Solved Browser redirecting malware. Thank you!

[alexp410]

Hello all. My laptop has been hijacked by some browser url-redirecting malware. I've performed the following, according to the procedures outlined in the sticky. I thank you in advance for your help!

-Alex

Step 1: Antivirus

I am running Avast 4.8 Home. It seems to be running ok, updating ok. I have not done a complete scan.

Step 2: MBAM

I have run this twice consecutively. The second scan reports no infection. This is the log from the first scan, which may be more of help:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8178

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

11/16/2011 12:12:03 PM
mbam-log-2011-11-16 (12-12-03).txt

Scan type: Quick scan
Objects scanned: 171568
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 39
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 17

Memory Processes Infected:
c:\Users\Ediza\AppData\Roaming\microsoft\68EA\65E.exe (Malware.Packer) -> 3628 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65E.exe (Malware.Packer) -> Value: 65E.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65E.exe (Malware.Packer) -> Value: 65E.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\564.exe (Malware.Packer) -> Value: 564.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Hotbar@Hotbar.com (Adware.Hotbar) -> Value: Hotbar@Hotbar.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Ediza\AppData\Roaming\microsoft\68EA\65E.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files\LP\68EA\65E.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\microsoft\7FEA\564.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\chrome.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\java.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\Desktop\0.7436024614182845.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsa_kyf_update.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\reset cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.



Step 3: GMER

Gmer did not run the first 2 times launched on normal mode. In safe mode, GMER did run, and gave me the following report:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-16 13:25:34
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: u7m507fq.exe; Driver: C:\Users\Ediza\AppData\Local\Temp\ugdyapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 8F934A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265edfd68e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00265edfd68e (not active ControlSet)

---- EOF - GMER 1.0.15 ----



Step 4: DDS

While still in Safe Mode, I ran the DDS script, and the following logs were generated:

dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.19088
Run by Ediza at 13:28:28 on 2011-11-16
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3543.2959 [GMT -8:00]
.
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:63232
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\users\ediza\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [<NO NAME>]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://2007webmail.chw.edu/owa/MWScripts/AttachView/1.9/DAX.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0AC81F4A-3290-4CE1-8B90-56EB44FA0C01} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{177BD6FB-8E03-4037-AF49-CC156936F024} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4AAE2128-09F7-4180-A7E1-80FE15131718} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ediza\appdata\roaming\mozilla\firefox\profiles\07m5styk.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63232
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ediza\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\ediza\appdata\roaming\mozilla\plugins\npPxPlay.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: XULRunner: {38CAE956-DA5C-43FF-A972-FD338B0DDE2C} - c:\users\ediza\appdata\local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}
.
============= SERVICES / DRIVERS ===============
.
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-9 114768]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-9-7 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-9 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-9 53328]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-9 138680]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-16 366152]
S2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-4-29 5120]
S2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-20 21504]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-9 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-9 352920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-7 29736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-7 144128]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-16 22216]
S3 NETwNv32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwNv32.sys [2011-1-27 6923264]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-11-18 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-11-18 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-11-18 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-11-18 59904]
.
=============== Created Last 30 ================
.
2011-11-16 20:02:15 -------- d-----w- c:\users\ediza\appdata\roaming\Malwarebytes
2011-11-16 20:02:09 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 20:02:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 20:02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 19:01:59 -------- d-----w- c:\program files\LP
2011-11-16 08:35:20 102400 ----a-w- c:\users\ediza\appdata\roaming\microsoft\68ea\EEC6.tmp
2011-11-16 08:35:18 -------- d-----w- c:\users\ediza\appdata\roaming\474DF
2011-11-16 08:35:08 -------- d-----w- c:\users\ediza\appdata\roaming\AE847
2011-11-15 07:08:01 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c813071-b03a-498a-89c4-15b622fa462a}\mpengine.dll
2011-11-15 05:08:28 -------- d-----w- c:\program files\common files\DivX Shared
2011-10-23 17:31:48 -------- d-----w- c:\users\ediza\appdata\local\{6D88603F-9C64-4C98-A7E1-581A1D75EF6E}
.
==================== Find3M ====================
.
2011-09-21 03:37:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:28:47.65 ===============



and attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 9/7/2009 1:56:59 PM
System Uptime: 11/16/2011 12:34:08 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0F642T
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 60.462 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 9.074 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP615: 11/5/2011 10:45:10 PM - Scheduled Checkpoint
RP616: 11/6/2011 2:28:38 PM - Scheduled Checkpoint
RP617: 11/7/2011 9:30:40 AM - Scheduled Checkpoint
RP618: 11/8/2011 - Scheduled Checkpoint
RP619: 11/8/2011 8:06:48 AM - Windows Update
RP620: 11/9/2011 12:00:01 AM - Scheduled Checkpoint
RP621: 11/10/2011 12:00:01 AM - Scheduled Checkpoint
RP622: 11/10/2011 3:00:09 AM - Windows Update
RP623: 11/10/2011 4:49:09 PM - Scheduled Checkpoint
RP624: 11/11/2011 2:28:51 PM - Windows Update
RP625: 11/13/2011 12:00:04 AM - Scheduled Checkpoint
RP626: 11/14/2011 12:00:05 AM - Scheduled Checkpoint
RP627: 11/14/2011 11:07:34 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Ask Toolbar
avast! Antivirus
BUFFALO NAS Navigator2
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
DivX Web Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P1000 series
HPCarePackCore
HPCarePackProducts
hppMSRedist
hppusgP1000
HPSSupply
inSSIDer 2.0
Intel® Matrix Storage Manager
Java(TM) 6 Update 13
Junk Mail filter update
K-Lite Codec Pack 6.0.4 (Basic)
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Messageware AttachView Add-in for Saving Files x86
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.18)
MrvlUsgTracking
MSVCRT
PANTECH UM175 Driver
Photodex Presenter
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Samsung ML-1710 Series
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 5.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VZAccess Manager
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
11/16/2011 12:36:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:35:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/16/2011 12:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/16/2011 12:35:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/16/2011 12:35:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/16/2011 12:35:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/16/2011 12:35:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/16/2011 12:34:53 PM, Error: EventLog [6008] - The previous system shutdown at 12:33:07 PM on 11/16/2011 was unexpected.
11/10/2011 10:02:21 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================================

I need DDS logs from normal mode.

 

[alexp410]

DDS.txt from Normal Mode

Hi Broni. Thank you for your help. This is the log from dds.txt run in Normal Mode:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Ediza at 19:53:40 on 2011-11-16
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3543.2116 [GMT -8:00]
.
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Ediza\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Users\Ediza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ediza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ediza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ediza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ediza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Ediza\AppData\Local\Google\Chrome\Application\chrome.exe
\\ALEXPC\pushspace\Wintin95\wintin95.exe
C:\Windows\System32\notepad.exe
C:\Users\Ediza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ediza\AppData\Local\Google\Chrome\Application\chrome.exe
\\ALEXPC\pushspace\Wintin95\wintin95.exe
C:\Users\Ediza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:63232
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\users\ediza\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [<NO NAME>]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://2007webmail.chw.edu/owa/MWScripts/AttachView/1.9/DAX.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0AC81F4A-3290-4CE1-8B90-56EB44FA0C01} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{177BD6FB-8E03-4037-AF49-CC156936F024} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4AAE2128-09F7-4180-A7E1-80FE15131718} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ediza\appdata\roaming\mozilla\firefox\profiles\07m5styk.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63232
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ediza\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\ediza\appdata\roaming\mozilla\plugins\npPxPlay.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: XULRunner: {38CAE956-DA5C-43FF-A972-FD338B0DDE2C} - c:\users\ediza\appdata\local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-9 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-9-7 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-9 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-9 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-9 138680]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-16 366152]
R2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-4-29 5120]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-20 21504]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-9 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-9 352920]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-7 29736]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-7 144128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-16 22216]
R3 NETwNv32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwNv32.sys [2011-1-27 6923264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-11-18 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-11-18 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-11-18 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-11-18 59904]
.
=============== Created Last 30 ================
.
2011-11-16 20:02:15 -------- d-----w- c:\users\ediza\appdata\roaming\Malwarebytes
2011-11-16 20:02:09 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 20:02:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 20:02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 19:01:59 -------- d-----w- c:\program files\LP
2011-11-16 08:35:20 102400 ----a-w- c:\users\ediza\appdata\roaming\microsoft\68ea\EEC6.tmp
2011-11-16 08:35:18 -------- d-----w- c:\users\ediza\appdata\roaming\474DF
2011-11-16 08:35:08 -------- d-----w- c:\users\ediza\appdata\roaming\AE847
2011-11-15 07:08:01 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c813071-b03a-498a-89c4-15b622fa462a}\mpengine.dll
2011-11-15 05:08:28 -------- d-----w- c:\program files\common files\DivX Shared
2011-10-23 17:31:48 -------- d-----w- c:\users\ediza\appdata\local\{6D88603F-9C64-4C98-A7E1-581A1D75EF6E}
.
==================== Find3M ====================
.
2011-09-21 03:37:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 19:54:39.62 ===============

 

[alexp410]

attach.txt run on Normal Mode

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 9/7/2009 1:56:59 PM
System Uptime: 11/16/2011 5:29:55 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0F642T
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 60.827 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 9.074 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Ask Toolbar
avast! Antivirus
BUFFALO NAS Navigator2
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
DivX Web Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P1000 series
HPCarePackCore
HPCarePackProducts
hppMSRedist
hppusgP1000
HPSSupply
inSSIDer 2.0
Intel® Matrix Storage Manager
Java(TM) 6 Update 13
Junk Mail filter update
K-Lite Codec Pack 6.0.4 (Basic)
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Messageware AttachView Add-in for Saving Files x86
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.18)
MrvlUsgTracking
MSVCRT
PANTECH UM175 Driver
Photodex Presenter
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Samsung ML-1710 Series
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 5.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VZAccess Manager
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
11/16/2011 12:36:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:35:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/16/2011 12:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/16/2011 12:35:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/16/2011 12:35:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/16/2011 12:35:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/16/2011 12:35:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/16/2011 12:34:53 PM, Error: EventLog [6008] - The previous system shutdown at 12:33:07 PM on 11/16/2011 was unexpected.
11/10/2011 10:02:21 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
.
==== End Of File ===========================

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[alexp410]

aswMBR log

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-16 20:10:09
-----------------------------
20:10:09.513 OS Version: Windows 6.0.6001 Service Pack 1
20:10:09.513 Number of processors: 2 586 0x170A
20:10:09.513 ComputerName: EDIZA-17 UserName: Ediza
20:10:10.653 Initialize success
20:10:46.061 AVAST engine defs: 11111601
20:11:11.317 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:11:11.327 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
20:11:11.337 Disk 0 MBR read successfully
20:11:11.337 Disk 0 MBR scan
20:11:11.347 Disk 0 Windows VISTA default MBR code
20:11:11.347 Disk 0 scanning sectors +312579760
20:11:11.437 Disk 0 scanning C:\Windows\system32\drivers
20:11:20.180 Service scanning
20:11:21.358 Modules scanning
20:11:25.699 Disk 0 trace - called modules:
20:11:25.744 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:11:25.748 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cfb968]
20:11:25.751 3 CLASSPNP.SYS[8b1a9745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x852dc028]
20:11:28.655 AVAST engine scan C:\Windows
20:11:31.424 AVAST engine scan C:\Windows\system32
20:13:13.796 AVAST engine scan C:\Windows\system32\drivers
20:13:24.085 AVAST engine scan C:\Users\Ediza
20:19:27.040 File: C:\Users\Ediza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1a82f05-68ff1136 **INFECTED** Win32:Unruy [Trj]
20:30:08.681 AVAST engine scan C:\ProgramData
20:31:45.278 Scan finished successfully
20:33:33.981 Disk 0 MBR has been saved successfully to "C:\Users\Ediza\Desktop\scan logs 2011.11.16\MBR.dat"
20:33:33.981 The log file has been saved successfully to "C:\Users\Ediza\Desktop\scan logs 2011.11.16\aswMBR.txt"

 

[alexp410]

Combofix.txt log

Continuing on, I ran Combofix in Safe Mode, and the following log was generated.

ComboFix 11-11-16.02 - Ediza 11/16/2011 20:43:57.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3543.3117 [GMT -8:00]
Running from: c:\users\Ediza\Desktop\ComboFix.exe
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\users\Ediza\AppData\Local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}
c:\users\Ediza\AppData\Local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}\chrome.manifest
c:\users\Ediza\AppData\Local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}\chrome\content\_cfg.js
c:\users\Ediza\AppData\Local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}\chrome\content\overlay.xul
c:\users\Ediza\AppData\Local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 04:48 . 2011-11-17 04:49 -------- d-----w- c:\users\Ediza\AppData\Local\temp
2011-11-17 04:48 . 2011-11-17 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 04:48 . 2011-11-17 04:48 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-11-16 20:02 . 2011-11-16 20:02 -------- d-----w- c:\users\Ediza\AppData\Roaming\Malwarebytes
2011-11-16 20:02 . 2011-11-16 20:02 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 20:02 . 2011-11-16 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 20:02 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 08:35 . 2011-11-16 08:35 102400 ----a-w- c:\users\Ediza\AppData\Roaming\Microsoft\68EA\EEC6.tmp
2011-11-16 08:35 . 2011-11-16 08:35 -------- d-----w- c:\users\Ediza\AppData\Roaming\474DF
2011-11-16 08:35 . 2011-11-16 08:35 -------- d-----w- c:\users\Ediza\AppData\Roaming\AE847
2011-11-15 07:08 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C813071-B03A-498A-89C4-15B622FA462A}\mpengine.dll
2011-11-15 05:08 . 2011-11-15 05:08 -------- d-----w- c:\program files\Common Files\DivX Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 03:37 . 2011-09-21 03:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 01:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-25 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-08 1516840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-05-11 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-10 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 780840]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-08 02:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKLM\~\startupfolder\C:^Users^Ediza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO NAS Navigator2.lnk]
path=c:\users\Ediza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
backup=c:\windows\pss\BUFFALO NAS Navigator2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ediza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NAS Scheduler.lnk]
path=c:\users\Ediza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
backup=c:\windows\pss\NAS Scheduler.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
2007-04-25 22:28 954368 ----a-w- c:\program files\HP\Dfawep\bin\hpbdfawep.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 21:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-02-25 17:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3754509515-2277620609-3965779844-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 aswSP;avast! Self Protection; [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-05-11 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe [2010-08-11 251256]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-12-23 29736]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
R3 NETwNv32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [2011-01-19 6923264]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-08-11 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-08-11 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-08-11 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-08-11 59904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
yksvcs REG_MULTI_SZ yksvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 17:29]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 17:29]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754509515-2277620609-3965779844-1000Core.job
- c:\users\Ediza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 19:37]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754509515-2277620609-3965779844-1000UA.job
- c:\users\Ediza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 19:37]
.
2011-11-16 c:\windows\Tasks\SyncBack Ediza Laptop Backup.job
- c:\program files\SyncBack\SyncBack.exe [2010-11-08 03:13]
.
2011-11-16 c:\windows\Tasks\User_Feed_Synchronization-{26919939-CA75-4451-9292-6AB78851576F}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:63232
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://2007webmail.chw.edu/owa/MWScripts/AttachView/1.9/DAX.cab
FF - ProfilePath - c:\users\Ediza\AppData\Roaming\Mozilla\Firefox\Profiles\07m5styk.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63232
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Chacuvurovilox - c:\users\Ediza\AppData\Local\chinoxy.dll
MSConfigStartUp-Wsomawogepukogib - c:\users\Ediza\AppData\Local\amitejefifinohaz.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 20:49
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-16 20:50:35
ComboFix-quarantined-files.txt 2011-11-17 04:50
.
Pre-Run: 65,735,327,744 bytes free
Post-Run: 66,173,423,616 bytes free
.
- - End Of File - - E3AE63B2941C710CC79AACFADDCCA6E0

 

[Broni]

How is redirection?

Uninstall Ask Toolbar, typical foistware.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Users\Ediza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1a82f05-68ff1136
c:\users\Ediza\AppData\Roaming\Microsoft\68EA\EEC6.tmp


Folder::
c:\users\Ediza\AppData\Roaming\474DF
c:\users\Ediza\AppData\Roaming\AE847


DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:63232

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[alexp410]

Combofix log

Hi Broni. Thank you for your excellent help so far!
Script was run as requested, on Safe Mode. Latest Combofix log reads:


ComboFix 11-11-16.02 - Ediza 11/17/2011 20:47:22.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3543.3139 [GMT -8:00]
Running from: c:\users\Ediza\Desktop\ComboFix.exe
Command switches used :: c:\users\Ediza\Desktop\CFScript.txt
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Ediza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1a82f05-68ff1136"
"c:\users\Ediza\AppData\Roaming\Microsoft\68EA\EEC6.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ediza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1a82f05-68ff1136
c:\users\Ediza\AppData\Roaming\474DF
c:\users\Ediza\AppData\Roaming\AE847
c:\users\Ediza\AppData\Roaming\AE847\74DF.E84
c:\users\Ediza\AppData\Roaming\Microsoft\68EA\EEC6.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 04:52 . 2011-11-18 04:53 -------- d-----w- c:\users\Ediza\AppData\Local\temp
2011-11-18 04:52 . 2011-11-18 04:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 04:52 . 2011-11-18 04:52 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-11-16 20:02 . 2011-11-16 20:02 -------- d-----w- c:\users\Ediza\AppData\Roaming\Malwarebytes
2011-11-16 20:02 . 2011-11-16 20:02 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 20:02 . 2011-11-16 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 20:02 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 07:08 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C813071-B03A-498A-89C4-15B622FA462A}\mpengine.dll
2011-11-15 05:08 . 2011-11-15 05:08 -------- d-----w- c:\program files\Common Files\DivX Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 03:37 . 2011-09-21 03:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 01:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-25 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-08 1516840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-05-11 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-10 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 780840]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-08 02:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKLM\~\startupfolder\C:^Users^Ediza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO NAS Navigator2.lnk]
path=c:\users\Ediza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
backup=c:\windows\pss\BUFFALO NAS Navigator2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ediza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NAS Scheduler.lnk]
path=c:\users\Ediza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
backup=c:\windows\pss\NAS Scheduler.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
2007-04-25 22:28 954368 ----a-w- c:\program files\HP\Dfawep\bin\hpbdfawep.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 21:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-02-25 17:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3754509515-2277620609-3965779844-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 aswSP;avast! Self Protection; [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-05-11 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe [2010-08-11 251256]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-12-23 29736]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
R3 NETwNv32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [2011-01-19 6923264]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-08-11 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-08-11 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-08-11 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-08-11 59904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
yksvcs REG_MULTI_SZ yksvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 17:29]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 17:29]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754509515-2277620609-3965779844-1000Core.job
- c:\users\Ediza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 19:37]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754509515-2277620609-3965779844-1000UA.job
- c:\users\Ediza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 19:37]
.
2011-11-17 c:\windows\Tasks\SyncBack Ediza Laptop Backup.job
- c:\program files\SyncBack\SyncBack.exe [2010-11-08 03:13]
.
2011-11-17 c:\windows\Tasks\User_Feed_Synchronization-{26919939-CA75-4451-9292-6AB78851576F}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://2007webmail.chw.edu/owa/MWScripts/AttachView/1.9/DAX.cab
FF - ProfilePath - c:\users\Ediza\AppData\Roaming\Mozilla\Firefox\Profiles\07m5styk.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63232
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 20:53
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1516)
c:\windows\system32\NetworkExplorer.dll
.
Completion time: 2011-11-17 20:54:13
ComboFix-quarantined-files.txt 2011-11-18 04:54
ComboFix2.txt 2011-11-17 04:50
.
Pre-Run: 65,750,962,176 bytes free
Post-Run: 65,635,278,848 bytes free
.
- - End Of File - - 6859BAA522AD3A6B6BCEE7D25322180B

 

[alexp410]

Ask Toolbar

Since running the scan, I've also uninstalled the Ask Toolbar, using Control Panel -> Programs and Features -> uninstall Ask Toolbar.

I apologize for doing the scan first, then the uninstall. Should I re-run ComboFix to generate a new log?

Thank you again.

-Alex

 

[Broni]

That's fine, but:

How is redirection?

 

[alexp410]

Redirection

The redirecting symptoms have ceased. Chrome and IE seem to be behaving as normal now. TY again!

 

[Broni]

Cool

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[alexp410]

otl.txt log

OTL logfile created on: 11/17/2011 10:34:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ediza\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 60.37% Memory free
7.12 Gb Paging File | 5.52 Gb Available in Paging File | 77.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 61.22 Gb Free Space | 45.56% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 9.07 Gb Free Space | 61.95% Space Free | Partition Type: NTFS

Computer Name: EDIZA-17 | User Name: Ediza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/17 22:33:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ediza\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/08/11 01:42:10 | 000,251,256 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/07 07:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/03 11:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/11 11:21:52 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/05/11 11:21:42 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/05/11 11:21:10 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/04/11 11:16:16 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/09 10:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/17 16:09:20 | 002,308,648 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/11/17 16:09:20 | 000,780,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/06/15 03:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 03:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2000/03/06 20:56:54 | 000,573,496 | ---- | M] () -- \\ALEXPC\pushspace\Wintin95\wintin95.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 19:02:56 | 000,420,920 | ---- | M] () -- C:\Users\Ediza\AppData\Local\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll
MOD - [2011/11/07 19:02:55 | 003,702,840 | ---- | M] () -- C:\Users\Ediza\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
MOD - [2011/11/07 19:01:20 | 000,122,952 | ---- | M] () -- C:\Users\Ediza\AppData\Local\Google\Chrome\Application\15.0.874.120\avutil-51.dll
MOD - [2011/11/07 19:01:19 | 000,222,280 | ---- | M] () -- C:\Users\Ediza\AppData\Local\Google\Chrome\Application\15.0.874.120\avformat-53.dll
MOD - [2011/11/07 19:01:17 | 001,746,504 | ---- | M] () -- C:\Users\Ediza\AppData\Local\Google\Chrome\Application\15.0.874.120\avcodec-53.dll
MOD - [2011/11/07 15:44:56 | 008,593,056 | ---- | M] () -- C:\Users\Ediza\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
MOD - [2011/06/16 02:27:15 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll
MOD - [2011/06/16 02:27:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll
MOD - [2011/06/16 02:27:04 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll
MOD - [2011/06/16 02:26:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll
MOD - [2011/06/16 02:26:52 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51bdab63dd9dbcddbfef9c82bffdbd59\System.Web.Services.ni.dll
MOD - [2011/06/16 02:24:31 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
MOD - [2011/06/16 02:24:15 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll
MOD - [2011/06/16 02:24:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll
MOD - [2011/06/16 02:22:59 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2011/06/16 02:22:40 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2009/07/07 07:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/07/07 07:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/07/07 07:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/07/07 07:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/07/07 07:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/07 07:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2008/12/21 10:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2008/11/17 15:58:08 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2000/03/06 20:56:54 | 000,573,496 | ---- | M] () -- \\ALEXPC\pushspace\Wintin95\wintin95.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/11 01:42:10 | 000,251,256 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/07 18:27:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/03 11:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/12 05:20:06 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\ykx32mpcoinst.dll -- (yksvc)
SRV - [2009/05/11 11:21:42 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/05/11 11:21:10 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/06/15 03:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/19 02:20:08 | 006,923,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel(R)
DRV - [2009/11/24 15:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 15:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 15:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 15:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 15:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/05/11 11:21:58 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/02 13:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/03/02 13:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/12/30 18:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/12/21 10:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/08/10 17:00:38 | 000,059,904 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/08/10 17:00:32 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/08/10 17:00:30 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/08/10 17:00:28 | 000,033,024 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/01/20 18:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3754509515-2277620609-3965779844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3754509515-2277620609-3965779844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3754509515-2277620609-3965779844-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {38CAE956-DA5C-43FF-A972-FD338B0DDE2C}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63232
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ediza\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ediza\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/19 18:09:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 21:08:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}: C:\Users\Ediza\AppData\Local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}

[2010/01/15 20:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ediza\AppData\Roaming\Mozilla\Extensions
[2011/09/11 19:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ediza\AppData\Roaming\Mozilla\Firefox\Profiles\07m5styk.default\extensions
[2011/01/13 17:29:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ediza\AppData\Roaming\Mozilla\Firefox\Profiles\07m5styk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/13 17:29:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ediza\AppData\Roaming\Mozilla\Firefox\Profiles\07m5styk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/17 19:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/13 10:49:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\EDIZA\APPDATA\LOCAL\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ediza\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ediza\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ediza\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Users\Ediza\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\Ediza\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: ICE Quick Stream = C:\Users\Ediza\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.0_1\

O1 HOSTS File: ([2011/11/17 20:52:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3754509515-2277620609-3965779844-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3754509515-2277620609-3965779844-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} https://2007webmail.chw.edu/owa/MWScripts/AttachView/1.9/DAX.cab (DAX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC81F4A-3290-4CE1-8B90-56EB44FA0C01}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{177BD6FB-8E03-4037-AF49-CC156936F024}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAE2128-09F7-4180-A7E1-80FE15131718}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Ediza\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ediza\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 22:33:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ediza\Desktop\OTL.exe
[2011/11/17 20:54:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/17 20:54:14 | 000,000,000 | ---D | C] -- C:\Users\Ediza\AppData\Local\temp
[2011/11/17 20:53:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/17 20:45:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/16 20:41:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/16 20:41:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/16 20:41:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/16 20:41:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/16 20:39:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/16 20:09:04 | 004,298,446 | R--- | C] (Swearware) -- C:\Users\Ediza\Desktop\ComboFix.exe
[2011/11/16 20:06:51 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Ediza\Desktop\aswMBR.exe
[2011/11/16 19:53:41 | 000,000,000 | R--D | C] -- C:\Users\Ediza\Videos
[2011/11/16 12:35:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/16 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\Ediza\Desktop\scan logs 2011.11.16
[2011/11/16 12:19:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ediza\Desktop\dds.scr
[2011/11/16 12:02:15 | 000,000,000 | ---D | C] -- C:\Users\Ediza\AppData\Roaming\Malwarebytes
[2011/11/16 12:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/16 12:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/16 12:02:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/16 12:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/14 21:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011/11/14 21:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/10/23 09:31:48 | 000,000,000 | ---D | C] -- C:\Users\Ediza\AppData\Local\{6D88603F-9C64-4C98-A7E1-581A1D75EF6E}
[2009/12/09 19:34:06 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Ediza\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/11/17 22:33:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ediza\Desktop\OTL.exe
[2011/11/17 22:12:48 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3754509515-2277620609-3965779844-1000UA.job
[2011/11/17 21:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 21:01:35 | 000,604,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/17 21:01:35 | 000,105,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/17 20:58:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/17 20:58:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 20:58:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 20:57:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/17 20:52:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/17 20:43:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/17 11:31:06 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26919939-CA75-4451-9292-6AB78851576F}.job
[2011/11/17 09:01:45 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SyncBack Ediza Laptop Backup.job
[2011/11/17 05:12:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3754509515-2277620609-3965779844-1000Core.job
[2011/11/16 20:09:20 | 004,298,446 | R--- | M] (Swearware) -- C:\Users\Ediza\Desktop\ComboFix.exe
[2011/11/16 20:07:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ediza\Desktop\aswMBR.exe
[2011/11/16 13:15:36 | 000,006,756 | ---- | M] () -- C:\Users\Ediza\AppData\Local\d3d9caps.dat
[2011/11/16 12:35:02 | 270,671,245 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/16 12:19:40 | 000,302,592 | ---- | M] () -- C:\Users\Ediza\Desktop\u7m507fq.exe
[2011/11/16 12:19:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ediza\Desktop\dds.scr
[2011/11/16 12:02:09 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:19:59 | 000,097,792 | ---- | M] () -- C:\Users\Ediza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 21:08:28 | 000,001,396 | ---- | M] () -- C:\Users\Ediza\Desktop\DivX Movies.lnk
[2011/11/11 22:14:02 | 000,002,044 | ---- | M] () -- C:\Users\Ediza\Desktop\Google Chrome.lnk
[2011/11/11 22:14:02 | 000,002,006 | ---- | M] () -- C:\Users\Ediza\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/25 12:48:24 | 000,001,880 | ---- | M] () -- C:\Users\Ediza\Desktop\wintin95.exe - Shortcut.lnk

========== Files Created - No Company Name ==========

[2011/11/16 20:41:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/16 20:41:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/16 20:41:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/16 20:41:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/16 20:41:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 12:34:28 | 270,671,245 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/16 12:20:05 | 000,302,592 | ---- | C] () -- C:\Users\Ediza\Desktop\u7m507fq.exe
[2011/11/16 12:02:09 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/25 09:29:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/06 17:52:01 | 000,000,120 | ---- | C] () -- C:\Users\Ediza\AppData\Local\Mfiqimar.dat
[2011/02/06 17:52:01 | 000,000,000 | ---- | C] () -- C:\Users\Ediza\AppData\Local\Nxetuwus.bin
[2010/06/10 13:43:37 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/07 13:31:36 | 000,015,046 | ---- | C] () -- C:\Windows\UN060501.INI
[2010/01/15 20:47:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/22 16:41:40 | 000,006,756 | ---- | C] () -- C:\Users\Ediza\AppData\Local\d3d9caps.dat
[2009/09/20 07:42:59 | 000,097,792 | ---- | C] () -- C:\Users\Ediza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/15 14:36:06 | 000,002,626 | ---- | C] () -- C:\Users\Ediza\AppData\Roaming\wklnhst.dat
[2009/09/07 20:45:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/09/07 20:45:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/09/07 20:45:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/09/07 20:45:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/09/07 18:41:20 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/09/07 18:19:45 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/07 18:14:55 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/09/07 18:14:55 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/09/07 18:14:54 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/04/11 11:18:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 11:18:36 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 09:26:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/09/19 09:14:16 | 000,024,056 | ---- | C] () -- C:\Windows\System32\providers.bin
[2008/02/20 23:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2006/11/02 04:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:44:53 | 000,291,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 02:33:01 | 000,604,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,105,376 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 09:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/03/20 08:33:50 | 000,000,000 | ---D | M] -- C:\Users\Ediza\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/19 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\Ediza\AppData\Roaming\NASNaviator2
[2009/11/02 01:14:33 | 000,000,000 | ---D | M] -- C:\Users\Ediza\AppData\Roaming\Netscape
[2009/11/18 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\Ediza\AppData\Roaming\Smith Micro
[2009/09/15 14:36:07 | 000,000,000 | ---D | M] -- C:\Users\Ediza\AppData\Roaming\Template
[2011/11/17 20:43:08 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/17 09:01:45 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\SyncBack Ediza Laptop Backup.job
[2011/11/17 11:31:06 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{26919939-CA75-4451-9292-6AB78851576F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 18:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2011/11/17 20:54:13 | 000,013,357 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/09/07 20:45:28 | 000,003,695 | RH-- | M] () -- C:\dell.sdr
[2011/11/17 20:57:54 | 4030,144,512 | -HS- | M] () -- C:\pagefile.sys
[2009/11/02 01:14:34 | 000,001,689 | ---- | M] () -- C:\photodex-presenter-install.log

< %systemroot%\Fonts\*.com >
[2006/11/02 04:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 04:35:34 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/04/28 06:14:02 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\Windows\system32\spool\prtprocs\w32x86\HP1006S.DLL
[2006/10/26 16:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2006/09/18 00:57:22 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\SSGB1pc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/04 19:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 18:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 19:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/07 21:50:15 | 000,000,286 | -HS- | M] () -- C:\Users\Ediza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/16 20:07:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ediza\Desktop\aswMBR.exe
[2011/11/16 20:09:20 | 004,298,446 | R--- | M] (Swearware) -- C:\Users\Ediza\Desktop\ComboFix.exe
[2011/11/17 22:33:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ediza\Desktop\OTL.exe
[2011/11/16 12:19:40 | 000,302,592 | ---- | M] () -- C:\Users\Ediza\Desktop\u7m507fq.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/07/13 02:19:16 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/07/13 02:18:46 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/07/13 02:18:46 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/07/13 02:18:46 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/07/13 02:18:46 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/07/13 02:18:46 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/15 16:05:04 | 000,000,402 | -HS- | M] () -- C:\Users\Ediza\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[alexp410]

extras.txt

OTL Extras logfile created on: 11/17/2011 10:34:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ediza\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 60.37% Memory free
7.12 Gb Paging File | 5.52 Gb Available in Paging File | 77.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 61.22 Gb Free Space | 45.56% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 9.07 Gb Free Space | 61.95% Space Free | Partition Type: NTFS

Computer Name: EDIZA-17 | User Name: Ediza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3754509515-2277620609-3965779844-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B3C33F-C385-48E7-99D3-E4A030438A9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{06065809-B57F-425F-9AD9-129E99300EC7}" = rport=445 | protocol=6 | dir=out | app=system |
"{0A2B917C-EC9E-415F-ACBC-A4A2B9DF1BB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{28A854A4-7FB5-4936-AA9A-A1E90CEEDBEC}" = lport=137 | protocol=17 | dir=in | app=system |
"{3814F54F-7116-4542-A661-CD4D1449E8C3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3DC2D8D3-A5A3-4576-9E8A-24AD5129268E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{409747FA-EE89-4F70-ABDA-F0A852EE8D23}" = lport=139 | protocol=6 | dir=in | app=system |
"{46EBCF57-B2D2-406B-9CC8-E3D82AE8D45E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{54EA5761-991B-4CCF-8AF9-D5827A64CDD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{588E4D32-04C1-4510-8196-E73A24AD42B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DE5165E-938E-4596-B52A-3C18AC5E7554}" = lport=138 | protocol=17 | dir=in | app=system |
"{77A37628-2D9B-403A-8709-9D3030BB492D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{94D58DFE-EE06-4269-AD89-8B01418F060D}" = lport=445 | protocol=6 | dir=in | app=system |
"{9C787557-C416-4BAA-BB25-C7C48B4A6EFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB7A9518-6DBF-4F17-99AD-F807DAA4F869}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ABA50052-F44C-41D4-8A64-A760836C652A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B463CCF3-349F-493D-8A2D-EC2197830211}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5FC435D-6F6F-4845-A2FF-73EDE33A0756}" = rport=138 | protocol=17 | dir=out | app=system |
"{EBC284C6-25CB-4EC2-8E7A-C998F0D8F27C}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF849DBF-D855-4CA3-84B7-F13D300CC809}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1141EDD8-6D1D-4F00-96FC-CF5FD9B6B0BF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{168F894C-66D2-4171-BC87-3883C3BDE324}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3791C527-96F8-4D32-A07F-6E0295C8B73C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3AAFB998-9378-4DA0-BEFF-910682052872}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4A1B2879-8DEA-4841-9A87-66FB2B5EEE8F}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{55CAC07B-78B7-44D2-80D3-2F5BF1A7025B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8505AB33-29F4-4568-97A8-937F31617075}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8ACE6232-C307-459D-9E09-66D79E7B0DF5}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{92C1CD49-8EAD-40B2-AF6E-77CA7571E3C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B2F79D9-70D7-46AF-B847-B003B7309527}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{BB62A8FE-6D0D-4FFB-9D02-31E447D23487}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C7B86503-3D0F-4887-A9AA-C45CFC3D9EE6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{C7F737E4-C57C-4EB0-82CA-11ADC46A396D}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{F2803B6E-85D0-4D65-A5F2-6AC704BE8A0C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FD9E91F2-3980-4C4E-9F37-9DCE627190DC}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"TCP Query User{93B4E391-E02D-4D03-A463-90367B44E17E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E860F049-C84B-4E53-B490-83B32FB4C8D3}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"UDP Query User{73568924-5345-4EC2-8A14-14FC485A46E4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C59522EC-1AAD-4729-8DDA-802C2A2F533F}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast!" = avast! Antivirus
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MWAREDATT" = Messageware AttachView Add-in for Saving Files x86
"Photodex Presenter" = Photodex Presenter
"Samsung ML-1710 Series" = Samsung ML-1710 Series
"SynTPDeinstKey" = Dell Touchpad
"UN060501" = BUFFALO NAS Navigator2
"VZAccess Manager" = VZAccess Manager
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3754509515-2277620609-3965779844-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/17/2011 1:00:57 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Favorites\MSN Websites\MSN Money.url failed, 00000005.

Error - 11/17/2011 1:00:57 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Favorites\MSN Websites\MSN Sports.url failed, 00000005.

Error - 11/17/2011 1:00:58 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Favorites\MSN Websites\MSN.url failed, 00000005.

Error - 11/17/2011 1:00:58 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Favorites\MSN Websites\MSNBC News.url failed, 00000005.

Error - 11/17/2011 1:00:58 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Favorites\Windows Live\Get Windows Live.url failed, 00000005.

Error - 11/17/2011 1:00:58 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Favorites\Windows Live\Windows Live Gallery.url failed, 00000005.

Error - 11/17/2011 1:00:58 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Favorites\Windows Live\Windows Live Mail.url failed, 00000005.

Error - 11/17/2011 1:00:58 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Favorites\Windows Live\Windows Live Spaces.url failed, 00000005.

Error - 11/17/2011 1:00:58 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Favorites\WoodVeneer.com - cedar.url failed, 00000005.

Error - 11/17/2011 1:01:44 PM | Computer Name = Ediza-17 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Videos\Sample Videos.lnk failed, 00000005.

[ Application Events ]
Error - 11/15/2011 1:00:21 AM | Computer Name = Ediza-17 | Source = Chrome | ID = 1
Description =

Error - 11/15/2011 1:04:37 AM | Computer Name = Ediza-17 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.120, time stamp
0x4eb86cd8, faulting module ntdll.dll, version 6.0.6001.22777, time stamp 0x4cb72ffe,
exception code 0xc0000374, fault offset 0x000b0fb4, process id 0x1798, application
start time 0x01cca353b6125ea0.

Error - 11/15/2011 1:05:38 AM | Computer Name = Ediza-17 | Source = Chrome | ID = 1
Description =

Error - 11/15/2011 1:41:34 AM | Computer Name = Ediza-17 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.120, time stamp
0x4eb86cd8, faulting module ntdll.dll, version 6.0.6001.22777, time stamp 0x4cb72ffe,
exception code 0xc0000374, fault offset 0x000b0fb4, process id 0x1938, application
start time 0x01cca354155bfc40.

Error - 11/16/2011 1:56:26 AM | Computer Name = Ediza-17 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,
exception code 0xc0000005, fault offset 0x000678d8, process id 0x2dd4, application
start time 0x01cca14f0e8378a2.

Error - 11/16/2011 2:12:31 AM | Computer Name = Ediza-17 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,
exception code 0xc0000005, fault offset 0x000678d8, process id 0x2aa4, application
start time 0x01cca4247ceb67d0.

Error - 11/16/2011 2:16:05 AM | Computer Name = Ediza-17 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,
exception code 0xc0000005, fault offset 0x000678d8, process id 0x2dd0, application
start time 0x01cca426bb269450.

Error - 11/16/2011 2:22:28 AM | Computer Name = Ediza-17 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,
exception code 0xc0000005, fault offset 0x000678d8, process id 0x19b0, application
start time 0x01cca1dad9016ed0.

Error - 11/16/2011 3:19:00 PM | Computer Name = Ediza-17 | Source = EventSystem | ID = 4621
Description =

Error - 11/16/2011 3:20:25 PM | Computer Name = Ediza-17 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/18/2011 12:52:40 AM | Computer Name = Ediza-17 | Source = Service Control Manager | ID = 7001
Description =

Error - 11/18/2011 12:53:01 AM | Computer Name = Ediza-17 | Source = Service Control Manager | ID = 7030
Description =

Error - 11/18/2011 12:53:14 AM | Computer Name = Ediza-17 | Source = Service Control Manager | ID = 7001
Description =

Error - 11/18/2011 12:53:14 AM | Computer Name = Ediza-17 | Source = Service Control Manager | ID = 7001
Description =

Error - 11/18/2011 12:53:57 AM | Computer Name = Ediza-17 | Source = Service Control Manager | ID = 7001
Description =

Error - 11/18/2011 12:53:57 AM | Computer Name = Ediza-17 | Source = Service Control Manager | ID = 7001
Description =

Error - 11/18/2011 12:54:30 AM | Computer Name = Ediza-17 | Source = Service Control Manager | ID = 7001
Description =

Error - 11/18/2011 12:54:30 AM | Computer Name = Ediza-17 | Source = Service Control Manager | ID = 7001
Description =

Error - 11/18/2011 12:58:06 AM | Computer Name = Ediza-17 | Source = HTTP | ID = 15016
Description =

Error - 11/18/2011 12:59:43 AM | Computer Name = Ediza-17 | Source = Service Control Manager | ID = 7000
Description =


< End of report >

 

[Broni]

All clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[alexp410]

SecurityCheck report

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
avast! successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player ( 10.0.42.34) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
``````````End of Log````````````

 

[Broni]

Go on..........

 

[Broni]

Still with me?

 

[alexp410]

All good

Hi Broni. Thank you for your help so far. It looks like all the malware problems are taken care of.

File Temp Cleaner ran ok, and cleaned up without issues.

ESET scanner/cleaner I had to run twice. The first time it ran it recognized and removed 2 threats. Unfortunately I was unable to find the button to "look" at the named threats. The 2nd time it was run, it reported a clean finding.

Thank you again Broni!

-Alex

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Broni]

The issue seems to be resolved.

 

[alexp410]

OTL Cleanup Log

Hi Broni.

Ran the cleaner as requested. Log:


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ediza
->Temp folder emptied: 4783902 bytes
->Temporary Internet Files folder emptied: 83767952 bytes
->Java cache emptied: 277043 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 135946326 bytes
->Flash cache emptied: 13377 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85838 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 197767 bytes

Total Files Cleaned = 215.00 mb


[EMPTYFLASH]

User: Alex
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Ediza
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12012011_173925

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...