Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Redirects - Google

Started by ABEC329 , Apr 01 2012 04:33 PM

  • Please log in to reply

#31
RKinner
Posted 06 April 2012 - 09:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run OTL, Quickscan and post the log. It should show the hosts file entries.
  • 0

Advertisements

#32
ABEC329
Posted 07 April 2012 - 01:30 AM

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks Ron, log file below

Cheers ABEC

OTL logfile created on: 7/04/2012 7:08:35 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\SIMS\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.87 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.29% Memory free
7.73 Gb Paging File | 6.07 Gb Available in Paging File | 78.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.70 Gb Total Space | 386.60 Gb Free Space | 85.02% Space Free | Partition Type: NTFS
Drive D: | 10.96 Gb Total Space | 1.58 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 297.44 Gb Total Space | 163.41 Gb Free Space | 54.94% Space Free | Partition Type: NTFS

Computer Name: SIMS-HP-PC | User Name: SIMS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 09:42:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\SIMS\Downloads\OTL.exe
PRC - [2012/03/22 17:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 13:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 13:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/04 01:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/02 00:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/10/28 01:52:48 | 012,487,856 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2009/10/22 19:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/25 14:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/22 17:40:16 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/10/28 01:51:31 | 000,021,680 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2010/10/28 01:51:24 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2010/10/28 01:50:50 | 000,848,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\js3250.dll
MOD - [2009/10/22 19:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/07 13:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/09/09 11:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 13:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/30 06:43:46 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 01:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/02 00:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/13 05:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/11 09:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/07 13:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 13:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 13:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 13:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 13:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 13:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/11 18:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 18:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/03 00:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/30 13:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/18 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/09 12:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/21 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 13:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 13:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 13:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 13:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 13:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 12:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 08:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 08:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 08:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 08:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 09:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 13:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/15
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {24A5A82A-C01C-41BF-B060-7AD3CA5216D3}
IE:64bit: - HKLM\..\SearchScopes\{24A5A82A-C01C-41BF-B060-7AD3CA5216D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/15
IE - HKLM\..\SearchScopes,DefaultScope = {24A5A82A-C01C-41BF-B060-7AD3CA5216D3}
IE - HKLM\..\SearchScopes\{24A5A82A-C01C-41BF-B060-7AD3CA5216D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/15
IE - HKCU\..\SearchScopes,DefaultScope = {24A5A82A-C01C-41BF-B060-7AD3CA5216D3}
IE - HKCU\..\SearchScopes\{24A5A82A-C01C-41BF-B060-7AD3CA5216D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.stuff.co.nz/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\SIMS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/04 09:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/07 10:56:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 17:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/01 06:56:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/04 15:04:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/04 09:59:45 | 000,000,000 | ---D | M]

[2010/12/04 15:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Extensions
[2010/12/04 15:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/06 09:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\extensions
[2012/04/03 11:53:33 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/10/17 09:05:09 | 000,003,739 | ---- | M] () -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\searchplugins\avg-secure-search.xml
[2012/01/08 12:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/07 10:56:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\SIMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MICNKL41.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\SIMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MICNKL41.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/22 17:40:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 07:33:19 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/02 07:33:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/02 07:33:19 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/02 07:33:19 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/02 07:33:19 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\SIMS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\SIMS\AppData\Local\Roblox\Versions\version-21cdb2fff9fb4df2\\NPRobloxProxy.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2012/04/07 10:41:09 | 000,000,078 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 173.194.69.113 google.com
O1 - Hosts: 173.194.69.102 789.hou99.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.239.10 192.168.1.1 192.168.239.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABBC696-EB1C-4834-886E-164895EC2725}: DhcpNameServer = 4.2.2.3 4.2.2.2 192.168.1.3 4.2.2.3 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC471614-C0EC-4EE9-B223-5F72427999DE}: DhcpNameServer = 192.168.239.10 192.168.1.1 192.168.239.10
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/19 09:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 10:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/04/07 10:56:32 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/04/07 10:56:32 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/04/07 10:56:31 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/04/07 10:56:31 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/04/07 10:56:29 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/04/07 10:56:27 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/04/07 10:56:27 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/04/07 10:56:10 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/04/07 10:56:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/04/07 10:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/04/07 10:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/06 08:22:17 | 000,000,000 | ---D | C] -- C:\Users\SIMS\AppData\Roaming\Apple Computer
[2012/04/06 08:22:17 | 000,000,000 | ---D | C] -- C:\Users\SIMS\AppData\Local\Apple Computer
[2012/04/06 08:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2012/04/06 08:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/04/06 08:19:44 | 000,000,000 | ---D | C] -- C:\Users\SIMS\AppData\Local\Apple
[2012/04/06 08:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/04/06 08:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/03 11:53:36 | 000,000,000 | ---D | C] -- C:\Users\SIMS\AppData\Roaming\QuickScan
[2012/04/03 08:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/03 07:39:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/03 07:24:39 | 000,000,000 | ---D | C] -- C:\Old search data
[2012/04/03 07:06:20 | 000,000,000 | R--D | C] -- C:\Users\SIMS\Desktop\PC Cleanng Tools
[2012/04/02 19:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/02 19:46:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 19:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/02 19:19:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/02 19:12:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/02 19:12:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/02 19:12:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/02 19:12:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/02 19:12:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/02 19:12:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/30 06:43:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/29 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\SIMS\AppData\Roaming\Malwarebytes
[2012/03/29 18:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/29 18:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/22 20:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/22 20:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012/04/07 19:10:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/07 18:24:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/07 12:09:24 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/07 12:09:24 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/07 12:06:41 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/07 12:06:41 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/07 12:06:41 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/07 12:02:18 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/07 12:02:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/07 12:02:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/04/07 12:02:00 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/07 10:56:34 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/07 10:56:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/07 10:41:09 | 000,000,078 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/06 08:21:36 | 000,002,515 | ---- | M] () -- C:\Users\SIMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/06 08:21:36 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/02 19:46:04 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 09:04:15 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/03/22 20:21:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/21 06:58:26 | 000,001,403 | ---- | M] () -- C:\Users\SIMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/20 21:53:18 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/20 21:53:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/15 07:47:44 | 000,431,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/07 10:56:34 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/07 10:56:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/04/06 08:21:36 | 000,002,515 | ---- | C] () -- C:\Users\SIMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/06 08:21:36 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/04/06 08:21:36 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/06 08:19:43 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/02 19:46:04 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/02 19:12:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/02 19:12:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/02 19:12:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/02 19:12:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/02 19:12:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/30 06:43:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/20 21:53:18 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/20 21:53:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/19 09:31:31 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2011/06/23 18:36:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/23 18:21:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/04 09:53:41 | 000,202,451 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/12/04 09:53:41 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat

========== LOP Check ==========

[2012/03/02 12:44:28 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\FileZilla
[2010/12/21 07:03:19 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Gamelab
[2012/03/08 12:52:21 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\IcoFX2X
[2010/12/04 07:53:11 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\PlayFirst
[2012/04/03 11:53:39 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\QuickScan
[2010/12/04 15:04:12 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Thunderbird
[2011/10/02 17:34:36 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Unity
[2010/12/18 09:58:26 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Western Digital
[2010/12/05 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\WildTangentv1001
[2012/03/31 09:04:15 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/04/02 19:19:01 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#33
RKinner
Posted 07 April 2012 - 09:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The hosts file looks good. I don't see the DNS that we put in back in post #15. Probably lost it when we reset the tcpip. I'd put it back in so that we are not using the local DNS. You do have a couple of obsolete add-ons in Firefox and an avg based search. We can remove them just on general principles:



Copy the text in the code box by highlighting and Ctrl + c 



:OTL
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...q={searchTerms}
[2012/04/03 11:53:33 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/10/17 09:05:09 | 000,003,739 | ---- | M] () -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\searchplugins\avg-secure-search.xml
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.239.10 192.168.1.1 192.168.239.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABBC696-EB1C-4834-886E-164895EC2725}: DhcpNameServer = 4.2.2.3 4.2.2.2 192.168.1.3 4.2.2.3 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC471614-C0EC-4EE9-B223-5F72427999DE}: DhcpNameServer = 192.168.239.10 192.168.1.1 192.168.239.10
O32 - AutoRun File - [2009/06/19 09:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and then close your browsers. Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Copy and paste the log.

I found one other report of this same problem on a Czech anti-malware site. It ends with the notation: Provider error. Apparently the ISP had something wrong. Which brings us back to the original premise that the big router is doing it. Now that you have the hosts file set this way has there been any change? If you use one of the ip numbers from nslookup google.com in your browser instead of google.com does it go through? Is this a laptop or do any of your neighbors have a laptop? I assume you or they have to go into town once in a while to shop or whatever. If you take a laptop to a different area can you find a Wifi hot spot and test it there to see if you still get the Chinese?
  • 0

#34
RKinner
Posted 07 April 2012 - 05:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Continued from last post:
If you are not going into town any time soon you might just invest in a dialup account with someone like this:
http://www.kol.co.nz/dialup.php

You may find cheaper services or one that will let you cancel if you don't like it. This was just the first one that came up.

That way we could bypass the current network and either rule out the network or prove it is the problem.
  • 0

#35
ABEC329
Posted 07 April 2012 - 05:30 PM

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Changed DNS and ran OTL fix. All Good.

Using google.com IP, we get google.com up, it behaves a little oddly though, click on Images or Maps or Youtube and we get a reset? Google.co.nz does not work.

Using a smart phone on our wireless network we get the chinesse site, and on the 3G network it apparently works OK (the neighbour confirmed this). I am going to town this afternoon so will confirm myself. Will try someones wireless system in town as well.

Cheers ABEC
  • 0

#36
RKinner
Posted 07 April 2012 - 06:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
When you go into town, use HostsXpert to remove the two entries we put in
O1 - Hosts: 173.194.69.113 google.com
O1 - Hosts: 173.194.69.102 789.hou99.com
so you have a stock system.
  • 0

#37
ABEC329
Posted 08 April 2012 - 12:58 AM

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Tried the smart phone in town on the 3G network no problems at all. Have lent our laptop to one of the neighbours, so could not check that (it has not been used on this system since this issue started).

I'm thinking the 3G network working OK is proof that this issue is down the line somewhere? We have confirmed this on more than one smart phone now. Is there any difference between smart phone/iphone and PC/laptops??

Again Ron thanks very much for your time, I'm hoping we will beat this!!

Cheers ABEC
  • 0

#38
RKinner
Posted 08 April 2012 - 01:23 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If the same smart phone when used on your network gets Chinese but doesn't get it on a 3G network then I would say it's definitely a network issue. Now comes the problem of convincing the network guy.
  • 0

#39
ABEC329
Posted 09 April 2012 - 04:03 PM

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Our tech man has replied to an email saying he is going to change the router sometime this week, will keep you posted if this makes a difference.

Cheers ABEC
  • 0

#40
RKinner
Posted 09 April 2012 - 05:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Thanks for keeping me in the loop.

I doubt the router hardware is bad. This sounds like a configuration problem. It might be enough to reboot it.
  • 0

Advertisements

#41
ABEC329
Posted 16 April 2012 - 06:34 PM

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
We've got control again. If they replaced the router it has worked?
Have ask the tech man for a explanation, hopefully he will reply, again I will keep you posted.

Cheers ABEC
  • 0

#42
RKinner
Posted 16 April 2012 - 07:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Great. That was really the only thing that made sense.
  • 0

#43
ABEC329
Posted 17 April 2012 - 03:23 AM

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
The tech man replied, saying they had replaced the router. As yet they have not had a look at what the cause was, but suggested it may be something to do with the DNS settings. I have no idea what they are dealing with, and imagine they will never tell us what happened, but he ensures it will not happen again.

So, thanks very much yet again for your time, not only did I learn a little bit more about how these computers work but also discovered where Orcas Island is, the lucky place to live.

Cheers, ABEC
  • 0

#44
RKinner
Posted 17 April 2012 - 08:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If you haven't already you need to remove the hosts file entries that we put in.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP