[yjyj4482]

Hello,

When I'm in Firefox, everytime I type Craigslist.org in to the browser I get redirected to a different website. It changes all the time...I've been sent to coolfreequizzes.net, quizzerist.net, collide.net, etc.

I ran malwarebytes, spybot, and spywareblaster and nothing has come up. I ran my antivirus software and nothing came up.

In addition, when I use chrome, I set my home page to Google but instead it goes to http://search.conduit.com.

Help?

Thank you!

[Advertisements]

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

• Please download DeFogger to your desktop.
  
  Double click DeFogger to run the tool.
  
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.


-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-Download DDS-

• Please download DDS from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

information and logs

• In your next post I need the following
  
  
• both reports from DDS
• report from security check
• let me know of any problems you may have had

Gringo

[gringo_pr]

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

• Please download DeFogger to your desktop.
  
  Double click DeFogger to run the tool.
  
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.


-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-Download DDS-

• Please download DDS from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

information and logs

• In your next post I need the following
  
  
• both reports from DDS
• report from security check
• let me know of any problems you may have had

Gringo

[yjyj4482]

Hi Gringo!

Here's everything you asked for. Thanks for your help!

SECURITY CHECK LOG:

Results of screen317's Security Check version 0.99.57
x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Flash Player 11.5.502.146
Adobe Reader XI
Mozilla Firefox (18.0.1)
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

DDS LOGS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16453
Run by Yola at 18:45:53 on 2013-02-04
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3033.2072 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Yola\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Users\Yola\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\svchost.exe -k defragsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225826
mDefault_Page_URL = hxxp://www.lenovo.com
uURLSearchHooks: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - c:\program files\classic shell\ClassicExplorer32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - c:\program files\classic shell\ClassicIE9DLL_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll
uRun: [Google Update] "c:\users\yola\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\users\yola\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\users\yola\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [SansaDispatch] c:\users\yola\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\users\yola\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\yola\appdata\roaming\dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\classic shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{77F39197-1325-45A6-98D6-AC9CA770374E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FA5A8F56-099A-4005-B9BB-EB85F538A115} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FA5A8F56-099A-4005-B9BB-EB85F538A115}\4424 : DHCPNameServer = 192.168.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\reader 11.0\esl\AiodLite.dll",CreateReaderUserSettings
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\yola\appdata\roaming\mozilla\firefox\profiles\w0oue4fd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&q=
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\users\yola\appdata\local\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\users\yola\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\yola\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
.
============= SERVICES / DRIVERS ===============
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R1 aswnet;avast! AG Firewall Core Driver;c:\windows\system32\drivers\aswnet.sys [2012-10-28 356880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-28 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-28 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-28 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-28 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-3 44808]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-13 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-13 168384]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-1-20 23136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-7-25 361984]
R3 NETwNs32;@netwns32.inf,___ %NIC_Service_DispName_WIN7%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-6-2 7518208]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2012-7-25 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2012-7-25 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2012-7-25 661504]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2012-7-25 155136]
.
=============== Created Last 30 ================
.
2013-01-27 04:36:32 -------- d-----w- c:\users\yola\New folder
2013-01-14 03:33:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-14 03:32:58 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-14 03:32:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-13 08:29:27 -------- d-----w- c:\users\yola\appdata\local\Programs
2013-01-12 03:47:22 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-12 03:47:22 -------- d-----w- c:\program files\iTunes
2013-01-12 03:47:22 -------- d-----w- c:\program files\iPod
2013-01-12 03:34:50 80728 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-12 03:34:50 695640 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 03:48:40 71168 ----a-w- c:\windows\system32\ncryptsslp.dll
2013-01-09 03:43:53 975360 ----a-w- c:\windows\system32\AppXDeploymentServer.dll
2013-01-09 03:43:52 554496 ----a-w- c:\windows\system32\AppXDeploymentExtensions.dll
2013-01-09 03:43:51 117248 ----a-w- c:\windows\system32\SystemEventsBrokerServer.dll
2013-01-09 03:43:51 114176 ----a-w- c:\windows\system32\TimeBrokerServer.dll
2013-01-09 03:43:50 3401728 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 03:43:50 330752 ----a-w- c:\windows\system32\sppwinob.dll
2013-01-09 03:42:21 2048 ----a-w- c:\windows\system32\msxml6r.dll
2013-01-09 03:42:21 1802240 ----a-w- c:\windows\system32\msxml6.dll
.
==================== Find3M ====================
.
2012-12-16 08:20:01 35328 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 07:57:09 300032 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-29 05:42:09 58088 ----a-w- c:\windows\system32\drivers\pdc.sys
2012-11-28 04:21:17 44032 ----a-w- c:\windows\system32\UXInit.dll
2012-11-27 05:17:53 302312 ----a-w- c:\windows\system32\drivers\storport.sys
2012-11-27 04:57:10 158952 ----a-w- c:\windows\system32\drivers\sdbus.sys
2012-11-27 04:57:06 104168 ----a-w- c:\windows\system32\drivers\dumpsd.sys
2012-11-27 04:49:20 1027152 ----a-w- c:\windows\system32\Taskmgr.exe
2012-11-27 04:19:52 5088256 ----a-w- c:\windows\system32\mstscax.dll
2012-11-27 04:19:27 679936 ----a-w- c:\windows\system32\IKEEXT.DLL
2012-11-27 04:19:22 245248 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2012-11-27 04:19:03 473600 ----a-w- c:\windows\system32\BFE.DLL
2012-11-27 04:19:02 2033664 ----a-w- c:\windows\system32\authui.dll
2012-11-27 03:55:43 14848 ----a-w- c:\windows\system32\drivers\BtaMPM.sys
2012-11-27 03:54:13 25856 ----a-w- c:\windows\system32\drivers\BthAvrcpTg.sys
2012-11-27 03:53:14 22528 ----a-w- c:\windows\system32\drivers\BthhfHid.sys
2012-11-20 06:05:12 5562600 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-20 05:24:19 1164800 ----a-w- c:\windows\system32\Display.dll
2012-11-20 05:24:17 36352 ----a-w- c:\windows\system32\DevDispItemProvider.dll
2012-11-20 05:02:46 6144 ----a-w- c:\windows\system32\KBDKURD.DLL
2012-11-20 04:59:22 22016 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-11-20 04:59:07 60416 ----a-w- c:\windows\system32\drivers\hidclass.sys
2012-11-20 04:56:58 30208 ----a-w- c:\windows\system32\drivers\hidi2c.sys
2012-11-15 06:06:34 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 04:19:23 890880 ----a-w- c:\windows\system32\msctf.dll
2012-11-10 04:51:14 356880 ----a-w- c:\windows\system32\drivers\aswnet.sys
2012-11-10 04:23:25 132608 ----a-w- c:\windows\system32\poqexec.exe
2012-11-09 04:03:48 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-08 04:25:36 523776 ----a-w- c:\windows\system32\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- c:\windows\system32\wininet.dll
2012-11-08 04:25:29 662016 ----a-w- c:\windows\system32\uxtheme.dll
2012-11-08 04:24:27 2881536 ----a-w- c:\windows\system32\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- c:\windows\system32\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- c:\windows\system32\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- c:\windows\system32\dciman32.dll
2012-11-08 04:01:40 3072 ----a-w- c:\windows\system32\lpk.dll
.
============= FINISH: 18:46:29.28 ===============
and

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2012 12:00:12 PM
System Uptime: 2/3/2013 10:18:13 PM (20 hours ago)
.
Motherboard: LENOVO | | JITR1
Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz | U2E1 | 800/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 188 GiB total, 58.485 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 14.455 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ENE0201\3&11583659&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0201\3&11583659&0
Service:
.
Class GUID:
Description:
Device ID: ACPI\CPL0002\3&11583659&0
Manufacturer:
Name:
PNP Device ID: ACPI\CPL0002\3&11583659&0
Service:
.
==== System Restore Points ===================
.
RP14: 1/15/2013 9:22:42 PM - Scheduled Checkpoint
RP15: 1/26/2013 8:34:34 PM - Scheduled Checkpoint
RP16: 2/3/2013 10:44:48 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
BitTorrent
Bonjour
Brosix
Classic Shell
Definition update for Microsoft Office 2010 (KB982726)
Dropbox
Google Chrome
Google Talk Plugin
iTunes
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
PeerGuardian 2.0
Sansa Updater
Spotify
Spybot - Search & Destroy
SpywareBlaster 4.6
.
==== Event Viewer Messages From Past Week ========
.
2/3/2013 10:53:31 PM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
1/28/2013 8:25:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000133 (0x00000001, 0x00000784, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 012813-34164-01.
.
==== End Of File ===========================

[gringo_pr]

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[yjyj4482]

Here is the ADWCleaner Report

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 21:53:14
# Updated 05/02/2013 by Xplode
# Operating system : Windows 8 Pro (32 bits)
# User : Yola - YOLAB
# Boot Mode : Normal
# Running from : C:\Users\Yola\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Yola\AppData\Roaming\Mozilla\Firefox\Profiles\w0oue4fd.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Yola\AppData\Local\Conduit
Folder Deleted : C:\Users\Yola\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225826 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Yola\AppData\Roaming\Mozilla\Firefox\Profiles\w0oue4fd.default\prefs.js

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&q=[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48"[...]
Deleted [l.1856] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48" ]

*************************

AdwCleaner[S1].txt - [2587 octets] - [06/02/2013 21:53:14]

########## EOF - C:\AdwCleaner[S1].txt - [2647 octets] ##########



Here is the RK Report

RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 32 bits version
Started in : Normal mode
User : Yola [Admin rights]
Mode : Remove -- Date : 02/06/2013 22:00:54
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 +++++
--- User ---
[MBR] c0e52910d2fd6042118a19f2248ec75d
[BSP] 5cafccd8003e1a1148e9878e7482b0de : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 192247 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 393723904 | Size: 31118 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 457453568 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02062013_02d2200.txt >>
RKreport[1]_S_02062013_02d2200.txt ; RKreport[2]_D_02062013_02d2200.txt

Thanks!

[gringo_pr]

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

[yjyj4482]

Hi gringo

I couldn't run combofix because I'm running Windows 8 and it said it wasn't compatible with my OS.

The conduit issue on chrome is fixed. Thanks! But I'm still having the craigslist issue on firefox.

[gringo_pr]

Hello

I want you to try this for firefox and give me a quick update to how things are

I want you to reset firefox back to defaults, to do this I need you to do this

• At the top of the Firefox window, click the "Firefox" button,
• go over to the "Help" sub-menu
  
  • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
• Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
• click "Reset Firefox" in the confirmation window that opens.
• Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo

[yjyj4482]

Hi gringo

It's still redirecting when I go to craigslist.org.

[gringo_pr]

it only happens on that one webpage?

[yjyj4482]

Yes...only craigslist.org for some reason.

[gringo_pr]

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
• Please post the contents of OTL.txt in your next reply.

Gringo

[yjyj4482]

Here's OTL.txt

OTL logfile created on: 2/7/2013 10:47:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yola\Downloads
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.91% Memory free
5.96 Gb Paging File | 4.80 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 187.74 Gb Total Space | 57.88 Gb Free Space | 30.83% Space Free | Partition Type: NTFS
Drive D: | 30.39 Gb Total Space | 16.22 Gb Free Space | 53.38% Space Free | Partition Type: NTFS

Computer Name: YOLAB | User Name: Yola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Yola\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Yola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Yola\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
PRC - C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\taskhostex.exe (Microsoft Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dasHost.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ClassicShellService) -- C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TimeBroker) -- C:\Windows\System32\TimeBrokerServer.dll (Microsoft Corporation)
SRV - (SystemEventsBroker) -- C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll (Microsoft Corporation)
SRV - (AudioEndpointBuilder) -- C:\Windows\System32\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (WSService) -- C:\Windows\System32\WSService.dll (Microsoft Corporation)
SRV - (fhsvc) -- C:\Windows\System32\fhsvc.dll (Microsoft Corporation)
SRV - (BrokerInfrastructure) -- C:\Windows\System32\bisrv.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Windows\System32\wlidsvc.dll (Microsoft Corporation)
SRV - (WiaRpc) -- C:\Windows\System32\wiarpc.dll (Microsoft Corporation)
SRV - (Wcmsvc) -- C:\Windows\System32\wcmsvc.dll (Microsoft Corporation)
SRV - (VaultSvc) -- C:\Windows\System32\vaultsvc.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (svsvc) -- C:\Windows\System32\svsvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (netprofm) -- C:\Windows\System32\netprofmsvc.dll (Microsoft Corporation)
SRV - (NcaSvc) -- C:\Windows\System32\NcaSvc.dll (Microsoft Corporation)
SRV - (NcdAutoSetup) -- C:\Windows\System32\NcdAutoSetup.dll (Microsoft Corporation)
SRV - (LSM) -- C:\Windows\System32\lsm.dll (Microsoft Corporation)
SRV - (KeyIso) -- C:\Windows\System32\keyiso.dll (Microsoft Corporation)
SRV - (EFS) -- C:\Windows\System32\efssvc.dll (Microsoft Corporation)
SRV - (DsmSvc) -- C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation)
SRV - (DeviceAssociationService) -- C:\Windows\System32\das.dll (Microsoft Corporation)
SRV - (AllUserInstallAgent) -- C:\Windows\System32\AUInstallAgent.dll (Microsoft Corporation)
SRV - (vmicvss) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmictimesync) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicshutdown) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicrdv) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmickvpexchange) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicheartbeat) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (pdc) -- C:\Windows\System32\Drivers\pdc.sys (Microsoft Corporation)
DRV - (BthAvrcpTg) -- C:\Windows\System32\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV - (bthhfhid) -- C:\Windows\System32\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV - (hidi2c) -- C:\Windows\System32\Drivers\hidi2c.sys (Microsoft Corporation)
DRV - (aswnet) -- C:\Windows\System32\Drivers\aswnet.sys (AVAST Software)
DRV - (USBHUB3) -- C:\Windows\System32\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV - (FxPPM) -- C:\Windows\System32\Drivers\fxppm.sys (Microsoft Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\Drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\Drivers\aswRdr2.sys (AVAST Software)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (dam) -- C:\Windows\System32\Drivers\dam.sys (Microsoft Corporation)
DRV - (sdstor) -- C:\Windows\System32\Drivers\sdstor.sys (Microsoft Corporation)
DRV - (cnghwassist) -- C:\Windows\System32\Drivers\cnghwassist.sys (Microsoft Corporation)
DRV - (USBXHCI) -- C:\Windows\System32\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV - (UCX01000) -- C:\Windows\System32\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV - (GPIOClx0101) -- C:\Windows\System32\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV - (msgpiowin32) -- C:\Windows\System32\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\Drivers\tpm.sys (Microsoft Corporation)
DRV - (condrv) -- C:\Windows\System32\Drivers\condrv.sys (Microsoft Corporation)
DRV - (acpiex) -- C:\Windows\System32\Drivers\acpiex.sys (Microsoft Corporation)
DRV - (LSI_SSS) -- C:\Windows\System32\Drivers\lsi_sss.sys (LSI Corporation)
DRV - (EhStorTcgDrv) -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV - (EhStorClass) -- C:\Windows\System32\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV - (3ware) -- C:\Windows\System32\Drivers\3ware.sys (LSI)
DRV - (VSTXRAID) -- C:\Windows\System32\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV - (VerifierExt) -- C:\Windows\System32\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV - (UASPStor) -- C:\Windows\System32\Drivers\uaspstor.sys (Microsoft Corporation)
DRV - (storahci) -- C:\Windows\System32\Drivers\storahci.sys (Microsoft Corporation)
DRV - (spaceport) -- C:\Windows\System32\Drivers\spaceport.sys (Microsoft Corporation)
DRV - (mvumis) -- C:\Windows\System32\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV - (WFPLWFS) -- C:\Windows\System32\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV - (CLFS) -- C:\Windows\System32\Drivers\clfs.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\Drivers\terminpt.sys (Microsoft Corporation)
DRV - (WdFilter) -- C:\Windows\System32\Drivers\WdFilter.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\Drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\Drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\Drivers\storvsc.sys (Microsoft Corporation)
DRV - (WdBoot) -- C:\Windows\System32\Drivers\WdBoot.sys (Microsoft Corporation)
DRV - (BasicDisplay) -- C:\Windows\System32\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV - (mshidumdf) -- C:\Windows\System32\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV - (HyperVideo) -- C:\Windows\System32\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV - (BasicRender) -- C:\Windows\System32\Drivers\BasicRender.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\Drivers\vms3cap.sys (Microsoft Corporation)
DRV - (npsvctrig) -- C:\Windows\System32\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV - (kdnic) -- C:\Windows\System32\Drivers\kdnic.sys (Microsoft Corporation)
DRV - (acpitime) -- C:\Windows\System32\Drivers\acpitime.sys (Microsoft Corporation)
DRV - (gencounter) -- C:\Windows\System32\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV - (acpipagr) -- C:\Windows\System32\Drivers\acpipagr.sys (Microsoft Corporation)
DRV - (WpdUpFltr) -- C:\Windows\System32\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\Drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (hyperkbd) -- C:\Windows\System32\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV - (SerCx) -- C:\Windows\System32\Drivers\SerCx.sys (Microsoft Corporation)
DRV - (SpbCx) -- C:\Windows\System32\Drivers\SpbCx.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\Drivers\winusb.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (BthHFEnum) -- C:\Windows\System32\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\Drivers\dmvsc.sys (Microsoft Corporation)
DRV - (wpcfltr) -- C:\Windows\System32\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV - (NdisImPlatform) -- C:\Windows\System32\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV - (MsLldp) -- C:\Windows\System32\Drivers\mslldp.sys (Microsoft Corporation)
DRV - (Ndu) -- C:\Windows\System32\Drivers\Ndu.sys (Microsoft Corporation)
DRV - (NETwNs32) -- C:\Windows\System32\Drivers\NETwNs32.sys (Intel Corporation)
DRV - (ACPIVPC) -- C:\Windows\System32\Drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\Drivers\o2media.sys (O2Micro )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rms}&FORM=LENIE


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\SearchScopes\{b167b83b-348e-4f8a-a00d-693f28ede787}: "URL" = http://search.expats...q={searchTerms}
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Yola\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Yola\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yola\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yola\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/03 08:51:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/05 19:37:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/05 19:37:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/28 11:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yola\AppData\Roaming\Mozilla\Extensions
[2013/02/05 19:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/05 19:37:42 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - Extension: BitTorrentControl_v12 = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\
CHR - Extension: avast! WebRep = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2012/07/25 20:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004..\Run: [SansaDispatch] C:\Users\Yola\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004..\Run: [Spotify] C:\Users\Yola\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004..\Run: [Spotify Web Helper] C:\Users\Yola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Yola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Yola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: sonic.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77F39197-1325-45A6-98D6-AC9CA770374E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA5A8F56-099A-4005-B9BB-EB85F538A115}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Yola\Documents\Pictures\Pictures\2009-09-07\later\396.JPG
O24 - Desktop BackupWallPaper: C:\Users\Yola\Documents\Pictures\Pictures\2009-09-07\later\396.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/07 20:32:27 | 000,000,000 | ---D | C] -- C:\Users\Yola\Desktop\Old Firefox Data
[2013/02/05 19:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/04 20:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/02/04 20:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/04 20:32:31 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/02/04 20:32:31 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/04 20:32:31 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/04 20:32:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/04 20:32:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/04 20:32:28 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/04 20:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/26 20:51:17 | 000,000,000 | ---D | C] -- C:\Users\Yola\Desktop\alcatraz
[2013/01/26 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\Yola\Desktop\big island
[2013/01/26 20:36:32 | 000,000,000 | ---D | C] -- C:\Users\Yola\New folder
[2013/01/13 19:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/13 19:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/01/13 19:32:58 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/01/13 19:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/01/13 00:29:27 | 000,000,000 | ---D | C] -- C:\Users\Yola\AppData\Local\Programs
[2013/01/11 19:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/11 19:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/11 19:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/11 19:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/01/11 19:34:50 | 000,695,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/11 19:34:50 | 000,080,728 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2013/02/07 22:17:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3575403344-3258026585-3421331224-1004UA.job
[2013/02/07 22:17:00 | 000,000,864 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3575403344-3258026585-3421331224-1004Core.job
[2013/02/07 21:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/07 20:39:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/07 20:39:11 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\AutoKMS.job
[2013/02/07 20:37:26 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/02/07 20:37:25 | 2543,902,720 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/04 20:32:23 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/04 20:32:18 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/04 20:32:18 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/04 20:32:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/04 20:32:15 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/02/04 20:32:15 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/04 18:42:18 | 000,000,000 | ---- | M] () -- C:\Users\Yola\defogger_reenable
[2013/02/03 22:23:54 | 000,001,045 | ---- | M] () -- C:\Users\Yola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/03 22:23:43 | 000,001,011 | ---- | M] () -- C:\Users\Yola\Desktop\Dropbox.lnk
[2013/02/03 12:03:35 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/03 12:03:34 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2013/02/02 00:26:10 | 000,002,360 | ---- | M] () -- C:\Users\Yola\Desktop\Google Chrome.lnk
[2013/01/28 20:24:43 | 316,276,890 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/01/26 20:38:39 | 000,684,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/26 20:38:39 | 000,124,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/13 19:33:08 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/01/13 00:29:44 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/11 19:49:26 | 000,422,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/11 19:48:00 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2013/02/04 18:42:18 | 000,000,000 | ---- | C] () -- C:\Users\Yola\defogger_reenable
[2013/01/13 19:33:08 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/01/13 19:33:08 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/01/11 19:49:07 | 000,422,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/11 19:48:00 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/24 07:42:07 | 000,000,020 | ---- | C] () -- C:\Users\Yola\AppData\Local\UACBrResultRetrieving.dat
[2012/11/09 20:51:14 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswnet.sys.sum
[2012/11/02 16:08:45 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2012/07/25 22:55:27 | 000,684,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/25 22:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/07/25 22:55:27 | 000,124,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/25 22:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/07/25 22:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/07/25 22:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012/07/25 22:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 17:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012/07/25 17:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012/07/25 12:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 12:25:49 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/07/25 12:25:49 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/07/25 12:25:49 | 000,092,356 | ---- | C] () -- C:\WINDOWS\System32\igfcg500m.bin
[2012/07/25 12:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012/07/13 18:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012/06/02 12:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012/06/02 06:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012/06/02 06:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/11/06 20:52:47 | 001,159,449 | ---- | C] () -- C:\Users\Yola\IMG_1526.JPG
[2011/11/06 20:52:46 | 001,252,878 | ---- | C] () -- C:\Users\Yola\IMG_1525.JPG
[2011/11/06 20:52:46 | 001,212,892 | ---- | C] () -- C:\Users\Yola\IMG_1524.JPG
[2011/11/06 20:52:46 | 001,050,035 | ---- | C] () -- C:\Users\Yola\IMG_1522.JPG
[2011/11/06 20:52:45 | 001,068,974 | ---- | C] () -- C:\Users\Yola\IMG_1520.JPG
[2011/11/06 20:52:45 | 001,017,705 | ---- | C] () -- C:\Users\Yola\IMG_1521.JPG
[2011/11/06 20:52:44 | 001,327,823 | ---- | C] () -- C:\Users\Yola\IMG_1518.JPG
[2011/11/06 20:52:40 | 013,143,626 | ---- | C] () -- C:\Users\Yola\IMG_1528.MOV
[2011/11/06 20:52:40 | 001,072,145 | ---- | C] () -- C:\Users\Yola\IMG_1527.JPG
[2011/11/06 20:25:18 | 002,775,270 | ---- | C] () -- C:\Users\Yola\DSCN0923.JPG
[2011/11/06 20:25:18 | 002,754,098 | ---- | C] () -- C:\Users\Yola\DSCN0919.JPG
[2011/11/06 20:25:18 | 002,692,239 | ---- | C] () -- C:\Users\Yola\DSCN0921.JPG
[2011/11/06 20:25:18 | 002,691,058 | ---- | C] () -- C:\Users\Yola\DSCN0922.JPG
[2011/11/06 20:25:18 | 002,637,254 | ---- | C] () -- C:\Users\Yola\DSCN0918.JPG
[2011/11/06 20:25:18 | 002,606,758 | ---- | C] () -- C:\Users\Yola\DSCN0915.JPG
[2011/11/06 20:25:18 | 002,485,456 | ---- | C] () -- C:\Users\Yola\DSCN0916.JPG
[2011/11/06 20:25:18 | 002,462,878 | ---- | C] () -- C:\Users\Yola\DSCN0924.JPG
[2011/11/06 20:25:18 | 002,425,813 | ---- | C] () -- C:\Users\Yola\DSCN0914.JPG
[2011/11/06 20:25:18 | 000,475,007 | ---- | C] () -- C:\Users\Yola\DSCN09200.JPG
[2011/11/06 20:25:17 | 002,780,392 | ---- | C] () -- C:\Users\Yola\DSCN0913.JPG
[2011/11/06 20:17:39 | 002,580,178 | ---- | C] () -- C:\Users\Yola\DSCN0920.JPG
[2011/05/30 10:32:37 | 000,003,994 | ---- | C] () -- C:\Users\Yola\.recently-used.xbel
[2011/04/15 22:07:19 | 000,043,593 | ---- | C] () -- C:\Users\Yola\submitRetro.do.htm
[2011/02/15 15:48:28 | 008,225,992 | ---- | C] () -- C:\Users\Yola\06 - Angels Cry.mp3
[2011/02/15 15:48:28 | 005,682,373 | ---- | C] () -- C:\Users\Yola\04 - In My Head.mp3
[2010/12/02 21:13:07 | 000,000,117 | ---- | C] () -- C:\Users\Yola\jagex_runescape_preferences2.dat
[2010/05/09 13:12:27 | 067,804,229 | ---- | C] () -- C:\Users\Yola\tassies eating.MOV
[2010/05/09 13:10:50 | 090,756,275 | ---- | C] () -- C:\Users\Yola\seals arch.MOV
[2010/05/09 13:10:45 | 091,964,148 | ---- | C] () -- C:\Users\Yola\seals national park.MOV
[2009/11/19 20:17:54 | 000,024,312 | ---- | C] () -- C:\Users\Yola\Microsoft Office Professional Plus 2010 Beta Product Key.htm
[2008/12/14 18:27:30 | 000,000,034 | ---- | C] () -- C:\Users\Yola\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 20:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 19:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/25 19:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Yola\seals national park.MOV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yola\seals arch.MOV:TOC.WMV
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Thanks

[gringo_pr]

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the text box.
  

  :OTL
  IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
  FF - user.js - File not found
  FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [PURITY]
  [emptyjava]
  [EMPTYFLASH]
  [reboot]
  

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
  
  Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles
  
  It will be named - mmddyyyy_hhmmss.log
  
  Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo

[yjyj4482]

Here is the text

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3575403344-3258026585-3421331224-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Yola\Downloads\cmd.bat deleted successfully.
C:\Users\Yola\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Yola
->Java cache emptied: 2642282 bytes

Total Java Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Yola
->Flash cache emptied: 1296 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02092013_182042

Craigslist.org is still redirecting to other sites.

Thanks