B-1950-4D81-9971-79018F807B4B} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jennie\AppData\Roaming\Mozilla\Firefox\Profiles\wsp0rnjq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Jennie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: SMART Notebook Extension: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262} - C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
    FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    FF - Ext: XUL Cache: {aa9ba412-ef36-42aa-a316-d859a18a724f} - %profile%\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-1-4 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2011-1-4 221232]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-2-25 1124472]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-1-4 615040]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110304.001\IDSviA64.sys [2011-3-7 476792]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-1-4 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2011-1-4 451120]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-4 203776]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2011-1-4 126392]
    R2 WDDMService.exe;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-8-17 116224]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-4 132656]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
    R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2010-6-15 12584]
    R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2010-6-15 15784]
    R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2010-6-15 18432]
    R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
    R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SDRSVC32;Windows Backup ;c:\programdata\msxml632.exe --> c:\programdata\msxml632.exe [?]
    S2 SstpSvc32;Secure Socket Tunneling Protocol Service ;c:\programdata\api-ms-win-core-localregistry-l1-1-032.exe --> c:\programdata\api-ms-win-core-localregistry-l1-1-032.exe [?]
    S2 TrustedInstaller32;Windows Modules Installer ;c:\windows\system32\nlslexicons001032.exe --> c:\windows\system32\nlslexicons001032.exe [?]
    S2 wbengine32;Block Level Backup Engine Service ;c:\programdata\whealogr32.exe --> c:\programdata\whealogr32.exe [?]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-5-14 271712]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-5-14 329952]
    S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-5-14 6465760]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 SQTECH9052;Disney Micro;C:\Windows\System32\drivers\Capt9052.sys [2010-11-28 47680]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2011-02-25 02:43:53 -------- d-----w- C:\Users\Jennie\AppData\Local\Yahoo
    2011-02-25 02:42:38 -------- d-----w- C:\Users\Jennie\AppData\Local\Yahoo!
    2011-02-25 02:40:00 -------- d-----w- C:\Program Files (x86)\Yahoo!
    .
    ==================== Find3M ====================
    .
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2011-01-04 14:20:49 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
    2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
    2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
    2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
    2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
    2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
    2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
    2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
    2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
    2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-12-16 22:58:14 40816 ----a-w- C:\Windows\System32\drivers\ElbyCDIO.sys
    .
    ============= FINISH: 10:40:31.07 ===============

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-08 12:46:59
    Windows 6.1.7600
    Running: qbk9i0q3.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ???:????? ???-???-????????????????????????????????(??-???-?????e?-???-???????-??????????????????SeTcbPrivilege?SeImpersonatePrivilege?SeIncreaseBasePriorityPrivilege??RS\???????????????????????????,?-?-?-?-?-?-?-?-?-?-?-([email protected],-3250???????????????????????????Z??-??????????????%SystemRoot%\system32\svchost.exe -k netsvcs????????????????t??????,???-???????? ?????????????([email protected],-3251??????????-???-??????? ???-??????????????LocalSystem??????????-??????????????????SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege?SeShutdownPrivilege?SeTakeOwnershipPrivilege?????-?-?-?-?-?-?-?-?-????,??-???_???????B??????????????????????????? ???????,???????????-?,????????????????????????????0????????????????`???????????????????? ????????????????????? [email protected]%SystemRoot%\system32\peerdistsvc.dll,-9000?C???????????\??????4?????\??-???-??????????%SystemRoot%\System32\svchost.exe -k PeerDist????????????-???e?????,???-???????? ????-????????Z??-?
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ???:?????:?t????? ???.???t?????????????????????????????????0???0???????????/??sys,#154???????????I??ri???.???????. ???????????r94x??????????PCI\VEN_1022&DEV_9605&REV_00?PCI\VEN_1022&DEV_9605?PCI\VEN_1022&CC_060400?PCI\VEN_1022&CC_0604?PCI\VEN_1022?PCI\CC_060400?PCI\CC_0604????.????N??.?????????D4x????N??.???.?????.?/???&???.???2???????????????????????&[email protected]\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,6,0)[email protected][email protected]???????????????????????????????D?????????????????????????????????????????????????????????????????????????????????? ???.?????????.?.??pci??/????H??/???????????????????????????????????????????????????m???/?/????? ???????.???????????.?,??????"??????????f??? ???????.?????.?.???????.???2???e???.??PCI\VEN_1022&DEV_9606&SUBSYS_014E1025&REV_00?PCI\VEN_1022&DEV_9606&SUBSYS_014E1025?PCI\VEN_1022&DEV_9606&CC_060400?PCI\VEN_1022&DEV_9606&CC_0604??????N??.???2?????D?.??????????? ???????.???????????.?0???????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ???/?&???????????a??????Net?????? ?????????????-???????,??"?????????&????????????????????-??? ???????-?????-???????,??????????????????????s?????? ???????-?????-?????-?,??P???P??????????????n???(??????????????????????????????? ???????-???????????-?,????????????(????????????????????????????-???0???d???-?-????? ???????-???????????-?,????????N??????????????-??????N??-??? ??????{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}??????? ???????????????????-?,?????? ?:???&?????????????????????????:??-??????????????LocalSystemNetworkRestricted??????8??-???????????-??%windir%\system32\DFDTS.dll?_2???-?-BS??? ??????????????????????????????(????????????????r?????-??????????(??-???7?????e0C??HTTP Print Services?27???????-??????us??inetpp.dll???-??LanMan Print Services?Internet Print [email protected]%systemroot%\system32\cscsvc.dll,-200?VEN???????????C??????0????????-??????p???ProfSvc_Group???RpcSs??-?-???????-???0????hf-f??%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted??????? ????-??65??LocalSy
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ???t?????????????????????0??0????????????B??????????? B??s??????????????? [email protected][email protected],-2946????????s????????h?????%SystemRoot%\System32\svchost.exe -k [email protected]ll,-2947???? 8??s??????????????NT AUTHORITY\NetworkService??????????????????????????????????????????????s?????????????? ????????????????s???????????e??RPCSS?SamSS???????,??s????????????????????????????????????2??s??????????????????SeChangeNotifyPrivilege?????? F??s???????????????s??? ???????????????????????????????????????????????????s?s?s???s???????????????s?s?s?s?s?s?s?s?s?s?s?s????? ???????s???????????s????????,?F??? ???????????%systemroot%\system32\msdtckrm.dll????????"??s?????????n????KtmRmServiceMain????????????????????????????? ???????s???????????s??????????????????????????????0??????????????????????????????????????????????? ??????????????????????????????????(??????P?????????????????????????? ???????s?????s???????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ???s??????????????????????????<??s????????h??????????s??*6to4mp??????????????.??t?????????????????????s?????????????????? ???????n?????s????????????????X???????????IP Network Address Translator????????t???????????????????????????????s????????????????6??s????????????????,??s?????????e?????????s????????????N??~???d??????????LocalSystem?????????????????????? J??????5??????????????????????t???kbd101.dll?r????i8042 Keyboard and PS/2 Mouse Port Driver????????s??????p???????????? ???????s???????????s????????0????? ????????????????????????????????????s??????????????????????????????????t???cdfs????? ???????n?????s?????s??????????V????????V???????????????????????s??????p????s?s?s????????????????????????R??s????????h?????SCSI Miniport????s?s?s?s?s?s?s?????s?????s??\SystemRoot\system32\DRIVERS\iaStorV.sys? ????V??s???????????d?????????????g?????t?t?t???????????!???e??iastorv.inf_amd64_neutral_18cccb83b34e1453????????????????????????????????????????????N??s????????h?????? ???????s???????????s????????&????? ??????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ???z????9D???????????????z??????????????????LS??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|?????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|?<???"????????????????????????????????????????????????????????????????????????????????????`??????E?????e\D??????????????e???????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected]
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???o?s???????????2?????????n?.???.??? ???????h?????h???????0????????????????????? ???????h???????????h?0?????????????????????????h???????????????j???\?????e6.??4&1dc125b8&0???????h????? ???????h?????h???????0???????????????????????h???h???h???h???h???h???h???h???h??ROM????h??? ???????h???????????h?0????????????????????Microsoft????h?h__?????h????? ???????h?????h???????0????????????????????? ???????h???????????h?0?????????????????????h?h????????1?????????????X??????/???/?????h????? ???????f?????h???????,?? ??????????????M??? ???????h?????h???????,??"????????????????????????h????? ???????h?????h?? ????,??"???&[email protected],%lptenum\microsoftrawport958a.devicedesc%;Printer Port Logical Interface????????h????????????N??h???o?????D?????h?h????udfs???????h????{4d36e97d-e325-11ce-bfc1-08002be10318}[email protected],%hdaudio.devicedesc%;High Definition Audio Controller?????System?ind???????d??????s?????N??h???.??????????Microsoft???udfs?????i?i?????????e???.???e????X?????????????LPTENUM\Microso
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???s?s????:??s????????h?????????????Net??t?????????????g???????s?????t?t?????s?s?s?????????????????????????????????s?:???????????????????????????????o?t?o?t?t??System32\Drivers\ksecpkg.sys????????????? ???????n??????????????????????:????????g??\SystemRoot\system32\drivers\ksthunk.sys????????????????t????????????????????????????*???*????0??s?????????e??????R??s????????h????????????????????????????????o??????"??t??????p????????s??? ???????n??????????????????????R????????k??Kernel Streaming Thunks??????????????????????????????????l???????????????????????u???????????.???????i???.??????FSFilter Virtualization????????t?????????????????????0??0????????????B??????????? B??s??????????????? [email protected][email protected],-2946????????s????????h?????%SystemRoot%\System32\svchost.exe -k [email protected]ll,-2947???? 8??s??????????????NT AUTHORITY\NetworkService??????????????????????????????????????????????s?????????????? ??????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???s?????t?t?????s?s?s?????????????????????????????????s?:???????????????????????????????o?t?o?t?t??System32\Drivers\ksecpkg.sys????????????? ???????n??????????????????????:????????g??\SystemRoot\system32\drivers\ksthunk.sys????????????????t????????????????????????????*???*????0??s?????????e??????R??s????????h????????????????????????????????o??????"??t??????p????????s??? ???????n??????????????????????R????????k??Kernel Streaming Thunks??????????????????????????????????l???????????????????????u???????????.???????i???.??????FSFilter Virtualization????????t?????????????????????0??0????????????B??????????? B??s??????????????? [email protected][email protected],-2946????????s????????h?????%SystemRoot%\System32\svchost.exe -k [email protected]ll,-2947???? 8??s??????????????NT AUTHORITY\NetworkService??????????????????????????????????????????????s?????????????? ????????????????s???????????e??RPCSS?SamSS???????,??s?????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???o?s????????????????????????d??????????????????????????i?i?i?i?i?????????????????????????i???i????? ???????i?????????????,?????????????????f?????i????????? ???????i?????i???????0??L????????? ???????? ?????i???i???i????????? ???????i?????i???????0????????????&????????????????????????????????????????????????????????????????????????????????????????????????s?????????????????????i????? ???????i?????i???????0????????????????????? ?i???i???i???i???i???i???i???i???i???i??sbpo??? ???????i???????????i?0????????B?????????????B??i????????????:??i?????????????????????????i????? ???????i?????i???????0????????????????????? ???????i???????????i?0????????:????????????-??1???????????????????????????e????????????6??.t?????????????????????????i????? ???????i?????i???????0????????????????????? ???????i???????????i?0?????????????????????????????????????????????????????w?????????i????? ???????j???????????????????????????????P???????????????????????????????j???????e????D??????\[email protected]
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???s?:???????????????????????????????o?t?o?t?t??System32\Drivers\ksecpkg.sys????????????? ???????n??????????????????????:????????g??\SystemRoot\system32\drivers\ksthunk.sys????????????????t????????????????????????????*???*????0??s?????????e??????R??s????????h????????????????????????????????o??????"??t??????p????????s??? ???????n??????????????????????R????????k??Kernel Streaming Thunks??????????????????????????????????l???????????????????????u???????????.???????i???.??????FSFilter Virtualization????????t?????????????????????0??0????????????B??????????? B??s??????????????? [email protected][email protected],-2946????????s????????h?????%SystemRoot%\System32\svchost.exe -k [email protected]ll,-2947???? 8??s??????????????NT AUTHORITY\NetworkService??????????????????????????????????????????????s?????????????? ????????????????s???????????e??RPCSS?SamSS???????,??s????????????????????????????????????2??s??????????????????SeChangeNot
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???o??????"??t??????p????????s??? ???????n??????????????????????R????????k??Kernel Streaming Thunks??????????????????????????????????l???????????????????????u???????????.???????i???.??????FSFilter Virtualization????????t?????????????????????0??0????????????B??????????? B??s??????????????? [email protected][email protected],-2946????????s????????h?????%SystemRoot%\System32\svchost.exe -k [email protected]ll,-2947???? 8??s??????????????NT AUTHORITY\NetworkService??????????????????????????????????????????????s?????????????? ????????????????s???????????e??RPCSS?SamSS???????,??s????????????????????????????????????2??s??????????????????SeChangeNotifyPrivilege?????? F??s???????????????s??? ???????????????????????????????????????????????????s?s?s???s???????????????s?s?s?s?s?s?s?s?s?s?s?s????? ???????s???????????s????????,?F??? ???????????%systemroot%\system32\msdtckrm.dll????????"??s?????????n????KtmRmServiceMain???????????????????

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. Maestra76

    Maestra76 Thread Starter

    Joined:
    Mar 8, 2011
    Messages:
    9
    Please help.
     
  3. Maestra76

    Maestra76 Thread Starter

    Joined:
    Mar 8, 2011
    Messages:
    9
    Bumping again.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Do the re-directs happen in both Internet Explorer and Firefox or only one and not the other?
     
  5. Maestra76

    Maestra76 Thread Starter

    Joined:
    Mar 8, 2011
    Messages:
    9
    Only Firefox. I just did a search with IE on a topic that I usually get re-directs on Firefox, and did not have any problems.
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya Maestra76

    Proceed as follows please :-

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista & Win 7).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

    Kevin
     
  7. Maestra76

    Maestra76 Thread Starter

    Joined:
    Mar 8, 2011
    Messages:
    9
    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 21:45 on 13/03/2011 (Jennie)
    Firefox version 3.6.15 (en-US)

    ========== GooredScan ==========

    Deleting "C:\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}" -> Success!

    ========== GooredLog ==========

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [18:54 29/10/2010]
    {AB2CE124-6272-4b12-94A9-7303C7397BD1} [01:06 31/12/2010]
    {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [19:44 29/10/2010]
    {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [19:23 26/12/2010]
    {D6D05E6F-D5C1-4e03-8E33-73F92B05E262} [03:41 19/11/2010]

    C:\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default\extensions\
    {0545b830-f0aa-4d7e-8820-50a4629a56fe} [14:59 22/12/2010]
    {635abd67-4fe9-1b23-4f01-e679fa7484c1} [02:42 25/02/2011]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\" [14:26 04/01/2011]
    "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\" [14:26 04/01/2011]

    -=E.O.F=-
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya Maestra76

    How is your system responding now, have the re-directs stopped?

    Kevin..
     
  9. Maestra76

    Maestra76 Thread Starter

    Joined:
    Mar 8, 2011
    Messages:
    9
    Yes, they've stopped! Does that mean it's fixed?
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya Maestra76,

    We have killed off a Goored infection that was causing the re-directs. We still need to remove some suspect Tool bars from your system and double check with an online AV scan.

    As follows please :-

    Please re-open HiJackThis and scan only.**Check the boxes next to all the entries listed below (If present).

    O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - (no file)
    O2 - BHO: 66197ddb - {7256790A-FA7A-7E9D-EE16-2595D9019FB6} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (file missing)
    O2 - BHO: 66197ddb - {97726883-F00C-BBAA-7D44-FC19A63FE9FF} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: 66197ddb - {FAB3EAA4-A5EF-31F1-B451-3BAE70CB07DD} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (file missing)
    O3 - Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
    O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll


    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot


    Please go to Start > Control Panel > Uninstall a Program and Uninstall the following (if present):

    Ask.com

    Please note any other programs that you dont recognize in that list in your next response

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files (x86)\Ask.com

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take between one and several hours to complete depending on the size of your system.

    Post log from ESET in your reply and a fresh HJT log,

    Kevin
     
  11. Maestra76

    Maestra76 Thread Starter

    Joined:
    Mar 8, 2011
    Messages:
    9
    Please note any other programs that you dont recognize in that list in your next response

    The only one I'm not sure of is Hardware Helper by Driver-Soft Inc.

    ESET Scan results:

    C:\Users\Ace\AppData\Roaming\Mozilla\Firefox\Profiles\aiyq84dl.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\Users\Ace\AppData\Roaming\Mozilla\Firefox\Profiles\aiyq84dl.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar JS/Agent.NCP trojan
    C:\Users\Adams\AppData\Roaming\Mozilla\Firefox\Profiles\vqwh30sr.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\Users\Adams\AppData\Roaming\Mozilla\Firefox\Profiles\vqwh30sr.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar JS/Agent.NCP trojan
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar JS/Agent.NCP trojan
    C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\da2eq43w.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\da2eq43w.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar JS/Agent.NCP trojan
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 1.zip multiple threats
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 2.zip multiple threats
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 4.zip multiple threats
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 5.zip multiple threats
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 7.zip multiple threats
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-26 190003\Backup files 1.zip multiple threats
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-26 190003\Backup files 2.zip multiple threats
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2011-01-09 191210\Backup files 1.zip multiple threats
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2011-01-23 190003\Backup files 1.zip multiple threats
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya Maestra76,

    The program you mention Hardware Helper by Driver-Soft Inc if it is the free version get rid by uninstalling. It is supposed to scan your system and check for out of date drivers. Not a trustworthy application.

    Next,

    Please download OTM by OldTimer.
    Alternative Mirror
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Services
      :Files
      ipconfig /flushdns /c
      C:\Users\Ace\AppData\Roaming\Mozilla\Firefox\Profiles\aiyq84dl.default\exte nsions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest
      C:\Users\Ace\AppData\Roaming\Mozilla\Firefox\Profiles\aiyq84dl.default\exte nsions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar
      C:\Users\Adams\AppData\Roaming\Mozilla\Firefox\Profiles\vqwh30sr.default\ex tensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest
      C:\Users\Adams\AppData\Roaming\Mozilla\Firefox\Profiles\vqwh30sr.default\ex tensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar
      C:\Users\Jennie\Desktop\GooredFix Backups
      C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\da2eq43w.default\ extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest
      C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\da2eq43w.default\ extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar
      K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 1.zip
      K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 2.zip
      K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 4.zip
      K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 5.zip
      K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 7.zip
      K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-26 190003\Backup files 1.zip
      K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-26 190003\Backup files 2.zip
      K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2011-01-09 191210\Backup files 1.zip
      K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2011-01-23 190003\Backup files 1.zip
      :Commands
      [EmptyTemp]
      [ResetHosts]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Next,

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post the logs from OTM and SecurityCheck in your reply, also let me know if there are any remaining issues.

    Kevin
     
  13. Maestra76

    Maestra76 Thread Starter

    Joined:
    Mar 8, 2011
    Messages:
    9
    OTM log:

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Jennie\Desktop\cmd.bat deleted successfully.
    C:\Users\Jennie\Desktop\cmd.txt deleted successfully.
    File/Folder C:\Users\Ace\AppData\Roaming\Mozilla\Firefox\Profiles\aiyq84dl.default\exte nsions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest not found.
    File/Folder C:\Users\Ace\AppData\Roaming\Mozilla\Firefox\Profiles\aiyq84dl.default\exte nsions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar not found.
    File/Folder C:\Users\Adams\AppData\Roaming\Mozilla\Firefox\Profiles\vqwh30sr.default\ex tensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest not found.
    File/Folder C:\Users\Adams\AppData\Roaming\Mozilla\Firefox\Profiles\vqwh30sr.default\ex tensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar not found.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\defaults\preferences folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\defaults folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default\extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f} folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default\extensions folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox\Profiles\wsp0rnjq.default folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox\Profiles folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla\Firefox folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data\Mozilla folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie\Application Data folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users\Jennie folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C\Users folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups\C folder moved successfully.
    C:\Users\Jennie\Desktop\GooredFix Backups folder moved successfully.
    File/Folder C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\da2eq43w.default\ extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome.manifest not found.
    File/Folder C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\da2eq43w.default\ extensions\{aa9ba412-ef36-42aa-a316-d859a18a724f}\chrome\xulcache.jar not found.
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 1.zip moved successfully.
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 2.zip moved successfully.
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 4.zip moved successfully.
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 5.zip moved successfully.
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-12 212755\Backup files 7.zip moved successfully.
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-26 190003\Backup files 1.zip moved successfully.
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2010-12-26 190003\Backup files 2.zip moved successfully.
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2011-01-09 191210\Backup files 1.zip moved successfully.
    K:\ADAMS-PC\Backup Set 2010-12-12 212755\Backup Files 2011-01-23 190003\Backup files 1.zip moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Ace
    ->Temp folder emptied: 685 bytes
    ->Temporary Internet Files folder emptied: 469 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 84452304 bytes
    ->Flash cache emptied: 2004 bytes

    User: Adams
    ->Temp folder emptied: 313947 bytes
    ->Temporary Internet Files folder emptied: 49621 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 95169112 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 11005 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jennie
    ->Temp folder emptied: 6888073 bytes
    ->Temporary Internet Files folder emptied: 6666195 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 46012924 bytes
    ->Flash cache emptied: 9543 bytes

    User: Public

    User: Spencer
    ->Temp folder emptied: 1376 bytes
    ->Temporary Internet Files folder emptied: 615319 bytes
    ->Java cache emptied: 616399 bytes
    ->FireFox cache emptied: 105902954 bytes
    ->Flash cache emptied: 20802 bytes

    User: Unit 5 Laptop

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1216 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66784 bytes
    RecycleBin emptied: 6372192 bytes

    Total Files Cleaned = 337.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTM by OldTimer - Version 3.1.17.2 log created on 03162011_202654

    Files moved on Reboot...
    C:\Users\Adams\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Jennie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Jennie\AppData\Local\Mozilla\Firefox\Profiles\wsp0rnjq.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Jennie\AppData\Local\Mozilla\Firefox\Profiles\wsp0rnjq.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Jennie\AppData\Local\Mozilla\Firefox\Profiles\wsp0rnjq.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Jennie\AppData\Local\Mozilla\Firefox\Profiles\wsp0rnjq.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Jennie\AppData\Local\Mozilla\Firefox\Profiles\wsp0rnjq.default\urlclassifier3.sqlite moved successfully.
    C:\Users\Spencer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    Security Check log:

    Results of screen317's Security Check version 0.99.9
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader X (10.0.1)
    Mozilla Firefox (3.6.15)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````


    I haven't found any other issues.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya Maestra76,

    As you have no remaining issues we`ll clean up, as follows please :-

    Step 1

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself. Any tools/logs left on the Desktop can be deleted.

    Step 2

    Remove the ESET Online Scanner components from your computer, start the Uninstall a Program applet via Start > Control Panel, select the ESET Online Scanner entry and click Remove. This will happen quickly, only re-boot if prompted.

    Step 3

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 24.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Step 4

    Create a new restore point:

    1. Right-click on Computer and go to Properties.
    2. Next click on the System Protection link.
    3. The System Properties dialog screen opens up and you will want to click on Create.
    4. Type in a description for the restore point which will help you remember the point at which is was created. Click on create.
    5. You should see the message "The restore point was created successfully

    To remove all but the most recent restore point do the following:

    1. Open Disk Cleanup by clicking the Start button [​IMG]. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
    2. If prompted, select the drive that you want to clean up, and then click OK.
    3. In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    4. If prompted, select the drive that you want to clean up, and then click OK.
    5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
    6. In the Disk Cleanup dialog box, click Delete.
    7. Click Delete Files, and then click OK. Re-boot your computer.

    Let me know if the above steps completed OK, also any remaining issues or concerns

    Kevin
     
  15. Maestra76

    Maestra76 Thread Starter

    Joined:
    Mar 8, 2011
    Messages:
    9
    Completed the 4 steps and not having any other issues. Thanks Kevin!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/984820

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice