Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engines in IE keep redirecting me


  • This topic is locked This topic is locked
2 replies to this topic

#1 monolith021

monolith021

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 18 June 2011 - 11:19 PM

I have been trying everything to remove something that is redirecting any searches I do in Yahoo or Google in Internet Explorer. I have Chrome on my system, and it's not affected. And IE works fine as long as I'm not doing anything in a search engine.

Here is my dds log. And I am attaching the attach file.

Any help would be appreciated.

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by monolith2 at 23:10:55 on 2011-06-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2095 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\AESTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\OSD\Service1.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [FAStartup]
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.14/uploader2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{46F825B2-790A-4120-9670-0F1607812B5C}\478656F46666963656 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{46F825B2-790A-4120-9670-0F1607812B5C}\C4F6475737D27657563747 : DhcpNameServer = 97.64.168.12 97.64.183.165 192.168.33.1
TCP: Interfaces\{46F825B2-790A-4120-9670-0F1607812B5C}\C696E6B6379737 : DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{46F825B2-790A-4120-9670-0F1607812B5C}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{851E656C-3B1A-4D84-95BB-7BADA9D96F07} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [FAStartup]
mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/11/30 17:30:38];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-16 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\AESTSr64.exe [2009-11-30 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2009-7-15 13624]
R2 CustomSvc;Vista Session Launcher Service;C:\Program Files\OSD\Service1.exe [2009-11-30 13312]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2009-6-24 2368776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-5-25 2151128]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-22 1153368]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-5-29 17152]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-8 135664]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-8 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-06-18 20:46:47 388096 ----a-r- C:\Users\monolith2\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-18 20:46:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-06-18 18:47:49 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-06-18 08:40:43 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E14D9902-BFC9-47F1-8FB4-6997B10E9034}\mpengine.dll
2011-06-16 16:10:38 -------- d-----w- C:\Users\monolith2\AppData\Local\{3FD5DEC3-0DB6-4264-A0D7-64A4185D0307}
2011-06-16 16:09:52 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-16 04:12:07 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 04:12:07 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 04:12:06 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-16 04:12:06 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-16 04:12:06 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-16 04:12:05 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-16 04:12:01 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-16 04:12:01 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-16 04:11:58 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-16 04:11:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-16 04:11:49 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-16 04:11:48 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-16 04:11:48 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-12 15:20:06 -------- d-----we C:\Windows\system64
2011-06-10 13:31:34 -------- d-----w- C:\Users\monolith2\AppData\Local\{F3D996CC-E0C1-4B01-B1D5-BC72D824EA5D}
2011-06-10 02:19:41 98816 ----a-w- C:\Windows\sed.exe
2011-06-10 02:19:41 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-10 02:19:41 256512 ----a-w- C:\Windows\PEV.exe
2011-06-10 02:19:41 208896 ----a-w- C:\Windows\MBR.exe
2011-06-06 13:28:06 -------- d-----w- C:\Users\monolith2\AppData\Local\{63E50966-C803-4D65-A20F-8A2E297499FC}
2011-06-06 01:13:12 -------- d-----w- C:\Users\monolith2\AppData\Roaming\SUPERAntiSpyware.com
2011-06-06 01:13:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-06 01:13:07 -------- d-----w- C:\ProgramData\!SASCORE
2011-06-06 01:13:03 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-04 01:25:35 -------- d-----w- C:\Users\monolith2\AppData\Local\{7C547BBD-4653-4F7F-8346-A914771ADB70}
2011-05-30 13:08:30 -------- d-----w- C:\Users\monolith2\AppData\Local\{CED6F2A1-5425-4176-9F8F-AA96A53A7E85}
2011-05-30 04:17:50 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-05-30 04:13:48 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-05-30 04:13:45 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-05-30 00:37:04 -------- d-----w- C:\Users\monolith2\AppData\Local\{14FD2FB4-D4EC-4C3D-8063-DAA30A658E8E}
2011-05-29 13:37:03 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:36:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-29 07:55:03 -------- d-----w- C:\Windows\System32\SPReview
2011-05-29 07:53:57 -------- d-----w- C:\Windows\System32\EventProviders
2011-05-29 07:51:20 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-05-29 07:51:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-05-29 07:51:11 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-05-29 07:51:06 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2011-05-29 07:51:06 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2011-05-29 07:51:06 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-05-29 07:51:06 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-05-29 07:51:05 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2011-05-29 07:51:02 3215872 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-05-29 07:49:59 605696 ----a-w- C:\Windows\System32\wmpeffects.dll
2011-05-29 07:48:59 95232 ----a-w- C:\Windows\System32\cca.dll
2011-05-29 07:47:59 8192 ----a-w- C:\Windows\System32\KBDTUF.DLL
2011-05-29 07:43:51 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-05-29 07:43:51 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-05-29 07:43:50 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-05-29 07:43:34 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-05-29 07:43:28 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-05-29 07:42:34 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-05-29 07:42:33 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-05-29 03:51:37 -------- d-----w- C:\Users\monolith2\AppData\Local\{B0D6695D-AEBC-42FB-8A0D-20F3A68001D5}
2011-05-28 06:13:38 -------- d-----w- C:\TuneUp Duplicates
2011-05-25 03:51:01 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-25 03:51:01 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-25 03:50:51 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-25 03:48:07 -------- d-----w- C:\Users\monolith2\AppData\Local\{D0829208-0200-451C-8018-EB195E14CF6C}
2011-05-21 01:49:47 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6566E679-5ED5-4641-9693-0C7D367F97C6}\gapaengine.dll
2011-05-21 01:49:12 -------- d--h--w- C:\Users\monolith2\AppData\Local\{2825B713-C0C3-446F-945F-B0C015D079E5}
.
==================== Find3M ====================
.
2011-05-29 14:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-29 08:03:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-29 08:03:20 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-09 23:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-09 23:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-03-25 03:29:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-03-25 03:29:14 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-03-25 03:29:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-03-25 03:29:04 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-03-25 03:29:04 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-03-25 03:29:03 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-03-25 03:28:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
.
============= FINISH: 23:11:46.58 ===============

BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:10 PM

Posted 26 June 2011 - 04:14 PM

Hi monolith021, and welcome to Bleeping Computer.

I see you've probably used ComboFix in the past, anyway, please do the following:

Firstly,
It looks like you have or used to have two antivirus programs installed:
- Lavasoft Ad-Watch Live! Anti-Virus
- Microsoft Security Essentials

It's not recommended to run more than one antivirus program in resident mode because they can conflict with each other.
I strongly suggest you either disable a real time protection or uninstall one of these programs. Please let me know what you decide...

Secondly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Thirdly,
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Post the log from ComboFix when you've accomplished that.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:10 PM

Posted 03 July 2011 - 05:10 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users