Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Re-direct Virus (certain websites only) [Solved]

Started by 360nourishment , Jul 19 2012 06:46 AM

This topic is locked

#31
360nourishment

Posted 23 July 2012 - 03:21 PM

Member

Topic Starter
Member
127 posts

OK. I've changed the DNS Server addresses, but I am still getting the re-directs.

Let me ask you a question, do you know why Combofix would fail to properly scan?

Edited by 360nourishment, 23 July 2012 - 03:22 PM.

#32
Render

Posted 23 July 2012 - 03:28 PM

Trusted Helper

Malware Removal
4,195 posts

Let me ask you a question, do you know why Combofix would fail to properly scan?

No. It happen on some systems.

Proceed with this:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Please double click on on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):
```
:OTL
  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[resethosts]
[emptytemp]
[reboot]
```
Make sure all other windows are closed and to let it run uninterrupted.
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT...

What is the main site that you get redirect to?

#33
360nourishment

Posted 23 July 2012 - 04:22 PM

Member

Topic Starter
Member
127 posts

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Taheerah\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Taheerah\My Documents\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Taheerah
->Temp folder emptied: 142622432 bytes
->Temporary Internet Files folder emptied: 34185031 bytes
->Java cache emptied: 198819 bytes
->FireFox cache emptied: 165228309 bytes
->Google Chrome cache emptied: 24013174 bytes
->Flash cache emptied: 102690 bytes

User: TrafficPhoenix

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4804088 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 778895 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 194638830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1516427948 bytes

Total Files Cleaned = 1,987.00 mb

OTL by OldTimer - Version 3.2.40.0 log created on 07232012_180239

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Taheerah\Local Settings\Temp\plugtmp-20\plugin-xml;mar=googlepreroll;mar=first-impression-preroll;mar=seoref;mar=Test%20Rule;cntid=126232;u=126232;bch=1;cid=236;mr=PG;chann.com%20Staff;hdcdp=0;tags=chappelle%2Cdave%2Cfunny;ord=7157611486742664; not found!
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Quick Scan log...

OTL logfile created on: 7/23/2012 6:15:31 PM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Taheerah\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.54% Memory free
3.84 Gb Paging File | 3.49 Gb Available in Paging File | 90.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.30 Gb Total Space | 15.41 Gb Free Space | 42.45% Space Free | Partition Type: NTFS
Drive F: | 232.83 Gb Total Space | 199.94 Gb Free Space | 85.88% Space Free | Partition Type: FAT32

Computer Name: TAHEERAH-5F0699 | User Name: Taheerah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 17:19:50 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/22 00:11:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Taheerah\My Documents\Downloads\OTL.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/23 15:59:58 | 001,787,392 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12072302\algo.dll
MOD - [2012/07/17 17:19:49 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/23 18:09:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/17 17:19:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/26 02:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/04/01 18:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Disabled | Stopped] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Twitter"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/03 15:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 17:19:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/18 15:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Taheerah\Application Data\Mozilla\Extensions
[2012/07/18 22:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Taheerah\Application Data\Mozilla\Firefox\Profiles\ebujv3ok.default\extensions
[2012/03/30 17:29:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Taheerah\Application Data\Mozilla\Firefox\Profiles\ebujv3ok.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/02 17:31:16 | 000,000,000 | ---D | M] (adblockvideo) -- C:\Documents and Settings\Taheerah\Application Data\Mozilla\Firefox\Profiles\ebujv3ok.default\extensions\[email protected]
[2012/07/17 17:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TAHEERAH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EBUJV3OK.DEFAULT\EXTENSIONS\[email protected]
[2012/07/03 15:42:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/17 17:19:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/29 01:17:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/29 01:17:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2012/07/23 18:02:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FileZilla FTP Client [2012/04/17 18:33:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Taheerah\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCC13FBB-8F09-44DB-8FDD-D82B38A3D983}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/17 22:09:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/12/07 14:35:32 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 18:02:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/22 17:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Desktop\RK_Quarantine
[2012/07/20 18:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\Sun
[2012/07/20 18:34:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/20 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/20 18:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\Oracle
[2012/07/20 18:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/07/20 14:41:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/20 14:41:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/20 14:41:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/20 14:41:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/20 14:41:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/20 14:39:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/20 14:37:52 | 004,582,461 | R--- | C] (Swearware) -- C:\Documents and Settings\Taheerah\Desktop\ComboFix.exe
[2012/07/20 07:30:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4
[2012/07/20 07:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Desktop\OpenOffice.org 3.4 (en-US) Installation Files
[2012/07/20 07:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Start Menu\Programs\WinRAR
[2012/07/20 07:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\WinRAR
[2012/07/20 07:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/07/20 07:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/07/19 22:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Desktop\Beyond DIet Diabetes backups
[2012/07/19 12:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/07/19 12:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/07/19 12:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/07/19 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/07/19 12:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/07/19 12:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\Microsoft Help
[2012/07/19 12:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/19 12:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/07/19 12:43:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/07/19 11:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\MicrosoftStore
[2012/07/19 10:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3.4 (en-US) Installation Files
[2012/07/19 10:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Desktop\Beyond Diet Diabetes Guide
[2012/07/13 01:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/13 01:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\PDAppFlex
[2012/07/13 00:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/13 00:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2012/07/12 14:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Adobe Illustrator CS6
[2012/07/12 14:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/12 14:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012/07/12 14:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/07/10 17:31:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/10 17:29:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Taheerah\Start Menu\Programs\Administrative Tools
[2012/07/10 17:29:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/07 21:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2012/07/06 15:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\Temp
[2012/07/06 15:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\Adobe
[2012/07/06 15:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/06 15:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/06 15:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/07/06 10:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/04 16:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\My Documents\SemperDriverBackup
[2012/07/04 16:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\Semper Software
[2012/07/04 16:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/04 16:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Semper Software
[2012/07/04 16:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Semper Software
[2012/07/02 23:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2012/07/02 16:58:53 | 000,000,000 | ---D | C] -- C:\c202dc2c8db6c7d29a6e8f
[2012/07/02 16:39:47 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/02 16:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/07/02 16:39:46 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/02 16:39:42 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/02 16:39:41 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/02 16:39:40 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/02 16:39:37 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/02 16:39:37 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/02 16:39:36 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/02 16:38:16 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/02 16:38:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/02 16:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/02 16:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

========== Files - Modified Within 30 Days ==========

[2012/07/23 18:19:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1292428093-1417001333-1003UA.job
[2012/07/23 18:09:38 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/23 18:09:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/23 18:07:56 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/23 18:07:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/23 18:06:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/23 18:02:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/23 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TAHEERAH-5F0699-Taheerah.job
[2012/07/22 20:19:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1292428093-1417001333-1003Core.job
[2012/07/22 19:33:55 | 000,496,086 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/22 19:33:55 | 000,084,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/20 16:28:36 | 003,581,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/20 14:37:57 | 004,582,461 | R--- | M] (Swearware) -- C:\Documents and Settings\Taheerah\Desktop\ComboFix.exe
[2012/07/20 14:27:07 | 000,146,574 | ---- | M] () -- C:\__rzi_0.292
[2012/07/20 14:27:04 | 000,146,574 | ---- | M] () -- C:\__rzi_0.915
[2012/07/20 07:30:07 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.4.lnk
[2012/07/20 07:09:45 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\WinRAR.lnk
[2012/07/19 12:27:04 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Office Home and Business 2010 _1342715223609.lnk
[2012/07/19 10:14:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\MBR.dat
[2012/07/15 12:45:32 | 000,060,762 | ---- | M] () -- C:\Documents and Settings\Taheerah\My Documents\30 day recipes.odt
[2012/07/15 12:33:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 00:49:38 | 000,001,231 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Adobe Illustrator CS6.lnk
[2012/07/12 14:47:56 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/07/12 12:12:22 | 000,086,894 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\NAPOLI'S NEAPOLITAN BRICK OVEN PIZZA logo.ai
[2012/07/12 12:12:20 | 005,366,782 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\NAPOLI'S NEAPOLITAN BRICK OVEN PIZZA logo.eps
[2012/07/12 04:08:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/12 00:18:39 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Taheerah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/12 00:18:38 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Google Chrome.lnk
[2012/07/07 16:28:04 | 008,867,840 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\SeaToolsDOS223ALL.ISO
[2012/07/06 15:07:56 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/07/06 10:35:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/07/04 16:42:05 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Semper Driver Backup.lnk
[2012/07/03 15:42:18 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 12:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/03 05:18:51 | 000,093,665 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Dell Bookmarks - 7-3-2012
[2012/07/02 16:39:47 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

========== Files Created - No Company Name ==========

[2012/07/20 14:41:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/20 14:41:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/20 14:41:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/20 14:41:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/20 14:41:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/20 14:27:07 | 000,146,574 | ---- | C] () -- C:\__rzi_0.292
[2012/07/20 14:27:04 | 000,146,574 | ---- | C] () -- C:\__rzi_0.915
[2012/07/20 07:30:07 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.4.lnk
[2012/07/20 07:09:45 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\WinRAR.lnk
[2012/07/19 12:27:04 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Office Home and Business 2010 _1342715223609.lnk
[2012/07/19 10:14:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\MBR.dat
[2012/07/15 11:36:00 | 000,060,762 | ---- | C] () -- C:\Documents and Settings\Taheerah\My Documents\30 day recipes.odt
[2012/07/13 01:08:55 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TAHEERAH-5F0699-Taheerah.job
[2012/07/13 00:49:38 | 000,001,231 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Adobe Illustrator CS6.lnk
[2012/07/13 00:47:32 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/07/13 00:44:36 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/07/13 00:44:04 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/07/13 00:42:31 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2012/07/12 14:47:56 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/07/12 14:47:56 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/07/12 12:12:22 | 000,086,894 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\NAPOLI'S NEAPOLITAN BRICK OVEN PIZZA logo.ai
[2012/07/12 12:12:20 | 005,366,782 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\NAPOLI'S NEAPOLITAN BRICK OVEN PIZZA logo.eps
[2012/07/10 17:31:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/10 17:31:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/07 16:28:08 | 008,867,840 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\SeaToolsDOS223ALL.ISO
[2012/07/06 15:07:56 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/06 15:07:56 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/07/04 16:42:05 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Semper Driver Backup.lnk
[2012/07/03 05:18:50 | 000,093,665 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Dell Bookmarks - 7-3-2012
[2012/07/02 16:39:47 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/02 16:39:38 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/03/30 01:03:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/03/26 21:23:06 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/03/26 21:23:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/03/26 21:23:06 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/03/26 21:23:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/03/26 21:23:06 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/03/26 21:23:06 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/03/26 21:23:06 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/03/26 21:23:06 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/03/26 21:23:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/03/26 21:23:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/03/26 21:23:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/03/26 21:23:06 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/03/26 21:23:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/03/26 21:23:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/03/26 21:23:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/03/26 21:23:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/03/26 10:00:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/23 04:17:54 | 000,080,138 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1844237615-1292428093-1417001333-1003-0.dat
[2011/07/23 04:17:53 | 000,080,138 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/23 04:17:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/23 01:49:29 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/07/18 15:02:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/18 14:45:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/07/18 14:45:37 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/07/18 14:45:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/07/18 13:28:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2011/07/18 13:17:29 | 000,000,283 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/17 22:12:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 22:05:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/17 17:48:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/17 17:47:32 | 003,581,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/07/02 16:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/18 14:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/03/26 21:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/07/13 00:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/22 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/12 14:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/30 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\DVDVideoSoft
[2012/03/30 17:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\DVDVideoSoftIEHelpers
[2012/03/27 09:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\EPSON
[2012/07/18 15:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\FileZilla
[2012/04/02 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Foxit Software
[2012/05/20 13:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\gtk-2.0
[2011/07/18 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Infineon
[2012/03/26 11:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\OpenOffice.org
[2012/07/20 18:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Oracle
[2012/07/13 01:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\PDAppFlex
[2012/07/04 16:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Semper Software
[2012/07/13 01:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/23 18:07:56 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDEBE8F6

< End of report >

#34
Render

Posted 23 July 2012 - 04:26 PM

Trusted Helper

Malware Removal
4,195 posts

What is the main site that you get redirect to?

#35
360nourishment

Posted 23 July 2012 - 06:21 PM

Member

Topic Starter
Member
127 posts

It's click-get-answers-fast.com.

Also, I noticed right around the time that I got these stupid redirects, whenever I play video on my computer it sounds choppy, skips, etc.

Is there anything that I can do about this?

Edited by 360nourishment, 24 July 2012 - 12:29 AM.

#36
Render

Posted 24 July 2012 - 06:34 AM

Trusted Helper

Malware Removal
4,195 posts

Please do the following:

Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

Save this as test.bat. Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.
It should look like this: Posted Image

Double-click on test.bat to run it. It will open Notepad when done please post back the content of it.

#37
360nourishment

Posted 24 July 2012 - 07:00 AM

Member

Topic Starter
Member
127 posts

I am going to PM you the results. I don't want to post them publicly.

#38
Render

Posted 24 July 2012 - 07:17 AM

Trusted Helper

Malware Removal
4,195 posts

We will try to run Combofix again. Please delete your copy of Combofix.exe, we will download fresh one as follows:

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.

Double click on ComboFix.exe and follow the prompts.
Accept the disclaimer and allow to update if it asks.

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

If not successful please try to run Combofix.exe in Safe mode with networking.

How to reboot your computer in Safe Mode with networking.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode with networking option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

#39
360nourishment

Posted 24 July 2012 - 08:25 PM

Member

Topic Starter
Member
127 posts

Hi,

Unfortunately, I cannot run Combofix in regular or Safe Mode.

I've ran Combofix in the past with no problems - not sure what's going on this time around.

#40
Render

Posted 25 July 2012 - 07:07 AM

Trusted Helper

Malware Removal
4,195 posts

As you have Windows XP setup disk we will do system repair. Don't worry system repair won't delete your data, installed programs, personal information, or settings. It just repairs the operating system!
Please, have your Windows XP CD-KEY ready.

Boot from your Windows XP CD. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer.
When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD.

NOTE: If computer does not boot from CD you must change device boot order in BIOS. Read here for more information.
A blue screen will appear and begin loading Windows XP Setup from the CD.
When completed loading files, you will be presented with the following "Windows Setup" screen, and your first option. Select "To set up Windows XP now, press ENTER". DO NOT select Recovery Console.
When presented with the screen below. press the F8 key to continue.
Next, Windows Setup will find existing Windows XP installations. You will be asked to repair an existing XP installation, or install a fresh copy of Windows XP.
Press the R key.
Windows XP will appear to be installing itself for the first time, but it will retain all of your data and settings.
Follow the instructions that appear on the screen to reinstall Windows XP. After you repair Windows XP, you may have to reactivate your copy of Windows XP.
Let me know if the bootup problem has been solved.

#41
360nourishment

Posted 27 July 2012 - 08:02 AM

Member

Topic Starter
Member
127 posts

Hi,

I repaired my XP installation, but still can't run combofix. However, I downloaded a trial version of Hitman Pro, which found and eliminated all types of nasty things on my computer.

Regarding combofix not working, there is no way to directly save the program to your desktop, so I downloaded it in one place and dragged the icon to my desktop and tried to run it from my desktop - It never worked.

I think the re-directs are fixed.

Can you give me instructions on how to remove all of the software that I've downloaded from my computer? (ex: OTL, RogueKiller, etc).

Thanks for your help.

#42
Render

Posted 27 July 2012 - 08:06 AM

Trusted Helper

Malware Removal
4,195 posts

Can you please post the log of that Hitman thingy?

#43
360nourishment

Posted 27 July 2012 - 08:12 AM

Member

Topic Starter
Member
127 posts

Hi,

Unfortunately, I cannot find a log for July 24. I don't this program keeps logs like that, it just quarantines the threats.

#44
Render

Posted 27 July 2012 - 08:17 AM

Trusted Helper

Malware Removal
4,195 posts

OK. I can't say your system is malware free. Let's clean our tools:

Removing the tools we used:

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
Please follow the prompts to uninstall Combofix.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

NEXT...

OTL Clean-Up:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

#45
Render

Posted 08 August 2012 - 07:26 AM

Trusted Helper

Malware Removal
4,195 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.