Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible browser hijack/redirect. please help. thanks


  • This topic is locked This topic is locked
37 replies to this topic

#1 danasince1979

danasince1979

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 25 March 2011 - 10:17 PM

i keep getting popups and browser redirects. can someone please help me out here? thanks in advance....
(gmer scan keeps hanging)
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by bethanddana at 17:20:28.47 on Fri 03/25/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4057.1740 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Subsonic\subsonic-service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Subsonic\subsonic-agent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\bethanddana\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
E:\Software\HijackThis v2.0.2\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\bethanddana\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
uRun: [OUU6KC5WPX] C:\Users\BETHAN~1\AppData\Local\Temp\Vkg.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\BETHAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\bethanddana\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Subsonic.lnk - C:\Program Files (x86)\Subsonic\subsonic-agent.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
AppInit_DLLs-X64: avgrssta.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BETHAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\itd4xe2f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Users\bethanddana\AppData\Roaming\Mozilla\Firefox\Profiles\itd4xe2f.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\bethanddana\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\bethanddana\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\bethanddana\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\bethanddana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\bethanddana\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-2-24 56008]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-3-18 69152]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-2-24 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-2-24 35536]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-2-24 317520]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-6-21 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-2-4 1263728]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-25 363344]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-27 2253688]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-27 172704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-2-27 24152]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-10-6 6952960]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-9-27 69152]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 STHall;ST ScreenDetection Service;C:\Windows\System32\drivers\STHall.sys [2009-11-10 23088]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-2-27 95024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 135664]
S3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2009-9-27 23912]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-12-4 138752]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-9-27 5435904]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-03-25 22:51:09 709456 ----a-w- C:\Windows\isRS-000.tmp
2011-03-25 22:09:24 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2011-03-25 21:57:03 149504 --sha-r- C:\Windows\SysWow64\tsgqecp.dll
2011-03-25 21:36:33 -------- d-----w- C:\Program Files (x86)\Subsonic
2011-03-14 15:13:38 -------- d--h--w- C:\PROGRA~3\Common Files
2011-03-12 21:05:00 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-12 21:05:00 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-12 21:04:59 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-12 21:04:59 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-12 21:04:59 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-12 21:04:59 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-12 21:04:59 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-12 21:04:59 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-12 18:28:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 18:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-10 17:54:40 -------- d-----w- C:\Windows\System32\SPReview
2011-03-10 17:53:59 -------- d-----w- C:\Windows\System32\EventProviders
2011-03-10 17:50:56 933888 ----a-w- C:\Windows\System32\sqlsrv32.dll
2011-03-10 17:49:59 90112 ----a-w- C:\Windows\SysWow64\olepro32.dll
2011-03-10 17:48:59 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-03-10 17:48:59 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-03-10 17:46:35 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-03-10 17:46:34 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-03-10 17:46:34 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-03-10 17:46:27 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-03-10 17:46:18 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-03-10 17:45:52 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-03-10 17:45:52 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-03-10 17:18:16 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-03-10 17:18:16 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-03-10 09:03:18 -------- d-----w- C:\21fea1ef59f9c7016224
2011-03-10 05:11:04 -------- d-----w- C:\subsonic
2011-03-04 23:33:28 -------- d-----r- C:\Users\bethanddana\Dropbox
2011-03-04 23:29:51 -------- d-----w- C:\Users\BETHAN~1\AppData\Roaming\Dropbox
2011-03-04 18:47:34 -------- d-----w- C:\Users\BETHAN~1\AppData\Roaming\Unified Remote
2011-03-04 18:47:27 -------- d-----w- C:\Program Files (x86)\Unified Remote
2011-03-04 18:36:12 -------- d-----w- C:\Users\BETHAN~1\AppData\Local\Relmtech
2011-03-04 17:35:06 -------- d-----w- C:\Users\BETHAN~1\AppData\Local\assembly
2011-02-27 07:06:06 -------- d-----w- C:\PROGRA~3\IsolatedStorage
2011-02-27 07:05:59 -------- d-----w- C:\Users\BETHAN~1\AppData\Roaming\MonkeyTunes
.
==================== Find3M ====================
.
2011-03-10 18:01:04 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-10 18:01:04 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-22 23:51:58 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 07:26:23 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-02-19 07:26:23 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-02-19 07:25:47 214816 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-04 19:33:04 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 17:23:33.09 ===============

edit:

i seem to have gotten rid of the popups and all of the virus scans are coming back clean but i m still getting the browser redirects and the windows security cente ris off and won t let me turn it back on

and here is my gmer log:

EDIT: Posts merged ~BP

Attached Files

  • Attached File  ark.log   3.58KB   0 downloads

Edited by Budapest, 27 March 2011 - 04:38 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:37 AM

Posted 31 March 2011 - 07:20 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 31 March 2011 - 11:33 AM

First of all, thanks so much for getting back to me, I am definitely still in need of some help over here. I was able to clean most of the obvious malware off by removing anything that came up in an AVG or Malwarebytes scan and at this time am not finding any objects with scans but am still receiving a notification that the windows security service is disabled and I can't turn it back on. I am also still getting the browser redirects when I click on any search results.

My system information is:

Windows 7 Home Premium
Service Pack 1
Intel Core 2 Duo T6600 @ 2.20GHz
64 bit
4GB RAM

and yes I am able to use my CD/DVD

Again thanks so much for taking the time to help me out here.

Here are my OTL logs (see attachments):
Attached File  OTL.Txt   378.06KB   2 downloads
Attached File  Extras.Txt   71.33KB   1 downloads

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:37 AM

Posted 31 March 2011 - 11:50 AM

Hi,

please try running kenco next:
Please download Kenco.exe and save it to your desktop.
  • Double-click on Kenco.exe to run it (if you get a security warning, click run).
  • You will see a black command window and shortly a logfile will be opened. Note - Kenco.log will be saved on your desktop.
  • In order to complete the cleaning process, Kenco.exe may need to reboot your computer.
Please copy/paste the contents of kenco.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 31 March 2011 - 11:54 AM

here you are:

Kenco by jpshortstuff (31.12.09.1)
Log created at 10:53 on 31/03/2011 (bethanddana)

========== Task Unlocker ==========
C:\Windows\Tasks\Ofpcrrka.job -> Unlocked!

========== KencoScan ==========
C:\Windows\SysWOW64\tsgqecp.dll -> Unlocked!
C:\Windows\system32\shacct.dll -> Error setting security information [5]!

========== C:\Windows\Tasks ==========
GoogleUpdateTaskMachineCore.job -> [03:47 18/11/2009] 904 bytes
GoogleUpdateTaskMachineUA.job -> [03:47 18/11/2009] 908 bytes
GoogleUpdateTaskUserS-1-5-21-1206925806-1016507645-604537158-1001Core.job -> [16:12 25/11/2009] 880 bytes
GoogleUpdateTaskUserS-1-5-21-1206925806-1016507645-604537158-1001UA.job -> [16:12 25/11/2009] 932 bytes
Ofpcrrka.job -> [21:57 25/03/2011] 316 bytes
PCDoctorBackgroundMonitorTask.job -> [17:03 20/11/2010] 564 bytes
SystemToolsDailyTest.job -> [17:03 20/11/2010] 422 bytes

-=E.O.F=-

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:37 AM

Posted 31 March 2011 - 12:02 PM

Hi,

please run this scan next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    [2011/03/30 13:02:57 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2011/03/25 15:57:03 | 000,149,504 | RHS- | C] () -- C:\Windows\SysWow64\tsgqecp.dll
    [2011/03/25 15:57:03 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\Ofpcrrka.job
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Let me know if the redirects stop.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 31 March 2011 - 12:18 PM

fix log:

========== OTL ==========
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
C:\Windows\SysWOW64\tsgqecp.dll moved successfully.
C:\Windows\Tasks\Ofpcrrka.job moved successfully.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.22.3 log created on 03312011_110651

follow up scan log:

saying it's too long to post and too big to attach

So here it is at Mediafire:

http://www.mediafire.com/?5egnw4k1u34gkd8

and I'm still getting the redirects

Edited by danasince1979, 31 March 2011 - 12:22 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:37 AM

Posted 31 March 2011 - 12:47 PM

Hi,


do you use a router? Are the redirects only in one browser or all?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 31 March 2011 - 12:52 PM

Yes i am using a wireless router and the redirects seem to be happening in IE & Firefox but not Chrome

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:37 AM

Posted 31 March 2011 - 12:58 PM

Hi,

can you connect to the internet directly bypassing the router? Do the redirects stop then?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 31 March 2011 - 01:26 PM

Just bypassed the wireless router and am still getting the redirects. BTW windows security center is still disabled too.

#12 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 31 March 2011 - 02:05 PM

I've also just noticed that since running one of those last fixes that when I add an attachment to an email or open a file from a program that the windows explorer popup is showing hidden folders/files even though it doesn't show them directly in windows explorer.

edit: NM that

Edited by danasince1979, 31 March 2011 - 02:21 PM.


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:37 AM

Posted 31 March 2011 - 02:20 PM

Hi,

Please run ComboFix next in that case:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 31 March 2011 - 04:53 PM

here s my combofix log:

ComboFix 11-03-31.01 - bethanddana 03/31/2011 13:59:28.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4057.2325 [GMT -6:00]
Running from: c:\users\bethanddana\Desktop\ComboFix.exe
AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\PCDr\5744\Downloads\48edbc2f-6595-43d2-a911-c3713e9b499f.dll
c:\programdata\PCDr\5744\Downloads\5275e755-7d9f-4ddb-a61e-645d687f55e1.dll
c:\programdata\PCDr\5744\Downloads\86fa80c6-799b-4d0b-a3f5-f7886c10db2c.dll
c:\users\bethanddana\AppData\Roaming\Microsoft\Windows\Recent\BloggerTemplatesBlog.URL
c:\windows\system32\drivers\etc\pic.url
c:\windows\SysWow64\system
.
----- BITS: Possible infected sites -----
.
hxxp://www.dellcomms.dellfix.com
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 20:05 . 2011-03-31 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-31 17:06 . 2011-03-31 17:06 -------- d-----w- C:\_OTL
2011-03-31 01:03 . 2011-03-31 18:16 -------- d-----w- c:\users\bethanddana\Calibre Library
2011-03-31 01:03 . 2011-03-31 16:57 -------- d-----w- c:\users\bethanddana\AppData\Roaming\calibre
2011-03-31 01:02 . 2011-03-31 01:03 -------- d-----w- c:\program files (x86)\Calibre2
2011-03-30 06:06 . 2011-03-30 06:06 -------- d-----w- c:\program files (x86)\Sigil
2011-03-27 00:07 . 2011-03-25 08:03 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-27 00:05 . 2011-03-27 00:05 -------- dc-h--w- c:\programdata\{8790345A-AF70-4319-B9E7-AAA25C6DCD42}
2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\program files (x86)\Lavasoft
2011-03-25 21:36 . 2011-03-25 21:36 -------- d-----w- c:\program files (x86)\Subsonic
2011-03-20 06:27 . 2011-03-20 06:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-20 06:24 . 2011-03-20 06:24 -------- d-----w- c:\programdata\McAfee
2011-03-14 15:13 . 2011-03-14 15:13 -------- d--h--w- c:\programdata\Common Files
2011-03-12 21:05 . 2011-03-19 15:03 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-12 21:05 . 2011-03-19 15:03 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-12 21:04 . 2011-03-19 15:03 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-12 21:04 . 2011-03-19 15:03 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-12 21:04 . 2011-03-19 15:03 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-12 21:04 . 2011-03-19 15:03 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-12 21:04 . 2011-03-19 15:03 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-12 21:04 . 2011-03-19 15:03 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-10 17:54 . 2011-03-10 17:54 -------- d-----w- c:\windows\system32\SPReview
2011-03-10 17:53 . 2011-03-10 17:54 -------- d-----w- c:\windows\system32\EventProviders
2011-03-10 17:50 . 2010-11-20 13:33 366976 ----a-w- c:\windows\system32\drivers\msrpc.sys
2011-03-10 17:49 . 2010-11-20 13:27 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2011-03-10 17:48 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-03-10 17:48 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-03-10 17:46 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-10 17:46 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-10 17:46 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-10 17:46 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-10 17:46 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-10 17:45 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-03-10 17:45 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-03-10 17:18 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-10 17:18 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-03-10 09:03 . 2011-03-10 09:05 -------- d-----w- C:\21fea1ef59f9c7016224
2011-03-10 05:11 . 2011-03-30 18:00 -------- d-----w- C:\subsonic
2011-03-04 23:33 . 2011-03-31 19:51 -------- d-----r- c:\users\bethanddana\Dropbox
2011-03-04 23:29 . 2011-03-31 19:51 -------- d-----w- c:\users\bethanddana\AppData\Roaming\Dropbox
2011-03-04 18:47 . 2011-03-04 18:47 -------- d-----w- c:\users\bethanddana\AppData\Roaming\Unified Remote
2011-03-04 18:47 . 2011-03-04 18:47 -------- d-----w- c:\program files (x86)\Unified Remote
2011-03-04 18:36 . 2011-03-04 18:36 -------- d-----w- c:\users\bethanddana\AppData\Local\Relmtech
2011-03-04 17:35 . 2011-03-04 18:10 -------- d-----w- c:\users\bethanddana\AppData\Local\assembly
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 00:18 . 2010-02-27 18:23 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-13 21:55 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-10 18:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-10 18:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-04 16:56 . 2009-12-06 14:31 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-22 23:51 . 2011-02-22 23:51 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-02-19 07:26 . 2009-11-23 00:04 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-19 07:26 . 2009-11-23 00:04 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-02-19 07:25 . 2009-11-23 00:04 214816 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-02-04 19:33 . 2009-11-23 00:04 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-02-03 03:40 . 2010-05-25 17:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-21 13:36 . 2011-01-21 13:36 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-01-21 13:36 . 2011-01-21 13:36 413800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-01-21 13:36 . 2009-11-12 14:24 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-01-07 12:17 . 2011-02-22 22:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 12:17 . 2011-02-22 22:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 12:14 . 2011-02-10 02:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 09:20 . 2011-02-10 02:35 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 07:46 . 2011-02-22 22:17 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:46 . 2011-02-22 22:17 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-10 02:35 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:43 . 2011-02-10 02:35 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:56 . 2011-02-10 02:56 3129344 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\bethanddana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\bethanddana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\bethanddana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\bethanddana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2011-02-28 161280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\bethanddana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bethanddana\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
Subsonic.lnk - c:\program files (x86)\Subsonic\subsonic-agent.exe [2011-2-6 172032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-18 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-25 1405384]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-03-25 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 STHall;ST ScreenDetection Service;c:\windows\system32\DRIVERS\STHall.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-18 03:47]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-18 03:47]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206925806-1016507645-604537158-1001Core.job
- c:\users\bethanddana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 03:47]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206925806-1016507645-604537158-1001UA.job
- c:\users\bethanddana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 03:47]
.
2011-03-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\bethanddana\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\bethanddana\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\bethanddana\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\bethanddana\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 358912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SYSTEM32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\users\bethanddana\AppData\Roaming\Mozilla\Firefox\Profiles\itd4xe2f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-31 14:08:02
ComboFix-quarantined-files.txt 2011-03-31 20:08
.
Pre-Run: 378,643,034,112 bytes free
Post-Run: 378,538,496,000 bytes free
.
- - End Of File - - 5EB7335282E4F1840F32623D3B4548E3

I think that may've done the trick. I'm not getting the browser redirects as far as I can tell and MSC is working again.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:37 AM

Posted 31 March 2011 - 05:58 PM

I'm happy to hear that. :)

Please post a new log from OTL.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users