Jump to content

Chrome redirect issues


ozzie4
 Share

Recommended Posts

Hi,

 

Great, let's check for remnants.

 

===================================================

 

Go here and click 'ESET Online Scanner'.

[*]If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.

[*]Turn off the real-time scanner of any existing antivirus program while performing the online scan.

[*]Tick the box next to YES, I accept the Terms of Use.

[*]Click Start

[*]If using Internet Explorer, allow the ActiveX control to install when asked.

[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

[*]Click on Advanced Settings and ensure these options are ticked:

[*]Scan for potentially unwanted applications

[*]Scan for potentially unsafe applications

[*]Enable Anti-Stealth Technology

[*]Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.

[*]Tick all the boxes that correspond to your external/inserted drives.

[*]Click Start

[*]Wait for the scan to finish.

[*]When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."

[*]Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it.

===================================================

 

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware here and save to your desktop.

[*]Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)

[*]At the end, be sure a checkmark is placed next to:

[*]Update Malwarebytes' Anti-Malware

[*]Launch Malwarebytes' Anti-Malware

[*]Then click Finish.

[*]If an update is found, it will download and install the latest version.

[*]Once the program has loaded, select Perform quick scan, then click Scan.

[*]When the scan is complete, click OK, then Show Results to view the results.

[*]Be sure that everything is checked, and click Remove Selected.

[*]When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:

[*]The log can also be found here:

C:Documents and SettingsUsernameApplication DataMalwarebytesMalwarebytes' Anti-MalwareLogsmbam-log-date (time).txt

[*]Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

 

===================================================

 

On your next reply please post :

ESET log

MBAM log

 

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

C:ProgramDataSpybot - Search & DestroyRecoverySmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:UsersAll UsersSpybot - Search & DestroyRecoverySmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:UsersDavidDownloadsFlashPlayer.exe Win32/DomaIQ.C application
C:UsersDavidDownloadsiLividSetup (1).exe Win32/Toolbar.SearchSuite application
C:UsersDavidDownloadsiLividSetup.exe Win32/Toolbar.SearchSuite application
C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5Q6G0K26Kindex[1].htm JS/Iframe.CV trojan
C:WindowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5Q6G0K26Kindex[1].htm JS/Iframe.CV trojan

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.12.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: OZZIE [administrator]

5/12/2013 10:44:34 AM
mbam-log-2013-05-12 (10-44-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258870
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

Link to comment
Share on other sites

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

 

:FilesC:UsersDavidDownloadsFlashPlayer.exeC:UsersDavidDownloadsiLividSetup (1).exeC:UsersDavidDownloadsiLividSetup.exe:Commands[EMPTYTEMP][CLEARALLRESTOREPOINTS]
[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, reboot when it is done

[*]Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

Link to comment
Share on other sites

All processes killed
========== FILES ==========
C:UsersDavidDownloadsFlashPlayer.exe moved successfully.
C:UsersDavidDownloadsiLividSetup (1).exe moved successfully.
C:UsersDavidDownloadsiLividSetup.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: David
->Temp folder emptied: 6898336 bytes
->Temporary Internet Files folder emptied: 223537387 bytes
->Java cache emptied: 6764139 bytes
->Google Chrome cache emptied: 77300729 bytes
->Flash cache emptied: 6274 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715071 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32 (64bit) .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 181240 bytes
%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 663263 bytes
RecycleBin emptied: 4096187 bytes
Total Files Cleaned = 306.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 05122013_131700
FilesFolders moved on Reboot...
C:UsersDavidAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL logfile created on: 5/12/2013 1:24:40 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersDavidDownloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.80 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 49.29% Memory free
7.60 Gb Paging File | 5.42 Gb Available in Paging File | 71.22% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 450.90 Gb Total Space | 371.79 Gb Free Space | 82.45% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.82 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 84.62 Mb Free Space | 85.45% Space Free | Partition Type: FAT32
Computer Name: OZZIE | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:UsersDavidDownloadsOTL.exe (OldTimer Tools)
PRC - C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google Inc.)
PRC - C:Program Files (x86)Common FilesComodolauncher_service.exe (Comodo Security Solutions Inc.)
PRC - C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company)
PRC - C:Program Files (x86)KodakAiOStatusMonitorEKStatusMonitor.exe (Eastman Kodak Company)
PRC - C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.EXE (Microsoft Corporation.)
PRC - C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)
PRC - C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (Microsoft Corporation)
PRC - C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (Microsoft Corporation)
PRC - C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe (Intel Corporation)
PRC - C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (CyberLink)
PRC - C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe (Roxio)
PRC - C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe (Intel Corporation)
PRC - C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Intel Corporation)
PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.)
PRC - C:Program Files (x86)HallmarkHallmark Card Studio 2007 DeluxePlannerPLNRnote.exe (TODO: <Company name>)
PRC - C:Program Files (x86)CanonCALCALMAIN.exe (Canon Inc.)
========== Modules (No Company Name) ==========
MOD - C:Program Files (x86)GoogleChromeApplication26.0.1410.64ppgooglenaclpluginchrome.dll ()
MOD - C:Program Files (x86)GoogleChromeApplication26.0.1410.64pdf.dll ()
MOD - C:Program Files (x86)GoogleChromeApplication26.0.1410.64libglesv2.dll ()
MOD - C:Program Files (x86)GoogleChromeApplication26.0.1410.64libegl.dll ()
MOD - C:Program Files (x86)GoogleChromeApplication26.0.1410.64ffmpegsumo.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Formscb562e2e4f74ae607f1186f6ec50cec7System.Windows.Forms.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32IAStorUtil27649bdc3da750e2e072dedbff56cc0bIAStorUtil.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32IAStorCommon09a468fb987e5a5f345346b0910c89caIAStorCommon.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Runtime.Remo#90b89f6e8032310e9ac72a309fd49e83System.Runtime.Remoting.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawingeead6629e384a5b69f9ae35284b7eeedSystem.Drawing.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32WindowsBasecf827fe7bc99d9bcf0ba3621054ef527WindowsBase.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlf687c43e9fdec031988b33ae722c4613System.Xml.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Configuration195a77fcc6206f8bb35d419ff2cf0d72System.Configuration.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System369f8bdca364e2b4936d18dea582912cSystem.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32mscorlib7150b9136fad5b79e88f6c7f9d3d2c39mscorlib.ni.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.dll ()
MOD - C:WindowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll ()
MOD - C:Program Files (x86)Common FilesLightScribeQtGui4.dll ()
MOD - C:Program Files (x86)Common FilesLightScribeQtCore4.dll ()
MOD - C:Program Files (x86)Common FilesLightScribepluginsimageformatsqjpeg4.dll ()
MOD - C:WindowsassemblyGAC_MSILAccessibility2.0.0.0__b03f5f7f11d50a3aAccessibility.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (NisSrv) -- c:Program FilesMicrosoft Security ClientNisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:Program FilesMicrosoft Security ClientMsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (cmdAgent) -- C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe (COMODO)
SRV:64bit: - (STacSV) -- C:Program FilesIDTWDMstacsv64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CLPSLauncher) -- C:Program Files (x86)Common FilesComodolauncher_service.exe (Comodo Security Solutions Inc.)
SRV - (GeekBuddyRSP) -- C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (Kodak AiO Network Discovery Service) -- C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company)
SRV - (Kodak AiO Status Monitor Service) -- C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company)
SRV - (HP Support Assistant Service) -- C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (BBUpdate) -- C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.EXE (Microsoft Corporation.)
SRV - (sftvsa) -- C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe (Intel Corporation)
SRV - (RoxioNow Service) -- C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe (Roxio)
SRV - (UNS) -- C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe (Intel Corporation)
SRV - (LMS) -- C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:Program Files (x86)CanonCALCALMAIN.exe (Canon Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys File not found
DRV:64bit: - (NisDrv) -- C:WindowsSysNativedriversNisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (EsgScanner) -- C:WindowsSysNativedriversEsgScanner.sys ()
DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:WindowsSysNativedriversstwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )
DRV:64bit: - (Sftvol) -- C:WindowsSysNativedriversSftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:WindowsSysNativedriversSftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:WindowsSysNativedriversSftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:WindowsSysNativedriversSftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:WindowsSysNativedriversSynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:WindowsSysNativedriversigdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:WindowsSysNativedriversBCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:WindowsSysNativedriversiaStor.sys (Intel Corporation)
DRV:64bit: - (clwvd) -- C:WindowsSysNativedriversclwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:WindowsSysNativedriversRtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcDAud) -- C:WindowsSysNativedriversIntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Impcd) -- C:WindowsSysNativedriversImpcd.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:WindowsSysNativedriverssdbus.sys (Microsoft Corporation)
DRV:64bit: - (btwaudio) -- C:WindowsSysNativedriversbtwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:WindowsSysNativedriversbtwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:WindowsSysNativedriversbtwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:WindowsSysNativedriversbtwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:WindowsSysNativedriversbtwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) -- C:WindowsSysNativedriversHECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:WindowsSysNativedriversVSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:WindowsSysNativedriversVSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:WindowsSysNativedriversVSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:WindowsSysNativedriversyk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:WindowsSysNativedriversnetw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (CFRMD) -- C:WindowsSysWOW64driversCFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,Search Bar = http://search.msn.com/spbasic.htm
IE:64bit: - HKLM..SearchScopes,DefaultScope =
IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM..SearchScopes,DefaultScope =
IE - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchMigratedDefaultName = Google
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com
IE - HKCU..URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU..SearchScopes{3E7A29A4-A788-4273-B672-FE68CDBF3926}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = 127.0.0.1;<local>
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyServer" = http=<local>
========== FireFox ==========
FF:64bit: - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.20125.0npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WindowsSysWOW64AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)
FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google)
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.20125.0npctrl.dll ( Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.145npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.145npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication26.0.1410.64PepperFlashpepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:Program Files (x86)GoogleChromeApplication26.0.1410.64ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication26.0.1410.64pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 9.0ReaderBrowsernppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.145npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:Program Files (x86)Javajre6binplugin2npjp2.dll
CHR - plugin: Windows Liveu0099 Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:WindowsSysWOW64AdobeDirectornp32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight5.1.20125.0npctrl.dll
CHR - Extension: Google Docs = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake0.5_0
CHR - Extension: Google Drive = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0
CHR - Extension: YouTube = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0
CHR - Extension: Google Search = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.20_0
CHR - Extension: Gmail = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0
O1 HOSTS File: ([2012/02/11 11:44:38 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:Program FilesWOTWOT.dll ()
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:Program Files (x86)WOTWOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM..Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:Program FilesWOTWOT.dll ()
O3 - HKLM..Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:Program Files (x86)WOTWOT.dll ()
O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU..ToolbarWebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:Program FilesWOTWOT.dll ()
O3 - HKCU..ToolbarWebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:Program Files (x86)WOTWOT.dll ()
O4:64bit: - HKLM..Run: [COMODO Internet Security] C:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)
O4:64bit: - HKLM..Run: [HotKeysCmds] C:WindowsSysNativehkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe ()
O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..Run: [Persistence] C:WindowsSysNativeigfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exe (IDT, Inc.)
O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)
O4 - HKLM..Run: [Conime] %windir%system32conime.exe File not found
O4 - HKLM..Run: [EKStatusMonitor] C:Program Files (x86)KodakAiOStatusMonitorEKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..Run: [gbrspcontrol] C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..Run: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..Run: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..Run: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe (Intel Corporation)
O4 - HKLM..Run: [iMSS] C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe ()
O4 - HKLM..Run: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)
O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9:64bit: - Extra Button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9 - Extra Button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O15 - HKCU..Trusted Domains: ([]msn in Computer)
O15 - HKCU..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU..Trusted Domains: //@signup.mar@ ([]msn in Computer)
O15 - HKCU..Trusted Domains: myfairpoint.net ([]http in Trusted sites)
O15 - HKCU..Trusted Domains: myfairpoint.net ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab (SlingHealth Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 64.222.165.243 64.222.84.243
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{2D38F8DA-1844-454B-9458-4B12725B2A08}: DhcpNameServer = 64.222.165.243 64.222.84.243
O18:64bit: - ProtocolHandlerlivecall - No CLSID value found
O18:64bit: - ProtocolHandlerms-help - No CLSID value found
O18:64bit: - ProtocolHandlermsnim - No CLSID value found
O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found
O18:64bit: - ProtocolHandlerwlpg - No CLSID value found
O18:64bit: - ProtocolHandlerwot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:Program FilesWOTWOT.dll ()
O18 - ProtocolHandlerwot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:Program Files (x86)WOTWOT.dll ()
O20:64bit: - AppInit_DLLs: (C:WindowsSystem32guard64.dll) - C:WindowsSysNativeguard64.dll (COMODO)
O20 - AppInit_DLLs: (C:WindowsSysWOW64guard32.dll) - C:WindowsSysWOW64guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)
O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/27 17:37:22 | 000,000,000 | ---- | M] () - C:autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/03/15 10:52:56 | 000,000,398 | ---- | M] () - C:AUTOEXEC.UP -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM..comfile [open] -- "%1" %*
O35:64bit: - HKLM..exefile [open] -- "%1" %*
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKCU...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystemsWindows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/12 13:17:00 | 000,000,000 | ---D | C] -- C:_OTL
[2013/05/12 11:09:32 | 000,000,000 | ---D | C] -- C:ProgramDataLicenses
[2013/05/12 07:28:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET
[2013/05/11 16:00:00 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome
[2013/05/05 14:04:17 | 000,000,000 | ---D | C] -- C:WindowsERUNT
[2013/05/05 14:03:42 | 000,000,000 | ---D | C] -- C:JRT
[2013/05/05 12:29:47 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN
[2013/05/04 18:24:48 | 000,000,000 | ---D | C] -- C:Windowstemp
[2013/05/04 17:49:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe
[2013/05/04 17:49:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe
[2013/05/04 17:49:43 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe
[2013/05/04 17:47:40 | 000,000,000 | ---D | C] -- C:Qoobox
[2013/04/27 17:35:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesWise Installation Wizard
========== Files - Modified Within 30 Days ==========
[2013/05/12 13:29:00 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 13:29:00 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 13:27:00 | 000,000,896 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job
[2013/05/12 13:21:46 | 000,000,892 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job
[2013/05/12 13:20:30 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat
[2013/05/12 13:20:26 | 3062,255,616 | -HS- | M] () -- C:hiberfil.sys
[2013/05/12 13:14:40 | 000,001,370 | ---- | M] () -- C:UsersDavidDesktopOTL - Shortcut.lnk
[2013/05/12 13:10:53 | 000,737,616 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI
[2013/05/12 13:10:53 | 000,631,948 | ---- | M] () -- C:WindowsSysNativeperfh009.dat
[2013/05/12 13:10:53 | 000,109,776 | ---- | M] () -- C:WindowsSysNativeperfc009.dat
[2013/05/12 13:08:53 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job
[2013/05/12 11:09:30 | 000,001,079 | ---- | M] () -- C:UsersPublicDesktopSpywareBlaster.lnk
[2013/05/12 07:02:56 | 000,002,279 | ---- | M] () -- C:UsersDavidApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk
[2013/05/11 16:00:00 | 000,002,255 | ---- | M] () -- C:UsersPublicDesktopGoogle Chrome.lnk
[2013/05/09 07:37:57 | 000,000,139 | ---- | M] () -- C:UsersDavidDesktopflush.bat
[2013/05/09 06:40:52 | 000,000,332 | ---- | M] () -- C:WindowstasksHPCeeScheduleForDavid.job
[2013/05/05 15:22:13 | 000,751,114 | ---- | M] () -- C:WindowsSysWow64PerfStringBackup.INI
[2013/04/30 17:49:07 | 000,000,336 | ---- | M] () -- C:WindowstasksHPCeeScheduleForOZZIE$.job
[2013/04/27 17:37:22 | 000,000,000 | ---- | M] () -- C:autoexec.bat
[2013/04/27 07:13:39 | 000,000,822 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk
[2013/04/23 20:25:35 | 000,001,109 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
========== Files Created - No Company Name ==========
[2013/05/12 13:14:40 | 000,001,370 | ---- | C] () -- C:UsersDavidDesktopOTL - Shortcut.lnk
[2013/05/12 11:09:30 | 000,001,079 | ---- | C] () -- C:UsersPublicDesktopSpywareBlaster.lnk
[2013/05/11 16:00:00 | 000,002,279 | ---- | C] () -- C:UsersDavidApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk
[2013/05/11 16:00:00 | 000,002,255 | ---- | C] () -- C:UsersPublicDesktopGoogle Chrome.lnk
[2013/05/09 07:37:57 | 000,000,139 | ---- | C] () -- C:UsersDavidDesktopflush.bat
[2013/05/04 17:49:43 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe
[2013/05/04 17:49:43 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe
[2013/05/04 17:49:43 | 000,098,816 | ---- | C] () -- C:Windowssed.exe
[2013/05/04 17:49:43 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe
[2013/05/04 17:49:43 | 000,068,096 | ---- | C] () -- C:Windowszip.exe
[2013/04/27 17:37:22 | 000,000,000 | ---- | C] () -- C:autoexec.bat
[2013/04/27 17:37:02 | 000,022,704 | ---- | C] () -- C:WindowsSysNativedriversEsgScanner.sys
[2011/11/24 09:55:42 | 000,867,020 | ---- | C] () -- C:WindowsSysWow64igkrng575.bin
[2011/11/24 09:55:42 | 000,105,608 | ---- | C] () -- C:WindowsSysWow64igfcg575m.bin
[2011/09/07 18:42:00 | 000,066,856 | ---- | C] () -- C:WindowsSysWow64SynTPEnhPS.dll
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:WindowsSysWow64ig4icd32.dll
[2011/08/28 18:11:24 | 000,073,220 | ---- | C] () -- C:WindowsSysWow64EPPICPrinterDB.dat
[2011/08/28 18:11:24 | 000,031,053 | ---- | C] () -- C:WindowsSysWow64EPPICPattern131.dat
[2011/08/28 18:11:24 | 000,029,114 | ---- | C] () -- C:WindowsSysWow64EPPICPattern1.dat
[2011/08/28 18:11:24 | 000,027,417 | ---- | C] () -- C:WindowsSysWow64EPPICPattern121.dat
[2011/08/28 18:11:24 | 000,021,021 | ---- | C] () -- C:WindowsSysWow64EPPICPattern3.dat
[2011/08/28 18:11:24 | 000,015,670 | ---- | C] () -- C:WindowsSysWow64EPPICPattern5.dat
[2011/08/28 18:11:24 | 000,013,280 | ---- | C] () -- C:WindowsSysWow64EPPICPattern2.dat
[2011/08/28 18:11:24 | 000,010,673 | ---- | C] () -- C:WindowsSysWow64EPPICPattern4.dat
[2011/08/28 18:11:24 | 000,004,943 | ---- | C] () -- C:WindowsSysWow64EPPICPattern6.dat
[2011/08/28 18:11:24 | 000,001,140 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_PT.dat
[2011/08/28 18:11:24 | 000,001,140 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_BP.dat
[2011/08/28 18:11:24 | 000,001,137 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_ES.dat
[2011/08/28 18:11:24 | 000,001,130 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_FR.dat
[2011/08/28 18:11:24 | 000,001,130 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_CF.dat
[2011/08/28 18:11:24 | 000,001,104 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_EN.dat
[2011/08/28 18:11:24 | 000,000,097 | ---- | C] () -- C:WindowsSysWow64PICSDK.ini
[2011/08/28 18:09:27 | 000,000,044 | ---- | C] () -- C:WindowsEPCX8400.ini
[2011/06/09 10:28:30 | 000,751,114 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI
[2006/12/23 17:01:28 | 000,000,134 | R--- | C] () -- C:UsersDavidValid.Ext
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini
[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64
[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64
[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]
[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64
"" = C:WindowsSysNativeshell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
"" = %SystemRoot%system32shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64
"" = C:WindowsSysNativewbemfastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
"" = %systemroot%system32wbemfastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64
"" = C:WindowsSysNativewbemwbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:ProgramDataTemp:5C321E34
@Alternate Data Stream - 109 bytes -> C:ProgramDataTemp:DFC5A2B2
< End of report >

 

Link to comment
Share on other sites

Log looks good. If you have no more issues, we will do some housekeeping.

 

Follow these steps to uninstall Combofix

[*]Click START then RUN

[*]Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix /Uninstall
Posted Image

 

===================================================

 

Clean up with OTL:

[*]Double-click OTL.exe to start the program.

[*]Close all other programs apart from OTL as this step will require a reboot

[*]On the OTL main screen, press the CLEANUP button

[*]Say Yes to the prompt and then allow the program to reboot your computer.

===================================================

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

[*]

[*]How Did I Get Infected In The First Place? by TonyKlein

[*]How to Prevent Malware by miekiemoes

[*]PC Safety and Security--What Do I Need?

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

[*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

[*]Green to go

[*]Yellow for caution

[*]Red to stop

WOT has an add-on available for both Firefox and IE.

[*]SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here

[*]MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

[*]Download Host.zip and Save it to your Desktop.

[*]Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.

[*]Follow the prompts and click 'Finish'.

[*]This will open the newly created hosts folder on your Desktop.

[*]Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.

[*]Once updated you should see another prompt that the task was completed.

Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Link to comment
Share on other sites

When attempting to uninstall ComboFix popup message said that "Windows could not find ComboFix" and thats probably because I had put in my Recycle Bin and then deleted everything in later.

 

You have been a big help! No apologies needed from your end!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...