WiredWX Hobby Weather ToolsLog in

 


descriptionfaceboo redirects to checker.name Emptyfaceboo redirects to checker.name

more_horiz
When using chrome browser to go to facebook it redirects to checker.name Firefox browser does not do this.???

msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
%AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
%AppData%\Local\
%systemroot%\system32\sysprep
*.xpi /md5
%systemroot%\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.exe /md5
"%WinDir%\$NtUninstallKB*$." /30
%systemdrive%\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\Installer\ /s
%systemroot%\system32\Cache\ /s
%systemroot%\system32\config\systemprofile\ /s
%PROGRAMFILES%\*.
%appdata%\*.*
/md5start
volsnap.sys
services.exe
userinit.exe
afd.sys
tcpip.sys
netbt.sys
ipsec.sys
dnsrslvr.dll
ipnathlp.dll
netman.dll
WMIsvc.dll
srsvc.dll
sr.sys
wscsvc.dll
wuauserv.dll
qmgr.dll
es.dll
cryptsvc.dll
svchost.exe
rpcss.dll
tdx.sys
wininit.exe
winlogon.exe
atapi.sys
explorer.exe
/md5stop
OTL Extras logfile created on: 11/12/2012 5:02:19 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\lainie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 62.78% Memory free
3.77 Gb Paging File | 2.69 Gb Available in Paging File | 71.56% Paging File free
Paging file location(s): c:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.55 Gb Total Space | 75.30 Gb Free Space | 53.96% Space Free | Partition Type: NTFS
Drive D: | 9.50 Gb Total Space | 8.56 Gb Free Space | 90.10% Space Free | Partition Type: NTFS

Computer Name: LAINIE-PC | User Name: lainie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Unable to open value key File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Unable to open value key File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Unable to open value key
https [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04391EC6-19AE-485B-837A-36A49B0C4DB5}" = lport=445 | protocol=6 | dir=in | app=system |
"{2BF0DA89-7561-45BD-89F9-1C0B9C29952E}" = rport=139 | protocol=6 | dir=out | app=system |
"{319B2FE7-E0E0-4422-81C1-F994A0618B6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{33C064E4-A170-4F06-B3D8-429310E3CD63}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{37D89F0A-FC78-421C-8FE5-58608A171BBF}" = lport=137 | protocol=17 | dir=in | app=system |
"{3F6E4DC8-D5E4-4B7A-BB27-DE678C40BF20}" = rport=445 | protocol=6 | dir=out | app=system |
"{65E14C35-5F77-4775-8D3D-F986651D955D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6BDAB843-4047-41BF-B271-A1064307152E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{81E8357D-E692-4F2C-AA8D-A3A94FEC03C4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A0D64FD4-DEE6-4687-8912-861BBA86B78A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1B00E74-700E-43EA-B855-C59177C507D8}" = rport=137 | protocol=17 | dir=out | app=system |
"{D133CF5C-C9D5-4DF1-9EBB-C2204067C7CD}" = lport=139 | protocol=6 | dir=in | app=system |
"{D59C3D6D-88C9-4EE0-9726-54D9DE6D9260}" = rport=138 | protocol=17 | dir=out | app=system |
"{F2C5C003-02CA-440C-B08D-F70C95FFD90B}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D5BF11-2977-465E-9256-8683598E9F23}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{08446449-F3A7-493D-B3B9-CF4F14EA9E64}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{0CB2DB92-4FCB-43AA-AFE3-29AC5A05F9CE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{0DF0DD95-FB32-468E-9E44-15A30DEAEF97}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{102E68F4-4491-427F-84F6-7145169C6360}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{185ED107-E0F1-4B3C-A54D-C982A14E2C9B}" = protocol=6 | dir=in | app=c:\program files\intertops poker\pokerclient.exe |
"{1975E5F2-ED22-4A98-939B-76C4FEE035B5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{1A2E98E1-12D1-496E-B326-FD2105C6CA96}" = protocol=6 | dir=in | app=c:\program files\maxthon3\bin\mxup.exe |
"{2A9A1347-FC49-410E-8EBC-BCB831EA8B28}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2CAE02E6-F77B-4A6E-9172-AF51E3EBFD47}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2F0B1B90-21DA-4562-A032-123D2F3A9D01}" = protocol=17 | dir=in | app=c:\program files\maxthon3\modules\mxminithunder\thundermini.exe |
"{32CC3D99-5974-4532-8994-FBE0BB558CDF}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{3AFBCF57-2B59-4C39-8D28-55916273CE6E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3E3664C6-7E89-4397-8EE7-4E0A26203DC3}" = protocol=17 | dir=in | app=c:\program files\intertops poker\pokerclient.exe |
"{44C876CD-F938-467C-B0BE-A0A6CECFC1D2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{452B9810-8829-42E9-8592-5A48A932FA26}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4F52DFFF-490F-4181-ADA7-0CD040E22FC4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5683CDD4-E2EE-4C7C-A3E2-8AE79C9B2EE2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5B87CA5F-404C-4780-A962-4B1F2ED2906C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5EC70DAD-8169-4324-B14A-FD3BFB128848}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{645DDD7D-9D4B-473D-906C-2954B90AE21A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{6EA6A456-9EE5-47F0-A688-5668DE876B21}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{71091A82-1033-4F54-AA12-1991889B1C16}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{714704B1-E635-44B9-8E6B-A820AA54C507}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E1BF521-C8F8-4C0A-9BD8-429757C87030}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7E932839-01C9-4144-98F6-3DDD27303DEF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7FE7EC91-A25F-4D24-84E0-54980D9E7A53}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{88CE60C7-2395-431E-AA4D-FD94CFAB83EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{922B8BF3-617F-45FC-8562-3FBEB33FA3EA}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{94B84730-BBC4-4647-B65B-435F05BC3171}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{9903EDF7-34A4-431F-B0AA-2D8F0CC69640}" = protocol=6 | dir=in | app=c:\program files\maxthon3\bin\maxthon.exe |
"{9F576504-5A84-4AA8-A845-22C829FD9746}" = protocol=17 | dir=in | app=c:\program files\maxthon3\bin\maxthon.exe |
"{AFC12C28-7DB8-46C0-89DA-B20CC2CDDC49}" = protocol=17 | dir=in | app=c:\program files\maxthon3\bin\mxup.exe |
"{B479C503-B5FC-4097-8B92-980FB0C4D842}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B7260785-49F0-4FA0-A6E1-1AB4955F15A5}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{BB8B57DD-138F-4608-AB73-C3EC6A814F85}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C1E5B70D-7512-42F3-A0DA-F0BC4EA081DD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C259C9D7-7060-4456-A883-1B6E624E48F7}" = protocol=6 | dir=in | app=c:\program files\maxthon3\modules\mxminithunder\thundermini.exe |
"{CCB58311-BE01-4177-85A8-FF25E5845933}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D063ED58-E0BF-43A5-A13F-321EE5347765}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{D2A9202B-BBD9-4295-B75B-574EAC855A83}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{D717632E-936A-489E-892C-762325A500B6}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{DC3D6226-6D31-4E93-9862-CB08387F0F3D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DD421CDB-0CAD-4CA2-9EC8-D0801E0DAD20}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DF05E65E-B303-48FD-97B4-7674EAF7BF74}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DFC8D87D-F7BD-41DA-BED0-8F04E08D1795}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EB357E7A-0A5D-40BB-94F2-BC7E46039A0B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{EC0DF528-A8DC-4CBC-BD97-87D49D42FF37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F5B0F7C2-20C2-40D3-AB3A-ACB749845F36}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{2FBC9D4C-6156-4E19-A07A-551E8FB9C0CE}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{8C148FB5-159A-487B-86F1-1347638142F6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{BD7506DC-4711-46F1-8730-0C0CD691FC53}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C087A004-99F6-42A3-A945-2E3F0F235213}C:\program files\carbonpoker\client.exe" = protocol=6 | dir=in | app=c:\program files\carbonpoker\client.exe |
"TCP Query User{E228D9FA-326D-4452-A453-A1D91969A299}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0A92D5E4-5AF3-43ED-B002-E977AD679FE7}C:\program files\carbonpoker\client.exe" = protocol=17 | dir=in | app=c:\program files\carbonpoker\client.exe |
"UDP Query User{1365E98D-A8B4-4AA9-A7F3-EBD78FC2AB9B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6550CCE0-DE22-4704-82C8-0F071222379A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{694A4E66-D72B-4879-B4E5-3C915793D16C}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{DB300C5A-5F08-4FC9-8F30-068E0CB4356A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DD1FE66-5536-41E3-B786-70068887B3F4}" = The Print Shop 12
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{7414C891-720D-4E86-85E5-C3AA898DA9EC}" = HP Deskjet 1050 J410 series Product Improvement Study
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A64FF1D4-9CBC-467C-8D11-C1AFAA0B8AFF}" = AVG 2011
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"alotAppbar" = ALOT Appbar
"Bodog Poker_is1" = Bodog Poker
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DefaultTab" = DefaultTab
"DefaultTab Chrome" = DefaultTab Chrome
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Shockwave" = Shockwave
"SpeedItupFree4.95" = Speeditup Free 4.90
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{88458270-ef4a-11e0-be50-0800200c9a66}" = Atlantis Gold Casino
"Facebook Plug-In" = Facebook Plug-In
"Gutshot" = Gutshot

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2012 2:02:10 PM | Computer Name = lainie-PC | Source = Perflib | ID = 1010
Description =

Error - 10/17/2012 3:04:00 PM | Computer Name = lainie-PC | Source = Perflib | ID = 1010
Description =

Error - 10/22/2012 1:57:30 AM | Computer Name = lainie-PC | Source = Application Error | ID = 1000
Description = Faulting application DefaultTabSearch.exe, version 0.0.0.0, time stamp
0x5004e5aa, faulting module DefaultTabSearch.exe, version 0.0.0.0, time stamp 0x5004e5aa,
exception code 0xc0000005, fault offset 0x00002d80, process id 0x7f4, application
start time 0x01cdb01a1e7c6dfd.

Error - 10/25/2012 5:19:53 PM | Computer Name = lainie-PC | Source = Perflib | ID = 1010
Description =

Error - 10/28/2012 2:40:33 PM | Computer Name = lainie-PC | Source = Perflib | ID = 1010
Description =

Error - 10/29/2012 3:31:25 PM | Computer Name = lainie-PC | Source = Application Error | ID = 1000
Description = Faulting application DefaultTabSearch.exe, version 0.0.0.0, time stamp
0x5004e5aa, faulting module DefaultTabSearch.exe, version 0.0.0.0, time stamp 0x5004e5aa,
exception code 0xc0000005, fault offset 0x00002d80, process id 0x218, application
start time 0x01cdb60bfbf6de56.

Error - 10/31/2012 1:47:04 PM | Computer Name = lainie-PC | Source = Perflib | ID = 1010
Description =

Error - 11/5/2012 2:33:33 PM | Computer Name = lainie-PC | Source = Perflib | ID = 1010
Description =

Error - 11/7/2012 3:59:47 PM | Computer Name = lainie-PC | Source = Perflib | ID = 1010
Description =

Error - 11/10/2012 4:52:40 PM | Computer Name = lainie-PC | Source = Perflib | ID = 1010
Description =

Error - 11/12/2012 6:11:45 PM | Computer Name = lainie-PC | Source = Application Error | ID = 1000
Description = Faulting application DefaultTabSearch.exe, version 0.0.0.0, time stamp
0x5004e5aa, faulting module DefaultTabSearch.exe, version 0.0.0.0, time stamp 0x5004e5aa,
exception code 0xc0000005, fault offset 0x00002d80, process id 0x22c, application
start time 0x01cdc122b3f315df.

[ Media Center Events ]
Error - 5/23/2008 2:37:23 PM | Computer Name = lainie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 5:06:56 PM | Computer Name = lainie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/2/2008 5:32:29 PM | Computer Name = lainie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/18/2008 5:49:07 AM | Computer Name = lainie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/13/2009 2:37:25 PM | Computer Name = lainie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 11:36:27 AM | Computer Name = lainie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 2:12:12 PM | Computer Name = lainie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/12/2009 2:40:16 PM | Computer Name = lainie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/12/2012 6:13:06 PM | Computer Name = lainie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2012 6:13:06 PM | Computer Name = lainie-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/12/2012 6:42:49 PM | Computer Name = lainie-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/12/2012 6:42:59 PM | Computer Name = lainie-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/12/2012 6:43:13 PM | Computer Name = lainie-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 1.139.1681.0;1.139.1681.0 Engine version: 1.1.8904.0

Error - 11/12/2012 6:43:28 PM | Computer Name = lainie-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C77DD3D5-DCA2-4622-99D3-530886DBCC85}
because another computer on the network has the same name. The server could not
start.

Error - 11/12/2012 6:44:53 PM | Computer Name = lainie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2012 7:55:23 PM | Computer Name = lainie-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/12/2012 7:55:32 PM | Computer Name = lainie-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/12/2012 7:57:19 PM | Computer Name = lainie-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*******************************************************
faceboo redirects to checker.name Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
Hello, I have exactly the same problem in my machine. Would you guys help me? Thanks!! Doug

descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
DougBathmann wrote:
Hello, I have exactly the same problem in my machine. Would you guys help me? Thanks!! Doug

Please do not hijack someone else's thread. Please start one of your own and someone will help you.

descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
Well, I did everything I stated here but it did not work, the problem persists ..
these were the results that appeared in the notepads

adwcleaner[1]

# AdwCleaner v2.108 - Logfile created 01/25/2013 at 11:39:58
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Chema - CHEMA-PC
# Boot Mode : Normal
# Running from : C:\Users\Chema\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Chema\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [654 octets] - [25/01/2013 11:39:58]

########## EOF - C:\AdwCleaner[R1].txt - [713 octets] ##########

RESULTS WITH ANTI-MALWARE

Malwarebytes Anti-Malware (Versión de Prueba) 1.70.0.1100
www.malwarebytes.org

Versión de la Base de Datos: v2013.01.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chema :: CHEMA-PC [administrador]

Protección: Habilitado

25/01/2013 11:44:43 a.m.
mbam-log-2013-01-25 (11-44-43).txt

Tipos de Análisis: Análisis Completo (C:\|D:\|)
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 461939
Tiempo transcurrido: 39 minuto(s), 31 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 16
C:\Users\Chema\Downloads\Key11+video-x32-x64\Patch+Keygen11-x32\01 - SonyVegasPro11 Patch.exe (RiskWare.Tool.HCK) -> No se tomaron medidas.
C:\Users\Chema\Downloads\Key11+video-x32-x64\Patch-Vegas11x64\vegas11_64bit_Patch-VanGall.exe (PUP.Hacktool.Patcher) -> No se tomaron medidas.
D:\download\eTypeSetup.exe (PUP.BundleInstaller.IB) -> No se tomaron medidas.
D:\programas\SonyVegas 11\Key11+video-x32-x64\Patch+Keygen11-x32\01 - SonyVegasPro11 Patch.exe (RiskWare.Tool.HCK) -> No se tomaron medidas.
D:\programas\SonyVegas 11\Key11+video-x32-x64\Patch-Vegas11x64\vegas11_64bit_Patch-VanGall.exe (PUP.Hacktool.Patcher) -> No se tomaron medidas.
D:\programas\Windows XP\1\amd64\AntiWPA.Dll (PUP.Wpakill) -> No se tomaron medidas.
D:\programas\Windows XP\1\x86\AntiWPA.Dll (PUP.Wpakill) -> No se tomaron medidas.
D:\programas\Windows XP\2\WGA.exe (PUP.RemoveWGA) -> No se tomaron medidas.
D:\download\avs media player (1).exe (Adware.Solimba.Lame) -> En cuarentena y eliminado con éxito.
D:\download\AVS Media Player.exe (PUP.AdBundler) -> En cuarentena y eliminado con éxito.
D:\download\WinZip 16.5.10095.exe (Adware.Solimba.Lame) -> En cuarentena y eliminado con éxito.
D:\programas\Guitar Pro 5.2\Guitar Pro 5.2\Keygen.exe (RiskWare.Tool.CK) -> En cuarentena y eliminado con éxito.
D:\varias cosas\francisco\programas\Automation_Studio_5.0_Full_by_Consul\Crack\ascrack_aebf.exe (PUP.Hacktool.Patcher) -> En cuarentena y eliminado con éxito.
D:\varias cosas\francisco\programas\Media Player Classic 6.4.9.1 XP Codec Pack 2.3.4\AC3 Filter.exe (Trojan.IRCBot) -> En cuarentena y eliminado con éxito.
D:\varias cosas\francisco\programas\Media Player Classic 6.4.9.1 XP Codec Pack 2.3.4\Codec Detective.exe (Trojan.IRCBot) -> En cuarentena y eliminado con éxito.
D:\varias cosas\francisco\programas\Media Player Classic 6.4.9.1 XP Codec Pack 2.3.4\Real 9-10.exe (Trojan.IRCBot) -> En cuarentena y eliminado con éxito.

fin)

WITH SECURITY CHECK

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 4.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versión 1.70.0.1100
Java(TM) 6 Update 38
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome 24.0.1312.52
Google Chrome 24.0.1312.56
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
Well, I did everything I stated here but it did not work, the problem persists ..
these were the results that appeared in the notepads

We're just getting started. There's more to do.
Please run MBAM again and this time, clean the infections.


Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

faceboo redirects to checker.name NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

faceboo redirects to checker.name NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

faceboo redirects to checker.name RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

faceboo redirects to checker.name Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
hello! I did everything as you explain it to me here ..
This is the. MBAM txt

Malwarebytes Anti-Malware (Versión de Prueba) 1.70.0.1100
www.malwarebytes.org

Versión de la Base de Datos: v2013.01.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chema :: CHEMA-PC [administrador]

Protección: Habilitado

26/01/2013 12:07:08 p.m.
mbam-log-2013-01-26 (12-07-08).txt

Tipos de Análisis: Análisis Completo (C:\|D:\|)
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 456189
Tiempo transcurrido: 39 minuto(s), 27 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 6
C:\Users\Chema\Downloads\Key11+video-x32-x64\Patch+Keygen11-x32\01 - SonyVegasPro11 Patch.exe (RiskWare.Tool.HCK) -> En cuarentena y eliminado con éxito.
C:\Users\Chema\Downloads\Key11+video-x32-x64\Patch-Vegas11x64\vegas11_64bit_Patch-VanGall.exe (PUP.Hacktool.Patcher) -> En cuarentena y eliminado con éxito.
D:\$RECYCLE.BIN\S-1-5-21-930639564-230791067-3471309960-1000\$R9SIUBX\amd64\AntiWPA.Dll (PUP.Wpakill) -> En cuarentena y eliminado con éxito.
D:\$RECYCLE.BIN\S-1-5-21-930639564-230791067-3471309960-1000\$R9SIUBX\x86\AntiWPA.Dll (PUP.Wpakill) -> En cuarentena y eliminado con éxito.
D:\$RECYCLE.BIN\S-1-5-21-930639564-230791067-3471309960-1000\$RBTFHTN\WGA.exe (PUP.RemoveWGA) -> En cuarentena y eliminado con éxito.
D:\download\eTypeSetup.exe (PUP.BundleInstaller.IB) -> En cuarentena y eliminado con éxito.

fin)

and this is the combofix

ComboFix 13-01-26.02 - Chema 26/01/2013 12:55:21.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.505.1033.18.8099.5894 [GMT -6:00]
Running from: c:\users\Chema\Downloads\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: Cortafuegos personal de ESET *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 )))))))))))))))))))))))))))))))
.
.
2013-01-26 18:59 . 2013-01-26 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-26 18:28 . 2013-01-26 18:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-26 18:28 . 2013-01-26 18:28 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-26 16:00 . 2013-01-26 16:00 -------- d-----w- c:\programdata\Ahead
2013-01-26 15:59 . 2013-01-26 16:00 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2013-01-26 15:59 . 2013-01-26 15:59 -------- d-----w- c:\programdata\Nero
2013-01-26 15:59 . 2013-01-26 15:59 -------- d-----w- c:\program files (x86)\Nero
2013-01-25 20:40 . 2013-01-25 20:40 -------- d-----w- c:\program files\CCleaner
2013-01-25 17:43 . 2013-01-25 17:43 -------- d-----w- c:\programdata\Malwarebytes
2013-01-25 17:43 . 2013-01-25 17:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-25 17:43 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-25 16:58 . 2013-01-25 16:58 -------- d-----w- c:\program files\ESET
2013-01-22 22:18 . 2013-01-22 22:18 -------- d-----w- c:\programdata\Sony
2013-01-22 22:11 . 2013-01-22 22:11 -------- d-----w- c:\program files (x86)\Sony
2013-01-22 22:10 . 2013-01-22 22:10 -------- d-----w- c:\program files\Sony
2013-01-22 20:36 . 2013-01-22 20:36 -------- d-----r- c:\program files (x86)\Skype
2013-01-22 20:36 . 2013-01-22 20:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-22 20:36 . 2013-01-22 20:36 -------- d-----w- c:\programdata\Skype
2013-01-18 22:16 . 2013-01-18 22:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-01-15 23:30 . 2013-01-15 23:30 -------- d-----w- c:\program files (x86)\uTorrent
2013-01-12 22:43 . 2013-01-12 22:43 -------- dc-h--w- c:\programdata\{13C5090D-8DAD-437E-B069-232C287DA432}
2013-01-12 22:42 . 2013-01-12 22:42 -------- d-----w- c:\program files\Common Files\Native Instruments
2013-01-12 22:42 . 2013-01-12 22:42 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2013-01-12 22:42 . 2013-01-12 22:42 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2013-01-12 22:42 . 2013-01-12 22:42 -------- d-----w- c:\program files\Native Instruments
2013-01-12 22:42 . 2013-01-12 22:42 -------- d-----w- c:\programdata\Native Instruments
2013-01-12 22:19 . 2013-01-22 14:12 -------- d-----w- C:\Cakewalk Projects
2013-01-12 22:15 . 2013-01-12 22:15 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2013-01-12 22:15 . 2012-06-20 23:38 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2013-01-12 22:15 . 2012-06-20 23:38 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2013-01-12 22:15 . 2012-06-20 23:38 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-01-12 22:15 . 2012-06-20 23:38 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
2013-01-12 22:08 . 2013-01-12 22:10 -------- d-----w- C:\Cakewalk Content
2013-01-12 22:06 . 2013-01-12 22:22 -------- d-----w- c:\program files (x86)\Cakewalk
2013-01-12 22:05 . 2013-01-12 22:22 -------- d-----w- c:\programdata\Cakewalk
2013-01-12 22:05 . 2013-01-12 22:19 -------- d-----w- c:\program files\Cakewalk
2013-01-12 22:05 . 2013-01-12 22:05 -------- d-----w- c:\programdata\Overloud
2013-01-12 19:58 . 2013-01-12 19:58 -------- d-----w- c:\program files (x86)\PowerISO
2013-01-12 19:58 . 2007-08-07 00:21 57776 ----a-w- c:\windows\system32\drivers\scdemu.sys
2013-01-11 03:53 . 2013-01-11 03:53 -------- d-----w- c:\program files\Common Files\Wave Audio Ltd
2013-01-10 18:21 . 2013-01-10 18:21 -------- d-----w- c:\programdata\IsolatedStorage
2013-01-09 23:08 . 2013-01-09 23:13 -------- d-----w- c:\program files (x86)\Google
2013-01-09 21:16 . 2013-01-09 21:16 -------- d-----w- c:\program files\Common Files\Intel
2013-01-09 21:16 . 2013-01-09 21:16 -------- d-----w- c:\program files (x86)\Intel
2013-01-09 21:16 . 2013-01-09 21:16 -------- d-----w- c:\program files (x86)\Common Files\Intel
2013-01-09 21:15 . 2013-01-09 21:15 -------- d-----w- C:\Intel
2013-01-09 20:42 . 2013-01-26 18:28 859552 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-09 20:42 . 2013-01-26 18:28 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-09 20:42 . 2013-01-26 18:28 -------- d-----w- c:\program files (x86)\Java
2013-01-09 20:31 . 2013-01-22 20:18 -------- d-----w- c:\program files\TOSHIBA
2013-01-09 20:31 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2013-01-09 20:31 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2013-01-09 20:09 . 2013-01-22 20:18 -------- d-----w- c:\program files (x86)\Toshiba
2013-01-09 20:09 . 2013-01-09 20:09 -------- d-----w- c:\program files (x86)\TOSHIBA Corporation
2013-01-09 20:09 . 2013-01-09 20:09 -------- d-----w- c:\program files (x86)\Common Files\Toshiba Shared
2013-01-09 18:51 . 2011-01-14 01:58 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-01-09 18:51 . 2011-01-14 01:58 413800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-01-09 18:51 . 2011-01-14 01:58 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-01-09 18:51 . 2013-01-11 03:52 -------- d-----w- c:\program files (x86)\Realtek
2013-01-09 18:51 . 2013-01-11 03:52 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-01-09 18:28 . 2013-01-25 20:59 -------- d-----w- c:\windows\Panther
2013-01-09 17:46 . 2013-01-09 17:46 -------- d-----w- c:\windows\system32\appmgmt
2013-01-09 17:41 . 2013-01-09 17:41 -------- d-----w- c:\programdata\Intel
2013-01-09 17:41 . 2013-01-09 17:46 -------- d-----w- c:\program files\Intel
2013-01-09 16:54 . 2013-01-09 16:54 -------- d-----w- c:\program files\Common Files\DESIGNER
2013-01-09 16:53 . 2013-01-09 16:53 -------- d-----w- c:\program files\Microsoft.NET
2013-01-09 16:53 . 2013-01-09 16:53 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2013-01-09 16:53 . 2013-01-09 16:53 -------- d-----w- c:\program files\Microsoft SQL Server
2013-01-09 16:53 . 2013-01-09 16:53 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-01-09 16:53 . 2013-01-09 16:53 -------- d-----w- c:\windows\PCHEALTH
2013-01-09 16:50 . 2013-01-09 16:50 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-01-09 16:50 . 2013-01-09 16:50 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-01-09 16:50 . 2013-01-09 16:53 -------- d-----w- c:\program files\Microsoft Office
2013-01-09 16:50 . 2013-01-09 16:55 -------- d-----w- c:\programdata\Microsoft Help
2013-01-09 16:50 . 2013-01-09 16:50 -------- d-----r- C:\MSOCache
2013-01-09 16:46 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2013-01-09 16:46 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-01-09 16:46 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-01-09 16:46 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2013-01-09 16:46 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2013-01-09 16:46 . 2008-09-24 18:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2013-01-09 16:46 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-01-09 16:46 . 2013-01-09 16:46 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-01-09 16:46 . 2013-01-09 16:46 -------- d-----w- c:\windows\SysWow64\Adobe
2013-01-09 16:45 . 2013-01-26 18:28 -------- d-sh--w- c:\windows\Installer
2013-01-09 16:44 . 2013-01-09 16:44 -------- d-----w- c:\windows\SysWow64\Macromed
2013-01-09 16:37 . 2013-01-12 22:46 -------- d-----w- c:\users\Chema
2013-01-09 16:37 . 2012-10-17 07:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F83608D-7EF8-45D0-84D4-587D630990C5}\mpengine.dll
2013-01-09 16:36 . 2012-10-30 03:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 16:36 . 2013-01-09 16:36 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 18:04 . 2012-11-14 18:04 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 18:04 . 2012-11-14 18:04 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 18:04 . 2012-11-14 18:04 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 18:04 . 2012-11-14 18:04 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 18:04 . 2012-11-14 18:04 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 18:03 . 2012-11-14 18:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-14 18:03 . 2012-11-14 18:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-14 18:03 . 2012-11-14 18:03 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 18:03 . 2012-11-14 18:03 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 18:03 . 2012-11-14 18:03 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 18:03 . 2012-11-14 18:03 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 18:03 . 2012-11-14 18:03 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 18:03 . 2012-11-14 18:03 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 18:03 . 2012-11-14 18:03 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 18:03 . 2012-11-14 18:03 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 18:03 . 2012-11-14 18:03 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 18:03 . 2012-11-14 18:03 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 18:03 . 2012-11-14 18:03 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 18:03 . 2012-11-14 18:03 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 18:02 . 2012-11-14 18:02 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-11-14 18:02 . 2012-11-14 18:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-11-14 18:02 . 2012-11-14 18:02 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-11-14 18:02 . 2012-11-14 18:02 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-11-14 18:02 . 2012-11-14 18:02 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-11-14 18:02 . 2012-11-14 18:02 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-11-14 18:01 . 2012-11-14 18:01 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-14 18:01 . 2012-11-14 18:01 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-14 18:01 . 2012-11-14 18:01 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-14 18:00 . 2012-11-14 18:00 503808 ----a-w- c:\windows\system32\srcore.dll
2012-11-14 18:00 . 2012-11-14 18:00 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-11-14 18:00 . 2012-11-14 18:00 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-11-14 17:59 . 2012-11-14 17:59 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-11-14 17:59 . 2012-11-14 17:59 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 17:59 . 2012-11-14 17:59 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 338432 ----a-w- c:\windows\system32\conhost.exe
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-14 17:59 . 2012-11-14 17:59 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-14 17:59 . 2012-11-14 17:59 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-11-14 17:59 . 2012-11-14 17:59 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-14 17:59 . 2012-11-14 17:59 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-11-14 17:59 . 2012-11-14 17:59 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-11-14 17:59 . 2012-11-14 17:59 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-14 17:59 . 2012-11-14 17:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-06-24 00:20 2042504 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-06-24 00:20 2042504 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-06-24 00:20 2042504 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Chema\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-15 138096]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-26 174680]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-06-24 178784]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-14 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-14 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-14 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-14 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-14 1255736]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 44944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-06-24 00:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-06-24 00:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-06-24 00:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2716216]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.62.64.1 200.62.64.65
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Chema\AppData\Roaming\Mozilla\Firefox\Profiles\y8pnfvvh.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-26 13:00:50
ComboFix-quarantined-files.txt 2013-01-26 19:00
.
Pre-Run: 75,848,482,816 bytes free
Post-Run: 76,130,746,368 bytes free
.
- - End Of File - - 66AFD5D36571AFC05BB83F4E502B2990

if I need to do more, I ask you to please tell me: D

descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

***************************************************

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

descriptionfaceboo redirects to checker.name EmptyI solved it!

more_horiz
Comment have been removed. Please do not hijack someone else's thread. If you need help, start a new thread of your own and someone will help you.

descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
why you removed my comment? I just put a solution for this problem!!

descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
jorgeedson wrote:
why you removed my comment? I just put a solution for this problem!!

You are not authorized to post malware advice in this forum.

descriptionfaceboo redirects to checker.name EmptyRe: faceboo redirects to checker.name

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum