Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

when searching I get redirected


  • This topic is locked This topic is locked
3 replies to this topic

#1 Andrew Arena

Andrew Arena

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 17 December 2009 - 10:41 PM

I have beeen getting redirected for a few days when I am searching in google and bing. I have run combofix and scans with malwarebytes as well as Iobit 360.



DDS (Ver_09-12-01.01) - NTFSx86
Run by aarena at 21:01:47.43 on Thu 12/17/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2814.1546 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\itunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\REGEDIT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\aarena\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
mURLSearchHooks: H - No File
mURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {dd1d5372-6469-4301-8760-cbf0980bf4ae} - No File
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {dd1d5372-6469-4301-8760-cbf0980bf4ae} - No File
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: apple.com\ax.itunes
Trusted Zone: mgsionline.com\aapdc
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-4 114768]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/19 00:44:03];c:\program files\cyberlink\powerdvd9\000.fcl [2009-5-7 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-4 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-4 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-9 138680]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-12-16 312592]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-17 276816]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-9 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-9 352920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-17 19160]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-11-25 26000]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
S2 gupdate1ca2da519842d0;Google Update Service (gupdate1ca2da519842d0);c:\program files\google\update\GoogleUpdate.exe [2009-9-4 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

=============== Created Last 30 ================

2009-12-17 19:16:20 0 d-----w- c:\program files\ESET
2009-12-17 18:02:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 18:02:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 18:02:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 00:49:14 290216480 ----a-w- c:\windows\MEMORY.DMP
2009-12-17 00:44:43 132 ----a-w- c:\windows\system32\5C33.tmp
2009-12-17 00:12:01 0 d-----w- c:\programdata\IObit
2009-12-17 00:11:57 0 d-----w- c:\program files\IObitCom
2009-12-17 00:11:52 0 d-----w- c:\users\aarena\appdata\roaming\IObit
2009-12-17 00:11:51 0 d-----w- c:\program files\IObit
2009-12-16 01:53:34 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-09 03:38:14 0 d-----w- c:\users\aarena\appdata\roaming\Malwarebytes
2009-12-09 03:38:08 0 d-----w- c:\programdata\Malwarebytes
2009-12-08 18:41:40 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-08 18:40:16 0 d-----w- c:\users\aarena\appdata\roaming\SUPERAntiSpyware.com
2009-12-08 14:53:05 0 d-----w- c:\users\aarena\appdata\roaming\PC Tools
2009-12-08 14:53:05 0 d-----w- c:\programdata\PC Tools
2009-12-08 14:29:58 65536 --sha-w- c:\users\aarena\ntuser.dat{660b1e4a-e3f9-11de-86d7-d80dcc7d1776}.TM.blf
2009-12-08 14:29:58 524288 --sha-w- c:\users\aarena\ntuser.dat{660b1e4a-e3f9-11de-86d7-d80dcc7d1776}.TMContainer00000000000000000002.regtrans-ms
2009-12-08 14:29:58 524288 --sha-w- c:\users\aarena\ntuser.dat{660b1e4a-e3f9-11de-86d7-d80dcc7d1776}.TMContainer00000000000000000001.regtrans-ms
2009-11-28 20:09:49 0 d-----w- c:\users\aarena\appdata\roaming\Movie Torrent
2009-11-28 20:07:56 0 d-----w- c:\program files\Movie Torrent
2009-11-26 04:05:09 0 d-----w- c:\windows\pss
2009-11-26 00:16:59 0 d-----w- c:\program files\Conduit
2009-11-26 00:15:41 26000 ----a-w- c:\windows\system32\drivers\ndiszapu.sys
2009-11-25 22:25:37 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 19:56:29 0 d-----w- c:\programdata\InstallShield
2009-11-25 18:36:08 0 d-----w- c:\program files\VideoLAN
2009-11-25 18:36:08 0 d-----w- c:\program files\Sopcast_plugin
2009-11-25 18:35:39 0 d-----w- c:\program files\common files\Real
2009-11-25 18:31:11 0 d-----w- c:\program files\LIVE TV
2009-11-25 00:39:34 0 d-----w- c:\programdata\NOS
2009-11-24 22:01:09 20380 ----a-w- c:\windows\Run32A50.mch
2009-11-24 22:00:31 35 ----a-w- c:\windows\A5W.INI
2009-11-24 22:00:31 0 d-----w- c:\windows\A5W_DATA
2009-11-24 22:00:29 0 d-----w- C:\Liberty
2009-11-23 03:54:39 0 d-----r- C:\Scanned Documents
2009-11-23 03:54:38 0 d-----w- C:\Fax
2009-11-20 05:12:55 0 d-----w- c:\program files\Xilisoft
2009-11-20 04:10:22 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-20 04:10:21 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2009-11-20 03:54:21 111992 ----a-w- c:\windows\system32\acaptuser32.dll
2009-11-20 03:40:05 0 d-----w- c:\program files\common files\Macrovision Shared
2009-11-20 03:34:59 0 d-----w- c:\users\aarena\UPDATES
2009-11-19 20:39:57 0 d-----w- C:\OJOsoft Corporation
2009-11-19 05:47:00 0 d-----w- C:\CyberLink
2009-11-19 05:43:52 0 d-----w- c:\program files\common files\CyberLink
2009-11-19 05:41:59 0 d---a-w- c:\programdata\Temp
2009-11-18 06:36:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-11-18 06:04:16 0 d-----w- c:\programdata\CyberLink

==================== Find3M ====================

2009-12-18 01:36:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 09:13:39 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 18:18:19 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-01-16 09:33:47 396288 --sha-w- c:\windows\windows mail\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:03:27.54 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/29/2009 2:32:47 PM
System Uptime: 12/17/2009 7:23:02 PM (2 hours ago)

Motherboard: Wistron | | 303C
Processor: AMD Turion Dual-Core RM-75 | Socket A | 2200/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 287 GiB total, 213.553 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.783 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP79: 12/16/2009 8:39:09 PM - Removed SUPERAntiSpyware Professional
RP80: 12/17/2009 11:58:52 AM - Windows Update
RP81: 12/17/2009 8:29:10 PM - Removed Java™ 6 Update 7
RP82: 12/17/2009 8:30:01 PM - Removed Java™ 6 Update 16
RP83: 12/17/2009 8:36:36 PM - Installed Java™ 6 Update 17

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.65
Active@ ISO Burner
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
avast! Antivirus
Bing Maps 3D
Bonjour
CCleaner
CDDRV_Installer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix XenApp Web Plugin
Conexant HD Audio
CyberLink PowerDVD 9
DIGOpt
Dropbox
ENE CIR Receiver Driver
ESET Online Scanner v3
Google Earth Plug-in
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HP Help and Support
HP Product Detection
IObit Security 360
IObitCom Toolbar
iPhone Configuration Utility
iTunes
Java™ 6 Update 17
KhalSetup
LightScribe System Software
Live TV
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft MapPoint North America 2010
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable Package
MSN
MSN Messenger 7.0
NetWaiting
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
OJOsoft Total Video Converter
QuickTime
RealPlayer
Realtek USB 2.0 Card Reader
Remote Control USB Driver
ScrewDrivers Client v4
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SmartAudio
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Verizon Servicepoint 1.5.24
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 0.9.8a
Vuze
Vuze Toolbar
Xilisoft DVD Creator

==== Event Viewer Messages From Past Week ========

12/17/2009 7:46:51 PM, Error: NetBT [4321] - The name "ANDREW-PC :0" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
12/17/2009 7:26:32 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/17/2009 7:25:24 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
12/17/2009 7:24:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/17/2009 7:23:53 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: An attempt was made to logon, but the network logon service was not started.
12/17/2009 7:23:53 PM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
12/17/2009 7:23:52 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6BC544C8-7141-4537-9AE4-9C25BD49255E} because another computer on the network has the same name. The server could not start.
12/17/2009 7:23:52 PM, Error: NetBT [4321] - The name "ANDREW-PC :20" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
12/17/2009 7:23:23 PM, Error: volmgr [46] - Crash dump initialization failed!
12/17/2009 5:03:43 PM, Error: Microsoft-Windows-GroupPolicy [1110] - The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
12/17/2009 12:23:35 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain MGSI due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
12/16/2009 8:44:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows CardSpace service to connect.
12/16/2009 8:44:52 PM, Error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/16/2009 7:49:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x862cf751, 0x8cb22adc, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121609-35147-01.
12/15/2009 7:03:35 PM, Error: NetBT [4321] - The name "ANDREW-PC :20" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
12/15/2009 7:03:30 PM, Error: NetBT [4321] - The name "ANDREW-PC :0" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
12/10/2009 5:07:34 PM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.

==== End Of File ===========================

ComboFix 09-12-17.01 - aarena 12/17/2009 21:47:34.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2814.1972 [GMT -5:00]
Running from: c:\users\aarena\Desktop\KittyFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
C:\install.exe
C:\System
c:\windows\Cursors\aero_link.cur

.
((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 02:58 . 2009-12-18 02:59 -------- d-----w- c:\users\aarena\AppData\Local\temp
2009-12-18 02:58 . 2009-12-18 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-18 02:58 . 2009-12-18 02:58 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2009-12-18 02:58 . 2009-12-18 02:58 -------- d-----w- c:\users\administrator\AppData\Local\temp
2009-12-18 02:34 . 2009-12-18 01:56 524288 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Critical_Windows Defender_2c234350948d9992469943309a88fe8e6e4d8724_cab_0ad48805\dds[1].scr
2009-12-18 00:26 . 2009-12-18 00:26 -------- d-----w- c:\users\aarena\AppData\Local\Adobe
2009-12-17 20:56 . 2009-12-17 21:15 -------- d-----w- c:\users\aarena\AppData\Local\Apple Computer
2009-12-17 19:16 . 2009-12-17 19:16 -------- d-----w- c:\program files\ESET
2009-12-17 18:02 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 18:02 . 2009-12-17 18:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 18:02 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 00:12 . 2009-12-17 00:12 -------- d-----w- c:\programdata\IObit
2009-12-17 00:11 . 2009-12-17 00:11 -------- d-----w- c:\program files\IObitCom
2009-12-17 00:11 . 2009-12-17 01:37 -------- d-----w- c:\users\aarena\AppData\Roaming\IObit
2009-12-17 00:11 . 2009-10-19 18:30 624464 ----a-w- c:\users\aarena\AppData\Roaming\IObit\Common\TB_Helper.exe
2009-12-17 00:11 . 2009-12-17 00:22 -------- d-----w- c:\program files\IObit
2009-12-16 01:53 . 2009-12-16 03:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-09 03:38 . 2009-12-09 03:38 -------- d-----w- c:\users\aarena\AppData\Roaming\Malwarebytes
2009-12-09 03:38 . 2009-12-09 03:38 -------- d-----w- c:\programdata\Malwarebytes
2009-12-08 18:41 . 2009-12-08 18:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-08 18:40 . 2009-12-17 01:39 -------- d-----w- c:\users\aarena\AppData\Roaming\SUPERAntiSpyware.com
2009-12-08 14:53 . 2009-12-08 14:53 -------- d-----w- c:\users\aarena\AppData\Roaming\PC Tools
2009-12-08 14:53 . 2009-12-08 14:53 -------- d-----w- c:\programdata\PC Tools
2009-12-08 09:13 . 2009-12-08 09:13 -------- d-----w- c:\users\aarena\AppData\Local\Threat Expert
2009-12-02 04:02 . 2009-12-08 14:26 -------- d-----w- c:\users\aarena\AppData\Roaming\vlc
2009-11-28 20:09 . 2009-11-28 20:11 -------- d-----w- c:\users\aarena\AppData\Roaming\Movie Torrent
2009-11-28 20:07 . 2009-12-08 14:37 -------- d-----w- c:\program files\Movie Torrent
2009-11-26 04:22 . 2009-11-26 04:22 -------- d-----w- c:\users\aarena\AppData\Local\Atheros
2009-11-26 00:16 . 2009-11-26 00:16 -------- d-----w- c:\program files\Conduit
2009-11-26 00:15 . 2009-01-11 18:52 26000 ----a-w- c:\windows\system32\drivers\ndiszapu.sys
2009-11-25 22:25 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 19:56 . 2009-11-25 19:56 -------- d-----w- c:\programdata\InstallShield
2009-11-25 18:36 . 2009-11-25 18:36 -------- d-----w- c:\program files\VideoLAN
2009-11-25 18:36 . 2009-11-25 18:36 -------- d-----w- c:\program files\Sopcast_plugin
2009-11-25 18:35 . 2009-11-25 18:35 -------- d-----w- c:\program files\Real
2009-11-25 18:35 . 2009-11-25 18:35 -------- d-----w- c:\program files\Common Files\Real
2009-11-25 18:31 . 2009-11-25 18:31 -------- d-----w- c:\program files\LIVE TV
2009-11-25 00:39 . 2009-11-25 18:14 -------- d-----w- c:\programdata\NOS
2009-11-25 00:39 . 2009-11-25 00:39 -------- d-----w- c:\program files\NOS
2009-11-24 22:00 . 2009-11-24 22:00 -------- d-----w- c:\windows\A5W_DATA
2009-11-24 22:00 . 2009-11-24 22:00 -------- d-----w- C:\Liberty
2009-11-23 20:47 . 2009-11-23 20:47 10686001 ----a-w- c:\users\aarena\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-11-23 03:54 . 2009-11-23 03:54 -------- d-----r- C:\Scanned Documents
2009-11-23 03:54 . 2009-11-23 03:54 -------- d-----w- C:\Fax
2009-11-20 05:12 . 2009-11-20 05:12 -------- d-----w- c:\program files\Xilisoft
2009-11-20 04:10 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-20 04:10 . 2009-08-20 04:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2009-11-20 03:54 . 2009-02-27 17:55 111992 ----a-w- c:\windows\system32\acaptuser32.dll
2009-11-20 03:40 . 2009-11-20 03:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-20 03:34 . 2009-11-20 03:35 -------- d-----w- c:\users\aarena\UPDATES
2009-11-19 20:39 . 2009-11-19 20:39 -------- d-----w- C:\OJOsoft Corporation
2009-11-19 20:00 . 2009-11-19 20:04 -------- d-----w- c:\users\aarena\AppData\Local\Super Internet TV
2009-11-19 05:48 . 2009-11-19 05:51 -------- d-----w- c:\users\aarena\AppData\Local\Cyberlink
2009-11-19 05:47 . 2009-11-19 05:47 -------- d-----w- c:\users\Public\CyberLink
2009-11-19 05:47 . 2009-11-19 05:48 -------- d-----w- C:\CyberLink
2009-11-19 05:43 . 2009-11-19 05:43 -------- d-----w- c:\program files\Common Files\CyberLink
2009-11-19 05:41 . 2009-11-19 05:41 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-11-18 06:04 . 2009-11-19 05:48 -------- d-----w- c:\programdata\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 01:36 . 2009-09-05 00:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-18 01:29 . 2009-04-20 21:38 -------- d-----w- c:\program files\Java
2009-12-17 22:56 . 2009-09-04 18:43 -------- d-----w- c:\program files\Google
2009-12-17 08:46 . 2009-09-08 18:41 -------- d-----w- c:\users\aarena\AppData\Roaming\Azureus
2009-12-17 01:39 . 2009-09-04 22:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-17 00:44 . 2009-12-17 00:44 132 ----a-w- c:\windows\system32\5C33.tmp
2009-12-16 03:14 . 2009-09-04 19:34 -------- d-----w- c:\program files\a-squared Free
2009-12-11 22:56 . 2009-09-04 18:56 -------- d-----w- c:\program files\Vuze
2009-12-09 09:13 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-09 08:07 . 2009-09-04 18:01 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 03:24 . 2009-01-16 14:59 -------- d-----r- c:\program files\Program Files
2009-12-08 14:37 . 2009-09-05 01:46 -------- d-----w- c:\program files\Yahoo!
2009-12-08 14:26 . 2009-10-06 04:14 -------- d-----w- c:\program files\Microsoft Works
2009-12-08 14:26 . 2009-09-04 21:15 -------- d-----w- c:\programdata\FLEXnet
2009-11-25 23:54 . 2009-10-02 21:17 -------- d-----w- c:\users\aarena\AppData\Roaming\Dropbox
2009-11-25 20:24 . 2009-09-04 19:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-24 23:54 . 2009-09-04 19:07 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-09-04 19:08 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-04 19:08 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-04 19:07 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 19:43 . 2009-09-23 01:41 176 ----a-w- c:\users\aarena\AppData\Roaming\Azureus\restart.bat
2009-11-20 04:16 . 2009-09-29 18:38 110384 ----a-w- c:\users\aarena\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-19 06:00 . 2009-09-11 13:34 -------- d-----w- c:\users\aarena\AppData\Roaming\CyberLink
2009-11-19 05:43 . 2009-09-04 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 05:42 . 2009-04-20 21:25 -------- d-----w- c:\program files\CyberLink
2009-11-19 05:23 . 2009-09-04 19:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 06:36 . 2009-11-18 06:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-11-18 03:58 . 2009-09-07 04:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2009-11-18 03:58 . 2009-09-06 02:59 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-11-17 22:52 . 2009-11-17 22:50 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-17 22:43 . 2009-11-17 22:43 -------- d-----w- c:\program files\DIFX
2009-11-17 22:39 . 2009-08-29 22:26 -------- d-----w- c:\program files\itunes
2009-11-17 22:38 . 2009-11-17 22:38 -------- d-----w- c:\program files\iPod
2009-11-17 22:38 . 2009-09-05 05:39 -------- d-----w- c:\program files\Common Files\Apple
2009-11-17 22:32 . 2009-11-17 22:32 -------- d-----w- c:\program files\Common Files\Common Share
2009-11-17 22:32 . 2009-11-17 22:32 -------- d-----w- c:\program files\OJOsoft
2009-11-17 22:28 . 2009-10-08 16:28 -------- d-----w- c:\program files\Citrix
2009-11-17 22:27 . 2009-10-18 02:12 -------- d-----w- c:\users\aarena\AppData\Roaming\Move Networks
2009-11-17 22:27 . 2009-10-08 19:15 -------- d-----w- c:\users\aarena\AppData\Roaming\TweakNow PowerPack 2009
2009-11-17 22:26 . 2009-11-17 22:26 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-17 21:34 . 2009-11-17 21:34 -------- d-----w- c:\users\aarena\AppData\Roaming\Blitware
2009-11-17 21:17 . 2009-09-04 22:56 -------- d-----w- c:\programdata\NVIDIA
2009-11-17 08:27 . 2009-09-06 02:59 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-11-17 06:55 . 2009-09-07 04:36 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2009-11-17 06:55 . 2009-09-06 02:59 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-03 01:42 . 2009-10-04 02:32 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-18 01:55 . 2009-09-30 22:22 547632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-10-17 12:26 . 2009-10-17 12:26 16896 ----a-w- c:\windows\system32\drivers\dc3d.sys
2009-10-09 07:37 . 2009-10-09 07:37 1096704 ----a-w- c:\windows\system32\drivers\athr.sys
2009-10-07 19:44 . 2009-10-07 19:44 10134 ----a-r- c:\users\aarena\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-10-02 21:18 . 2009-10-02 21:18 89813 ----a-w- c:\users\aarena\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-10-02 04:06 . 2009-10-19 20:12 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-01 19:32 . 2009-10-01 19:32 -------- d-----w- c:\windows\Fonts\AdvUninstal
2009-09-29 18:18 . 2009-09-29 18:18 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-25 22:13 . 2009-09-25 22:13 26801794 ----a-w- c:\users\aarena\AppData\Roaming\Dropbox\bin\Dropbox.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-01-16 09:33 . 2009-09-04 18:51 396288 --sha-w- c:\windows\Windows Mail\WinMail.exe
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 22:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\aarena\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\aarena\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\aarena\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-28 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-08 75048]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-25 198160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-18 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-4 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKLM\~\startupfolder\C:^Users^aarena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-09-04 18:44 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [9/4/2009 2:07 PM 114768]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 6:52 PM 48128]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/19 00:44];c:\program files\CyberLink\PowerDVD9\000.fcl [5/7/2009 9:05 PM 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [9/4/2009 2:07 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [9/4/2009 2:07 PM 53328]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [7/13/2009 6:19 PM 20992]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/17/2009 1:02 PM 19160]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\System32\drivers\ndiszapu.sys [11/25/2009 7:15 PM 26000]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [8/21/2009 8:24 PM 66592]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [7/13/2009 6:52 PM 14336]
S2 gupdate1ca2da519842d0;Google Update Service (gupdate1ca2da519842d0);c:\program files\Google\Update\GoogleUpdate.exe [9/4/2009 4:16 PM 133104]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [12/16/2009 7:39 PM 312592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/17/2009 1:02 PM 276816]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [10/17/2009 7:26 AM 16896]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [7/13/2009 5:13 PM 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 5:13 PM 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [7/13/2009 5:13 PM 661504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [7/13/2009 7:18 PM 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
Trusted Zone: apple.com\ax.itunes
Trusted Zone: mgsionline.com\aapdc
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{dd1d5372-6469-4301-8760-cbf0980bf4ae} - (no file)
Toolbar-{dd1d5372-6469-4301-8760-cbf0980bf4ae} - (no file)
WebBrowser-{DD1D5372-6469-4301-8760-CBF0980BF4AE} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-12-17 22:04:41
ComboFix-quarantined-files.txt 2009-12-18 03:04

Pre-Run: 229,106,622,464 bytes free
Post-Run: 228,786,503,680 bytes free

- - End Of File - - A1AF0CDA43DA9BBC680C9B5A5EBECEC0

BC AdBot (Login to Remove)

 


#2 Andrew Arena

Andrew Arena
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 17 December 2009 - 11:19 PM

I also ran this program

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:16 on 17/12/2009 by aarena (Administrator - Elevation successful)

========== filefind ==========

Searching for "iastor.sys"
No files found.

-=End Of File=-

#3 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:16 PM

Posted 30 December 2009 - 11:06 AM

Hello and welcome to Bleeping Computer!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#4 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:01:16 PM

Posted 04 January 2010 - 07:57 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users