Author Topic: [InActive K] Redirects (gimmeanswers, happli, and more)  (Read 4705 times)

0 Members and 1 Guest are viewing this topic.

Offline monkeeluv6

  • Bronze Member
  • Posts: 33
[InActive K] Redirects (gimmeanswers, happli, and more)
« on: February 27, 2012, 04:26:08 pm »
Hello,

I’m encountering redirect errors in Mozilla Firefox, running via Windows XP. I get redirected to Happili.com, yp.com, gimmeanswers.com, zipcode.com, among others. MBam didn’t catch it so I defer to you!

As requested, here are my 2 DDS Logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_05
Run by Laura Maggio at 17:11:32 on 2012-02-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.89 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Lock\ILSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\windows\ffpext\ffpsrv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\024h Lucky Reminder\LuckyReminder.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\MOONTOOL.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://icanhascheezburger.com/tag/caption/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = <local>
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: BHO Class: {b0d3d090-ce97-4e3e-a388-cfd55b1f5e63} - c:\program files\tvharmony\IEdler.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Ywabafuj] rundll32.exe  "c:\windows\Wizrv232.dll",Startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [024h Lucky Reminder] "c:\program files\024h lucky reminder\LuckyReminder.exe" /m
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [FFPSRV] c:\windows\ffpext\ffpsrv.exe
mRun: [Srajoj] rundll32.exe "c:\windows\ehiyorad.dll",Startup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\documents and settings\laura maggio\start menu\programs\startup\DesktopComic.exe
StartupFolder: c:\docume~1\lauram~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\MOONTOOL.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112676557640
DPF: {7C9C5968-FA32-4724-AA58-7BF98B40005D} - hxxps://secure.riosalado.edu/riowebapps/techcheck/SystemRequirements.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{1BC1E3EA-2622-4C24-8264-1BBD4EE88193} : DhcpNameServer = 192.168.10.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laura maggio\application data\mozilla\firefox\profiles\8oieqvkh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.salemweb.com/|http://www.pamsp.com/|https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=2&siteState=ver%3a3%7crt%3aSTANDARD%7cac%3aWS%7cat%3aSNS%7cld%3awebmail.aol.com%7cuv%3aAOL%7clc%3aen-us%7cmt%3aAOL%7csnt%3aScreenName&offerId=webmail-en-us&seamless=novl|http://www.beethoven.com/|http://yearof52adventures.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwinamp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {5D81FADA-AE2D-4226-BF1C-5C61F6F2EE03} - c:\documents and settings\laura maggio\local settings\application data\{5D81FADA-AE2D-4226-BF1C-5C61F6F2EE03}
FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Advertising Cookie Opt-out: optout@google.com - %profile%\extensions\optout@google.com
.
============= SERVICES / DRIVERS ===============
.
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2009-3-14 13440]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 337112]
R1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [2007-11-28 47854]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-20 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-20 44768]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\InetLock.sys [2009-5-29 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\internet lock\ILSvc.exe [2009-7-13 143360]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]
R2 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2005-7-12 636416]
S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;c:\windows\system32\drivers\PTHDRBUS.sys [2012-1-16 55056]
S3 PTHDRMDM;PANTECH HSUSB Modem;c:\windows\system32\drivers\PTHDRMDM.sys [2012-1-16 160784]
S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;c:\windows\system32\drivers\PTHDRVSP.sys [2012-1-16 160784]
S4 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2010-5-17 1104656]
.
=============== Created Last 30 ================
.
2012-01-31 01:03:45   40960   ----a-r-   c:\documents and settings\laura maggio\application data\microsoft\installer\{6a255918-b37a-4b0e-a567-4f4d261e741b}\NewShortcut11_6A255918B37A4B0EA5674F4D261E741B.exe
2012-01-31 01:03:45   40960   ----a-r-   c:\documents and settings\laura maggio\application data\microsoft\installer\{6a255918-b37a-4b0e-a567-4f4d261e741b}\NewShortcut1_6A255918B37A4B0EA5674F4D261E741B.exe
2012-01-31 01:03:42   40960   ----a-r-   c:\documents and settings\laura maggio\application data\microsoft\installer\{6a255918-b37a-4b0e-a567-4f4d261e741b}\ARPPRODUCTICON.exe
.
==================== Find3M  ====================
.
2012-02-24 20:03:21   17659   ----a-w-   c:\windows\system32\drivers\InetLock.sys
2012-02-23 16:23:26   41184   ----a-w-   c:\windows\avastSS.scr
2012-02-23 16:12:28   610648   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-02-21 14:40:04   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24:06   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-18 21:22:12   47188480   ----a-w-   c:\program files\VisualThesaurus_3_0_3_windows.exe
2010-08-10 17:04:38   1008936   ----a-w-   c:\program files\AmazonMP3Installer.exe
2005-07-13 00:50:44   3535577   ----a-w-   c:\program files\che-ez1000.exe
2005-07-13 00:28:45   2314920   ----a-w-   c:\program files\LimeWireWin.exe
2005-04-05 04:46:30   4826536   ----a-w-   c:\program files\Firefox Setup 1.0.2.exe
1999-04-16 21:02:58   450048   ------w-   c:\program files\YDKJ Offline.exe
1999-03-27 06:16:56   805376   ------w-   c:\program files\JackLaunch.exe
1999-03-17 00:03:02   92672   ----a-w-   c:\program files\MOONTOOL.EXE
.
============= FINISH: 17:18:14.50 ===============





.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_05
Run by Laura Maggio at 17:11:32 on 2012-02-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.89 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Lock\ILSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\windows\ffpext\ffpsrv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\024h Lucky Reminder\LuckyReminder.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\MOONTOOL.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://icanhascheezburger.com/tag/caption/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = <local>
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: BHO Class: {b0d3d090-ce97-4e3e-a388-cfd55b1f5e63} - c:\program files\tvharmony\IEdler.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Ywabafuj] rundll32.exe  "c:\windows\Wizrv232.dll",Startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [024h Lucky Reminder] "c:\program files\024h lucky reminder\LuckyReminder.exe" /m
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [FFPSRV] c:\windows\ffpext\ffpsrv.exe
mRun: [Srajoj] rundll32.exe "c:\windows\ehiyorad.dll",Startup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\documents and settings\laura maggio\start menu\programs\startup\DesktopComic.exe
StartupFolder: c:\docume~1\lauram~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\MOONTOOL.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112676557640
DPF: {7C9C5968-FA32-4724-AA58-7BF98B40005D} - hxxps://secure.riosalado.edu/riowebapps/techcheck/SystemRequirements.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{1BC1E3EA-2622-4C24-8264-1BBD4EE88193} : DhcpNameServer = 192.168.10.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laura maggio\application data\mozilla\firefox\profiles\8oieqvkh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.salemweb.com/|http://www.pamsp.com/|https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=2&siteState=ver%3a3%7crt%3aSTANDARD%7cac%3aWS%7cat%3aSNS%7cld%3awebmail.aol.com%7cuv%3aAOL%7clc%3aen-us%7cmt%3aAOL%7csnt%3aScreenName&offerId=webmail-en-us&seamless=novl|http://www.beethoven.com/|http://yearof52adventures.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwinamp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {5D81FADA-AE2D-4226-BF1C-5C61F6F2EE03} - c:\documents and settings\laura maggio\local settings\application data\{5D81FADA-AE2D-4226-BF1C-5C61F6F2EE03}
FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Advertising Cookie Opt-out: optout@google.com - %profile%\extensions\optout@google.com
.
============= SERVICES / DRIVERS ===============
.
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2009-3-14 13440]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 337112]
R1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [2007-11-28 47854]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-20 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-20 44768]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\InetLock.sys [2009-5-29 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\internet lock\ILSvc.exe [2009-7-13 143360]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]
R2 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2005-7-12 636416]
S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;c:\windows\system32\drivers\PTHDRBUS.sys [2012-1-16 55056]
S3 PTHDRMDM;PANTECH HSUSB Modem;c:\windows\system32\drivers\PTHDRMDM.sys [2012-1-16 160784]
S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;c:\windows\system32\drivers\PTHDRVSP.sys [2012-1-16 160784]
S4 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2010-5-17 1104656]
.
=============== Created Last 30 ================
.
2012-01-31 01:03:45   40960   ----a-r-   c:\documents and settings\laura maggio\application data\microsoft\installer\{6a255918-b37a-4b0e-a567-4f4d261e741b}\NewShortcut11_6A255918B37A4B0EA5674F4D261E741B.exe
2012-01-31 01:03:45   40960   ----a-r-   c:\documents and settings\laura maggio\application data\microsoft\installer\{6a255918-b37a-4b0e-a567-4f4d261e741b}\NewShortcut1_6A255918B37A4B0EA5674F4D261E741B.exe
2012-01-31 01:03:42   40960   ----a-r-   c:\documents and settings\laura maggio\application data\microsoft\installer\{6a255918-b37a-4b0e-a567-4f4d261e741b}\ARPPRODUCTICON.exe
.
==================== Find3M  ====================
.
2012-02-24 20:03:21   17659   ----a-w-   c:\windows\system32\drivers\InetLock.sys
2012-02-23 16:23:26   41184   ----a-w-   c:\windows\avastSS.scr
2012-02-23 16:12:28   610648   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-02-21 14:40:04   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24:06   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-18 21:22:12   47188480   ----a-w-   c:\program files\VisualThesaurus_3_0_3_windows.exe
2010-08-10 17:04:38   1008936   ----a-w-   c:\program files\AmazonMP3Installer.exe
2005-07-13 00:50:44   3535577   ----a-w-   c:\program files\che-ez1000.exe
2005-07-13 00:28:45   2314920   ----a-w-   c:\program files\LimeWireWin.exe
2005-04-05 04:46:30   4826536   ----a-w-   c:\program files\Firefox Setup 1.0.2.exe
1999-04-16 21:02:58   450048   ------w-   c:\program files\YDKJ Offline.exe
1999-03-27 06:16:56   805376   ------w-   c:\program files\JackLaunch.exe
1999-03-17 00:03:02   92672   ----a-w-   c:\program files\MOONTOOL.EXE
.
============= FINISH: 17:18:14.50 ===============

« Last Edit: March 30, 2012, 02:27:48 pm by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #1 on: February 27, 2012, 04:35:45 pm »
Hello monkeeluv6 and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

OK, proceed as follows:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.

  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

  • Instructions for running Combofix available Here if required.

  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Also you did not post the Attach.txt file from the DDS scan, can you let me see that also...

Kevin


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #2 on: March 02, 2012, 12:21:51 pm »
Still with us monkeeluv6?

Offline monkeeluv6

  • Bronze Member
  • Posts: 33
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #3 on: March 02, 2012, 01:03:42 pm »
Hi Kevin,

I'm so sorry, I've run into some problems.

Combofix doesn't seem to be producing a combofix.txt log for me. I've checked at "C:\ComboFix.txt" and I've checked on the desktop just in case. I've even ran a windowsearch for 'combofix' and nada.

I installed the application properly. It seems to run, the progress bar gets to the end, then the program shuts down, but no log. What am I doing wrong? (I've run this program in successfully in previous years. Before I ran it this time, I did delete the old version, deleted the old "combofix.txt" log" and downloaded from the link provided.)

Also, I thought I posted Attach.txt from my DDs--but I didn't label it properly. Here it is below.



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/4/2005 11:33:42 PM
System Uptime: 2/24/2012 3:03:59 PM (74 hours ago)
.
Motherboard: Dell Computer Corporation |  | Dimension 8200               
Processor:               Intel(R) Pentium(R) 4 CPU 2.53GHz | Microprocessor | 2519/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 17.612 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 8 GiB total, 1.626 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1594: 11/29/2011 4:05:47 PM - System Checkpoint
RP1595: 12/1/2011 12:12:05 AM - System Checkpoint
RP1596: 12/2/2011 12:38:34 AM - System Checkpoint
RP1597: 12/3/2011 1:03:17 AM - System Checkpoint
RP1598: 12/4/2011 2:03:13 AM - System Checkpoint
RP1599: 12/5/2011 3:03:17 AM - System Checkpoint
RP1600: 12/6/2011 10:30:04 AM - System Checkpoint
RP1601: 12/7/2011 11:38:36 AM - System Checkpoint
RP1602: 12/8/2011 1:52:40 PM - System Checkpoint
RP1603: 12/9/2011 2:09:55 PM - System Checkpoint
RP1604: 12/11/2011 12:35:34 AM - System Checkpoint
RP1605: 12/12/2011 1:14:18 AM - System Checkpoint
RP1606: 12/13/2011 1:39:58 AM - System Checkpoint
RP1607: 12/14/2011 2:03:20 AM - System Checkpoint
RP1608: 12/15/2011 10:20:19 AM - System Checkpoint
RP1609: 12/16/2011 11:05:32 AM - System Checkpoint
RP1610: 12/17/2011 1:14:05 PM - System Checkpoint
RP1611: 12/18/2011 2:43:03 PM - System Checkpoint
RP1612: 12/19/2011 2:46:44 PM - System Checkpoint
RP1613: 12/20/2011 4:54:30 PM - System Checkpoint
RP1614: 12/21/2011 5:41:37 PM - System Checkpoint
RP1615: 12/22/2011 11:21:32 PM - System Checkpoint
RP1616: 12/24/2011 12:36:50 AM - System Checkpoint
RP1617: 12/29/2011 1:08:39 AM - System Checkpoint
RP1618: 12/30/2011 1:21:59 AM - System Checkpoint
RP1619: 12/31/2011 2:22:33 AM - System Checkpoint
RP1620: 1/8/2012 12:27:32 AM - System Checkpoint
RP1621: 1/9/2012 12:32:29 AM - System Checkpoint
RP1622: 1/10/2012 11:16:28 AM - System Checkpoint
RP1623: 1/11/2012 11:50:54 AM - System Checkpoint
RP1624: 1/12/2012 12:05:02 PM - System Checkpoint
RP1625: 1/13/2012 4:10:27 PM - System Checkpoint
RP1626: 1/14/2012 4:25:29 PM - System Checkpoint
RP1627: 1/15/2012 4:50:45 PM - System Checkpoint
RP1628: 1/16/2012 1:00:04 PM - Removed Pantech PCSuite
RP1629: 1/16/2012 1:11:30 PM - Installed Pantech PCSuite
RP1630: 1/17/2012 1:40:32 PM - System Checkpoint
RP1631: 1/18/2012 2:41:37 PM - System Checkpoint
RP1632: 1/19/2012 3:40:36 PM - System Checkpoint
RP1633: 1/20/2012 5:24:26 PM - System Checkpoint
RP1634: 1/21/2012 5:50:21 PM - System Checkpoint
RP1635: 1/22/2012 6:30:47 PM - System Checkpoint
RP1636: 1/23/2012 11:22:27 PM - System Checkpoint
RP1637: 1/24/2012 11:40:37 PM - System Checkpoint
RP1638: 1/26/2012 1:52:48 AM - System Checkpoint
RP1639: 1/27/2012 2:40:42 AM - System Checkpoint
RP1640: 1/28/2012 3:55:59 PM - System Checkpoint
RP1641: 1/29/2012 4:11:10 PM - System Checkpoint
RP1642: 1/30/2012 5:16:31 PM - System Checkpoint
RP1643: 1/30/2012 8:02:27 PM - Installed REA's TESTware for CLEP American Literature
RP1644: 2/1/2012 12:10:48 AM - System Checkpoint
RP1645: 2/2/2012 11:02:59 AM - System Checkpoint
RP1646: 2/3/2012 4:20:15 PM - System Checkpoint
RP1647: 2/4/2012 6:35:55 PM - System Checkpoint
RP1648: 2/5/2012 7:08:35 PM - System Checkpoint
RP1649: 2/6/2012 8:10:00 PM - System Checkpoint
RP1650: 2/7/2012 10:23:03 PM - System Checkpoint
RP1651: 2/8/2012 11:05:37 PM - System Checkpoint
RP1652: 2/9/2012 11:10:29 PM - System Checkpoint
RP1653: 2/11/2012 12:04:57 AM - System Checkpoint
RP1654: 2/12/2012 12:57:40 AM - System Checkpoint
RP1655: 2/13/2012 1:45:39 AM - System Checkpoint
RP1656: 2/14/2012 2:32:19 AM - System Checkpoint
RP1657: 2/15/2012 2:53:52 PM - System Checkpoint
RP1658: 2/16/2012 4:13:00 PM - System Checkpoint
RP1659: 2/17/2012 5:04:02 PM - System Checkpoint
RP1660: 2/18/2012 5:34:51 PM - System Checkpoint
RP1661: 2/19/2012 7:04:53 PM - System Checkpoint
RP1662: 2/20/2012 7:09:17 PM - System Checkpoint
RP1663: 2/21/2012 7:41:03 PM - System Checkpoint
RP1664: 2/22/2012 7:50:03 PM - System Checkpoint
RP1665: 2/23/2012 8:41:14 PM - System Checkpoint
RP1666: 2/24/2012 1:03:35 PM - Installed Sansa m2xx Player Firmware Upgrade
RP1667: 2/25/2012 1:16:41 PM - System Checkpoint
RP1668: 2/26/2012 1:28:11 PM - System Checkpoint
RP1669: 2/27/2012 2:54:43 PM - System Checkpoint
.
==== Installed Programs ======================
.
024h Lucky Reminder v1.83
Address Book
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe PhotoDeluxe 1.0
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
AoA DVD Ripper
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ATI Control Panel
ATI Decoder
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center
ATI Multimedia Center 9.01
ATI Remote Wonder 2.3
ATIRW2
Avanquest update
avast! Free Antivirus
AxCrypt (Remove Only)
Belkin F5D8053 N Wireless USB Adapter
Bink and Smacker
Blaze Media Pro
blog2blog
Bonjour
Che ez
Compatibility Pack for the 2007 Office system
Compiled Driver Disk (Pantech/Sky) 0.99
DAO
Dell ResourceCD
DexCom DM3 11.0.0.22
Disc2Phone
Easy CD Creator 5 Basic
eBook: English Language, Literature, and Composition Content Knowledge Practice Test
ePrompter
File and Folder Protector v2.9
Free FLV Converter V 6.96.0
Free Night Halloween Screensaver 1.0
Free Window Registry Repair
Fx Audio Editor
Garfield Desktop Comic
Google Gmail Notifier
Grammarly Add-In
HijackThis 2.0.2
Holiday Lights 5.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD/DVD2 for OLYMPUS
Inkscape 0.47
Internet Lock 5.3
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 5
jZip
Lexmark Z600 Series
LimeWire 5.5.7
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 4.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MOBILedit! Support Libraries
MOBILedit! ver. 5.5.0.1148
Mozilla Firefox (3.6.27)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPhoneExplorer
NIOC Service
NOOKstudy
NoteBurner 2.25
NT Email Notifier
OLYMPUS Master
PANTECH Handset USB Driver
PANTECH Handset USB Driver V2
Pantech PCSuite
PDF Ripper 2.01
Picasa 3
POP Peeper
PowerDVD
PST Walker Evaluation 4.33
QuickTime
QuickTime 3.0
REA's TESTware for CLEP American Literature
REA's TESTware for Praxis English Assessments
RealPlayer
Registry Cleaner 2.1
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif PhotoPlus 6.0
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Snow Day v122707 Screen Saver
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite 4.010.00
Spelling Dictionaries For Adobe Reader Package
Stamps.com
SysTools PSTUPGRADE
TaxCut Deluxe 2005
Teach Yourself to Sing
TimeLeft
TimeRanger 1.6
TiVo Desktop 2.8.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
Video Edit Magic 4.4
VideoSpirit Pro 1.74
Visual Thesaurus 3.0.3
WeatherBug
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinZip 15.0
WZCBDL Service
Xvid 1.1.3 final uninstall
YOU DON'T KNOW JACK Offline
YouTube Downloader 2.7.2
.
==== Event Viewer Messages From Past Week ========
.
2/27/2012 3:44:54 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2/25/2012 11:33:36 AM, error: Dhcp [1002]  - The IP address lease 192.168.10.103 for the Network Card with network address 0022758EA566 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
2/24/2012 2:41:37 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
2/21/2012 9:38:21 AM, error: Dhcp [1002]  - The IP address lease 192.168.10.104 for the Network Card with network address 0022758EA566 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


Offline monkeeluv6

  • Bronze Member
  • Posts: 33
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #4 on: March 02, 2012, 01:18:52 pm »
Also, when Combofix is running, it looks nothing like the screenshots found at:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #5 on: March 02, 2012, 01:52:14 pm »
Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2 
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Ywabafuj"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Srajoj"=-
:Services
Ywabafuj
Srajoj
:Files
ipconfig /flushdns /c
c:\windows\Wizrv232.dll
c:\windows\ehiyorad.dll
:Commands
[EmptyTemp]
[Reboot]
 
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Re-run DDS and post fresh set of logs....

Kevin

Offline monkeeluv6

  • Bronze Member
  • Posts: 33
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #6 on: March 02, 2012, 02:42:31 pm »
Thanks for the reply, Kevin.

OTM shuts itself down quickly after I start the application. AFter a few tries, I got as far as copying the code and clicking "Move it" and right after, the application closed itself.

What on earth is going on?

Side note: I did notice that there were two ".dll" files mentioned in the code you provided. I get a Windows warning about these two .dll everytime I boot up--I have yet to successfully fix that problem although I tried many times.

How should I proceed?

 

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #7 on: March 02, 2012, 02:50:25 pm »
Boot into safe mode and run OTM from there....

Re-boot and continuously tap the F8 key until you see the Advanced Windows Menu, from the options  select Safe Mode.

When you have a stable Desktop run OTM again....

Kevin

Offline monkeeluv6

  • Bronze Member
  • Posts: 33
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #8 on: March 02, 2012, 05:23:39 pm »
Great! I think it worked!

Here are my two DDS logs

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_05
Run by Laura Maggio at 16:50:34 on 2012-03-02
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.228 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Lock\ILSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\windows\ffpext\ffpsrv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\WINDOWS\System32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://icanhascheezburger.com/tag/caption/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = <local>
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: BHO Class: {b0d3d090-ce97-4e3e-a388-cfd55b1f5e63} - c:\program files\tvharmony\IEdler.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [024h Lucky Reminder] "c:\program files\024h lucky reminder\LuckyReminder.exe" /m
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [FFPSRV] c:\windows\ffpext\ffpsrv.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\documents and settings\laura maggio\start menu\programs\startup\DesktopComic.exe
StartupFolder: c:\docume~1\lauram~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\MOONTOOL.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112676557640
DPF: {7C9C5968-FA32-4724-AA58-7BF98B40005D} - hxxps://secure.riosalado.edu/riowebapps/techcheck/SystemRequirements.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{1BC1E3EA-2622-4C24-8264-1BBD4EE88193} : DhcpNameServer = 192.168.10.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laura maggio\application data\mozilla\firefox\profiles\8oieqvkh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.salemweb.com/|http://www.pamsp.com/|https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=2&siteState=ver%3a3%7crt%3aSTANDARD%7cac%3aWS%7cat%3aSNS%7cld%3awebmail.aol.com%7cuv%3aAOL%7clc%3aen-us%7cmt%3aAOL%7csnt%3aScreenName&offerId=webmail-en-us&seamless=novl|http://www.beethoven.com/|http://yearof52adventures.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwinamp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {5D81FADA-AE2D-4226-BF1C-5C61F6F2EE03} - c:\documents and settings\laura maggio\local settings\application data\{5D81FADA-AE2D-4226-BF1C-5C61F6F2EE03}
FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Advertising Cookie Opt-out: optout@google.com - %profile%\extensions\optout@google.com
.
============= SERVICES / DRIVERS ===============
.
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2009-3-14 13440]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 337112]
R1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [2007-11-28 47854]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-20 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-20 44768]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\InetLock.sys [2009-5-29 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\internet lock\ILSvc.exe [2009-7-13 143360]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]
R2 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2005-7-12 636416]
S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;c:\windows\system32\drivers\PTHDRBUS.sys [2012-1-16 55056]
S3 PTHDRMDM;PANTECH HSUSB Modem;c:\windows\system32\drivers\PTHDRMDM.sys [2012-1-16 160784]
S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;c:\windows\system32\drivers\PTHDRVSP.sys [2012-1-16 160784]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S4 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2010-5-17 1104656]
.
=============== Created Last 30 ================
.
2012-03-02 21:14:41   --------   d-----w-   C:\_OTM
.
==================== Find3M  ====================
.
2012-03-02 21:06:34   17659   ----a-w-   c:\windows\system32\drivers\InetLock.sys
2012-02-23 16:23:26   41184   ----a-w-   c:\windows\avastSS.scr
2012-02-23 16:12:28   610648   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-02-21 14:40:04   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24:06   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-18 21:22:12   47188480   ----a-w-   c:\program files\VisualThesaurus_3_0_3_windows.exe
2010-08-10 17:04:38   1008936   ----a-w-   c:\program files\AmazonMP3Installer.exe
2005-07-13 00:50:44   3535577   ----a-w-   c:\program files\che-ez1000.exe
2005-07-13 00:28:45   2314920   ----a-w-   c:\program files\LimeWireWin.exe
2005-04-05 04:46:30   4826536   ----a-w-   c:\program files\Firefox Setup 1.0.2.exe
1999-04-16 21:02:58   450048   ------w-   c:\program files\YDKJ Offline.exe
1999-03-27 06:16:56   805376   ------w-   c:\program files\JackLaunch.exe
1999-03-17 00:03:02   92672   ----a-w-   c:\program files\MOONTOOL.EXE
.
============= FINISH: 16:54:56.79 ===============















ATTACH


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/4/2005 11:33:42 PM
System Uptime: 3/2/2012 5:04:51 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation |  | Dimension 8200               
Processor:               Intel(R) Pentium(R) 4 CPU 2.53GHz | Microprocessor | 2519/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 24.636 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 8 GiB total, 1.628 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1598: 12/4/2011 2:03:13 AM - System Checkpoint
RP1599: 12/5/2011 3:03:17 AM - System Checkpoint
RP1600: 12/6/2011 10:30:04 AM - System Checkpoint
RP1601: 12/7/2011 11:38:36 AM - System Checkpoint
RP1602: 12/8/2011 1:52:40 PM - System Checkpoint
RP1603: 12/9/2011 2:09:55 PM - System Checkpoint
RP1604: 12/11/2011 12:35:34 AM - System Checkpoint
RP1605: 12/12/2011 1:14:18 AM - System Checkpoint
RP1606: 12/13/2011 1:39:58 AM - System Checkpoint
RP1607: 12/14/2011 2:03:20 AM - System Checkpoint
RP1608: 12/15/2011 10:20:19 AM - System Checkpoint
RP1609: 12/16/2011 11:05:32 AM - System Checkpoint
RP1610: 12/17/2011 1:14:05 PM - System Checkpoint
RP1611: 12/18/2011 2:43:03 PM - System Checkpoint
RP1612: 12/19/2011 2:46:44 PM - System Checkpoint
RP1613: 12/20/2011 4:54:30 PM - System Checkpoint
RP1614: 12/21/2011 5:41:37 PM - System Checkpoint
RP1615: 12/22/2011 11:21:32 PM - System Checkpoint
RP1616: 12/24/2011 12:36:50 AM - System Checkpoint
RP1617: 12/29/2011 1:08:39 AM - System Checkpoint
RP1618: 12/30/2011 1:21:59 AM - System Checkpoint
RP1619: 12/31/2011 2:22:33 AM - System Checkpoint
RP1620: 1/8/2012 12:27:32 AM - System Checkpoint
RP1621: 1/9/2012 12:32:29 AM - System Checkpoint
RP1622: 1/10/2012 11:16:28 AM - System Checkpoint
RP1623: 1/11/2012 11:50:54 AM - System Checkpoint
RP1624: 1/12/2012 12:05:02 PM - System Checkpoint
RP1625: 1/13/2012 4:10:27 PM - System Checkpoint
RP1626: 1/14/2012 4:25:29 PM - System Checkpoint
RP1627: 1/15/2012 4:50:45 PM - System Checkpoint
RP1628: 1/16/2012 1:00:04 PM - Removed Pantech PCSuite
RP1629: 1/16/2012 1:11:30 PM - Installed Pantech PCSuite
RP1630: 1/17/2012 1:40:32 PM - System Checkpoint
RP1631: 1/18/2012 2:41:37 PM - System Checkpoint
RP1632: 1/19/2012 3:40:36 PM - System Checkpoint
RP1633: 1/20/2012 5:24:26 PM - System Checkpoint
RP1634: 1/21/2012 5:50:21 PM - System Checkpoint
RP1635: 1/22/2012 6:30:47 PM - System Checkpoint
RP1636: 1/23/2012 11:22:27 PM - System Checkpoint
RP1637: 1/24/2012 11:40:37 PM - System Checkpoint
RP1638: 1/26/2012 1:52:48 AM - System Checkpoint
RP1639: 1/27/2012 2:40:42 AM - System Checkpoint
RP1640: 1/28/2012 3:55:59 PM - System Checkpoint
RP1641: 1/29/2012 4:11:10 PM - System Checkpoint
RP1642: 1/30/2012 5:16:31 PM - System Checkpoint
RP1643: 1/30/2012 8:02:27 PM - Installed REA's TESTware for CLEP American Literature
RP1644: 2/1/2012 12:10:48 AM - System Checkpoint
RP1645: 2/2/2012 11:02:59 AM - System Checkpoint
RP1646: 2/3/2012 4:20:15 PM - System Checkpoint
RP1647: 2/4/2012 6:35:55 PM - System Checkpoint
RP1648: 2/5/2012 7:08:35 PM - System Checkpoint
RP1649: 2/6/2012 8:10:00 PM - System Checkpoint
RP1650: 2/7/2012 10:23:03 PM - System Checkpoint
RP1651: 2/8/2012 11:05:37 PM - System Checkpoint
RP1652: 2/9/2012 11:10:29 PM - System Checkpoint
RP1653: 2/11/2012 12:04:57 AM - System Checkpoint
RP1654: 2/12/2012 12:57:40 AM - System Checkpoint
RP1655: 2/13/2012 1:45:39 AM - System Checkpoint
RP1656: 2/14/2012 2:32:19 AM - System Checkpoint
RP1657: 2/15/2012 2:53:52 PM - System Checkpoint
RP1658: 2/16/2012 4:13:00 PM - System Checkpoint
RP1659: 2/17/2012 5:04:02 PM - System Checkpoint
RP1660: 2/18/2012 5:34:51 PM - System Checkpoint
RP1661: 2/19/2012 7:04:53 PM - System Checkpoint
RP1662: 2/20/2012 7:09:17 PM - System Checkpoint
RP1663: 2/21/2012 7:41:03 PM - System Checkpoint
RP1664: 2/22/2012 7:50:03 PM - System Checkpoint
RP1665: 2/23/2012 8:41:14 PM - System Checkpoint
RP1666: 2/24/2012 1:03:35 PM - Installed Sansa m2xx Player Firmware Upgrade
RP1667: 2/25/2012 1:16:41 PM - System Checkpoint
RP1668: 2/26/2012 1:28:11 PM - System Checkpoint
RP1669: 2/27/2012 2:54:43 PM - System Checkpoint
RP1670: 2/28/2012 4:02:52 PM - System Checkpoint
RP1671: 2/29/2012 10:12:45 PM - System Checkpoint
RP1672: 3/1/2012 10:52:17 PM - System Checkpoint
.
==== Installed Programs ======================
.
024h Lucky Reminder v1.83
Address Book
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe PhotoDeluxe 1.0
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
AoA DVD Ripper
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ATI Control Panel
ATI Decoder
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center
ATI Multimedia Center 9.01
ATI Remote Wonder 2.3
ATIRW2
Avanquest update
avast! Free Antivirus
AxCrypt (Remove Only)
Belkin F5D8053 N Wireless USB Adapter
Bink and Smacker
Blaze Media Pro
blog2blog
Bonjour
Che ez
Compatibility Pack for the 2007 Office system
Compiled Driver Disk (Pantech/Sky) 0.99
DAO
Dell ResourceCD
DexCom DM3 11.0.0.22
Disc2Phone
Easy CD Creator 5 Basic
eBook: English Language, Literature, and Composition Content Knowledge Practice Test
ePrompter
File and Folder Protector v2.9
Free FLV Converter V 6.96.0
Free Night Halloween Screensaver 1.0
Free Window Registry Repair
Fx Audio Editor
Garfield Desktop Comic
Google Gmail Notifier
Grammarly Add-In
HijackThis 2.0.2
Holiday Lights 5.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD/DVD2 for OLYMPUS
Inkscape 0.47
Internet Lock 5.3
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 5
jZip
Lexmark Z600 Series
LimeWire 5.5.7
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 4.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MOBILedit! Support Libraries
MOBILedit! ver. 5.5.0.1148
Mozilla Firefox (3.6.27)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPhoneExplorer
NIOC Service
NOOKstudy
NoteBurner 2.25
NT Email Notifier
OLYMPUS Master
PANTECH Handset USB Driver
PANTECH Handset USB Driver V2
Pantech PCSuite
PDF Ripper 2.01
Picasa 3
POP Peeper
PowerDVD
PST Walker Evaluation 4.33
QuickTime
QuickTime 3.0
REA's TESTware for CLEP American Literature
REA's TESTware for Praxis English Assessments
RealPlayer
Registry Cleaner 2.1
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif PhotoPlus 6.0
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Snow Day v122707 Screen Saver
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite 4.010.00
Spelling Dictionaries For Adobe Reader Package
Stamps.com
SyncBack
SysTools PSTUPGRADE
TaxCut Deluxe 2005
Teach Yourself to Sing
TimeLeft
TimeRanger 1.6
TiVo Desktop 2.8.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
Video Edit Magic 4.4
VideoSpirit Pro 1.74
Visual Thesaurus 3.0.3
WeatherBug
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinZip 15.0
WZCBDL Service
Xvid 1.1.3 final uninstall
YOU DON'T KNOW JACK Offline
YouTube Downloader 2.7.2
.
==== Event Viewer Messages From Past Week ========
.
3/2/2012 5:03:42 PM, error: Service Control Manager [7034]  - The Internet Lock Service service terminated unexpectedly.  It has done this 1 time(s).
3/2/2012 5:03:11 PM, error: Service Control Manager [7034]  - The WZCBDL Service service terminated unexpectedly.  It has done this 1 time(s).
3/2/2012 5:03:11 PM, error: Service Control Manager [7034]  - The WAN Miniport (ATW) Service service terminated unexpectedly.  It has done this 1 time(s).
3/2/2012 5:03:11 PM, error: Service Control Manager [7034]  - The LexBce Server service terminated unexpectedly.  It has done this 1 time(s).
3/2/2012 5:03:11 PM, error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
3/2/2012 4:57:15 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
3/2/2012 4:10:15 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/2/2012 4:09:14 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Aavmker4 AFD aswRdr aswSnx aswSP aswTdi cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
3/2/2012 4:09:14 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:  A device attached to the system is not functioning.
3/2/2012 4:09:14 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/2/2012 4:09:14 PM, error: Service Control Manager [7001]  - The Internet Lock Service service depends on the INETLOCK service which failed to start because of the following error:  The dependency service or group failed to start.
3/2/2012 4:09:14 PM, error: Service Control Manager [7001]  - The INETLOCK service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/2/2012 4:09:14 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/2/2012 4:09:14 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
3/2/2012 4:09:14 PM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/2/2012 1:43:17 PM, error: Service Control Manager [7031]  - The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/1/2012 3:50:11 PM, error: System Error [1003]  - Error code 10000050, parameter1 f9117e8c, parameter2 00000000, parameter3 f7816dd0, parameter4 00000000.
3/1/2012 1:21:28 PM, error: System Error [1003]  - Error code 10000050, parameter1 fc4674b4, parameter2 00000000, parameter3 f79e0dd0, parameter4 00000000.
2/27/2012 3:44:54 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2/25/2012 11:35:12 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
2/25/2012 11:33:36 AM, error: Dhcp [1002]  - The IP address lease 192.168.10.103 for the Network Card with network address 0022758EA566 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #9 on: March 02, 2012, 05:37:36 pm »
Yep it would seem that OTM has removed the malicious entries, I would like to see the log that OTM produced, you`ll find it here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log    mmddyyyy_hhmmss refers to the date and time that OTM was run...

Also do the following;

Step 1

Download aswMBR from Here
If it asks to update during the process please allow this to happen.

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

   
  • Once the scan finishes click Save log to save the log to your Desktop.


   
  • Copy and paste the contents of aswMBR.txt back here for review
  • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Step 2

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see the following in your reply:

  • Log from OTM
  • Log from aswMBR
  • Log from Security Checks
  • aswMBR.zip attachment

Also give an update on current issues or concerns.....

Kevin




Offline monkeeluv6

  • Bronze Member
  • Posts: 33
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #10 on: March 04, 2012, 01:29:41 pm »
Hi Kevin,

Here are the requested logs:

1) OTM
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ywabafuj deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Srajoj deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named Ywabafuj was found to stop!
Service\Driver key Ywabafuj not found.
Error: No service named Srajoj was found to stop!
Service\Driver key Srajoj not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Laura Maggio\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Laura Maggio\Desktop\cmd.txt deleted successfully.
File/Folder c:\windows\Wizrv232.dll not found.
File/Folder c:\windows\ehiyorad.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3752337 bytes
 
User: Laura Maggio
->Temp folder emptied: 1419392671 bytes
->Temporary Internet Files folder emptied: 2122780909 bytes
->Java cache emptied: 43848459 bytes
->FireFox cache emptied: 42631817 bytes
->Flash cache emptied: 1571040 bytes
 
User: LocalService
->Temp folder emptied: 2052248 bytes
->Temporary Internet Files folder emptied: 33664 bytes
 
User: NetworkService
->Temp folder emptied: 1984680 bytes
->Temporary Internet Files folder emptied: 793303 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1268560 bytes
%systemroot%\System32 .tmp files removed: 3224593 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23287684 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 84402964 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 82898 bytes
RecycleBin emptied: 4271195237 bytes
 
Total Files Cleaned = 7,651.00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 03022012_161441










2) ASWMBR

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-04 14:03:07
-----------------------------
14:03:07.609    OS Version: Windows 5.1.2600 Service Pack 3
14:03:07.609    Number of processors: 1 586 0x204
14:03:07.609    ComputerName: LAURA  UserName:
14:03:10.484    Initialize success
14:03:11.343    AVAST engine defs: 12022401
14:03:53.625    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:03:53.625    Disk 0 Vendor: ST380021A 3.75 Size: 76319MB BusType: 3
14:03:53.625    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:03:53.625    Disk 1 Vendor: FUJITSU_MPD3084AT DD-03-47 Size: 8063MB BusType: 3
14:03:53.656    Disk 0 MBR read successfully
14:03:53.656    Disk 0 MBR scan
14:03:53.656    Disk 0 Windows XP default MBR code
14:03:53.656    Disk 0 Partition 1 00     DE Dell Utility Dell 4.1       31 MB offset 63
14:03:53.687    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76285 MB offset 64260
14:03:53.687    Disk 0 scanning sectors +156296385
14:03:53.765    Disk 0 scanning C:\WINDOWS\system32\drivers
14:04:28.734    Service scanning
14:04:38.625    Service FDCDNT C:\WINDOWS\system32\drivers\FDCDNT.SYS **LOCKED** 32
14:05:12.250    Modules scanning
14:05:37.515    Disk 0 trace - called modules:
14:05:37.546    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
14:05:37.546    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f8eab8]
14:05:37.546    3 CLASSPNP.SYS[f85f6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82fedd98]
14:05:38.328    AVAST engine scan C:\WINDOWS
14:06:19.796    AVAST engine scan C:\WINDOWS\system32
14:11:51.875    AVAST engine scan C:\WINDOWS\system32\drivers
14:12:23.546    AVAST engine scan C:\Documents and Settings\Laura Maggio
14:21:30.156    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laura Maggio\Desktop\2012 feb\MBR.dat"
14:21:30.265    The log file has been saved successfully to "C:\Documents and Settings\Laura Maggio\Desktop\2012 feb\aswMBR.txt"




3) SECURITY CHECK

 Results of screen317's Security Check version 0.99.31 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:

 avast! Free Antivirus   
```````````````````````````````
Anti-malware/Other Utilities Check:

 MVPS Hosts File 
 HijackThis 2.0.2   
 Registry Cleaner 2.1   
 Java(TM) 6 Update 5 
 Java version out of date!
 Adobe Flash Player    11.1.102.62 
 Mozilla Firefox (3.6.27) Firefox out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent

 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastUI.exe 
``````````End of Log````````````




4) ASWMNR.DAT is attached









Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #11 on: March 04, 2012, 02:09:06 pm »
Continue as follows please:

Navigate to Start > Control Panel > Add/Remove Programs, uninstall the following:

These are outdated and probably exploited versions of Java

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 5


Also remove Registry Cleaner 2.1 this type of so called enhancing tool can cause major issues for your system.

Next,

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 31.

  • Go to Sun Java
  • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Next,

Download  RogueKiller (by tigzy) and save direct to your Desktop.

    Quit all programs
    Start RogueKiller.exe
    Wait until Prescan has finished ...
    Click on Scan. Click on Report and copy/paste the content of the notepad



Post the log from RogueKiller in your reply, also give an update on current issues....

Kevin

Offline monkeeluv6

  • Bronze Member
  • Posts: 33
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #12 on: March 04, 2012, 07:59:18 pm »
Hi Kevin,

Although the redirects did not previously happen every time (they happened 1 in every 5 clicks or so), I have yet to encounter one since we've been working on this--so, yay! It seems to be fixed.

My only other concern is that since we've been working on this, the audio now does not work when I use the internet (either IE or Firedox) when I previously had no problems with it. For example, youtube videos play, but I can't hear the sound. Pandora also doesn't work. Sound DOES work when I listen to music on my computer via Windows Media Player--the problem seems to be only with Internet based applications. I'm wondering if any of the fixes/processes  I ran reset/disabled some kind of Internet audio setting? Not sure if this falls in the reign of stuff you can help me with, but I can't seem to figure it out...

Also, Here is my RogueKiller Log





RogueKiller V7.2.1 [02/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Laura Maggio [Admin rights]
Mode: Scan -- Date: 03/04/2012 20:23:46

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (<local>) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1   localhost
127.0.0.1   ___id___.c.mystat-in.net
127.0.0.1   0.r.msn.com
127.0.0.1   005.free-counter.co.uk
127.0.0.1   006.free-counter.co.uk
127.0.0.1   007.free-counter.co.uk
127.0.0.1   008.free-counter.co.uk
127.0.0.1   008.free-counters.co.uk
127.0.0.1   00fun.com
127.0.0.1   011707160008.c.mystat-in.net
127.0.0.1   032439.com
127.0.0.1   061606084448.c.mystat-in.net
127.0.0.1   070806142521.c.mystat-in.net
127.0.0.1   08search.com
127.0.0.1   090906042103.c.mystat-in.net
127.0.0.1   092706152958.c.mystat-in.net
127.0.0.1   0d7292.r.axf8.net
127.0.0.1   1.adbrite.com
127.0.0.1   1.globalonlineweb.com
127.0.0.1   1.googlenews.xorg.pl
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380021A +++++
--- User ---
[MBR] daf7303f73629d24fdc86ed2b2c8aaf1
[BSP] f49cae14d8b91b005dff84b1f6d8852f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: FUJITSU MPD3084AT +++++
--- User ---
[MBR] fbb4945a23143e3c59b1a35b8d42da1b
[BSP] 34b2ad59797ca11c33fccac9e538bb99 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 8032 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt






Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #13 on: March 05, 2012, 03:25:52 am »
Re-run RogueKiller, let pre-scan complete then select Proxyfix tab.





Run RogueKiller again and select Hostsfix tab.





Reboot your PC,

Do the following:

1. Click "Start".
2. Select "Run".
3. Type: sndvol32
4. Click "OK".
5. Make sure the following are not muted and the volume is up for "Volume Control" and "Wave".


If those are correct select start > run > type regedit select "OK" Expand the following keys by selecting the plus (+) sign at the side:

HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft >Windows NT > CurrentVersion > Finally select this folder > Drivers32

The right had pane should populate, at the top select > File > Export. That will export that key value,





save to your Desktop, and name it audio and file type reg files

 



Go to that file (should look like this ) > right click and select > send to > compressed (zipped) folder.... Attach that to your reply.

Kevin

Offline monkeeluv6

  • Bronze Member
  • Posts: 33
Re: [InActive K] Redirects (gimmeanswers, happli, and more)
« Reply #14 on: March 05, 2012, 10:27:56 am »
Kevin,

I ran RogueKiller twice, as instructed.

When I tried to get to and export the Drivers.32 key, I received the following error: "The selected branch does not exist. Make sure that the correct path is given."

There was nothing to export. I took a screenshot of it for you so you can see what's going on. Screenshot is attached.