Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect infection


  • Please log in to reply
10 replies to this topic

#1 raleighNW

raleighNW

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 30 June 2011 - 11:57 AM

Apparently clicked on a bad link yesterday while Googling something. AVG popped up with a notification of a Trojan that had been quarantined (Agent_r AIQ, Application Data\cleanddm.exe), but the damage was already done, and now Google search results redirect (in FF, IE, Chrome) to becoolsearch.com, Facebook advertisements, etc.

I tried running Spybot Search & Destroy but made the mistake of downloading the unstable beta version. It caught a few malware items, but caused boot up problems on restart and a mess of errors. I got that resolved, but am still having the redirect issue.

GMER and DDS logs are attached. This is my work computer so I may not have access to it until 7/5 to run additional reports, but let me know what else I can provide that would be helpful.

Thanks for your help.

-----------------------------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Hanna at 19:49:26.67 on Wed 06/29/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1979.815 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Documents and Settings\Hanna\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.4\pdfforgeToolbarIE.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.4\pdfforgeToolbarIE.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.4\pdfforgeToolbarIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\hanna\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263066877265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263066872875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 184.107.64.188 www.google.com
Hosts: 184.107.64.189 search.yahoo.com
Hosts: 184.107.64.189 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\hanna\applic~1\mozilla\firefox\profiles\o7ei1y35.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\spybot - search & destroy 2\SDFWSvc.exe [2011-6-29 3585696]
R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\spybot - search & destroy 2\SDMonSvc.exe [2011-6-29 3834456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-6-29 3515656]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-6-29 3769048]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-10-20 241880]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-9 110080]
S1 MpKslf3818085;MpKslf3818085;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5aaf97fe-a326-4363-bdac-50e67bcd750e}\mpkslf3818085.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5aaf97fe-a326-4363-bdac-50e67bcd750e}\MpKslf3818085.sys [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-6-29 167040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-9 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-12-13 30192]
.
=============== Created Last 30 ================
.
2011-06-30 02:23:11 372 ----a-w- c:\documents and settings\hanna\Quarantine.reg
2011-06-30 00:40:21 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-06-30 00:39:21 770384 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-30 00:39:21 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-30 00:39:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-06-28 16:59:47 -------- d-----w- c:\docume~1\hanna\applic~1\Search Settings
2011-06-28 16:59:31 -------- d-----w- c:\program files\pdfforge Toolbar
2011-06-28 16:59:31 -------- d-----w- c:\program files\common files\Spigot
2011-06-28 16:59:31 -------- d-----w- c:\program files\Application Updater
2011-06-27 17:02:48 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-27 17:02:47 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-13 16:35:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-04-12 01:36:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-12 01:35:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 19:50:21.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:59 PM

Posted 30 June 2011 - 04:49 PM

Hello raleighNW ,

Posted Image

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You'll HAVE to uninstall AVG completely for this to work.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to .exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 raleighNW

raleighNW
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 30 June 2011 - 06:13 PM

Here is the ComboFix log. Thanks

ComboFix 11-06-30.03 - Hanna 06/30/2011 15:33:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1979.1239 [GMT -7:00]
Running from: c:\documents and settings\Hanna\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 17:13 . 2011-06-30 17:13 -------- d-----w- c:\program files\Common Files\Java
2011-06-30 02:23 . 2011-06-30 22:54 372 ----a-w- c:\documents and settings\Hanna\Quarantine.reg
2011-06-30 02:03 . 2011-06-30 02:03 318 ----a-w- c:\documents and settings\Guest\Quarantine.reg
2011-06-30 02:03 . 2011-06-30 02:03 -------- d-----w- c:\documents and settings\Guest\Application Data\AVG10
2011-06-30 02:02 . 2011-06-30 02:02 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Google
2011-06-30 00:40 . 2009-01-25 20:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-06-30 00:39 . 2011-05-11 03:19 770384 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-30 00:39 . 2011-01-07 22:39 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-30 00:39 . 2011-06-30 01:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-06-28 16:59 . 2011-06-28 16:59 -------- d-----w- c:\documents and settings\Hanna\Application Data\Search Settings
2011-06-28 16:59 . 2011-06-28 16:59 -------- d-----w- c:\program files\Application Updater
2011-06-28 16:59 . 2011-06-28 16:59 -------- d-----w- c:\program files\pdfforge Toolbar
2011-06-28 16:59 . 2011-06-28 16:59 -------- d-----w- c:\program files\Common Files\Spigot
2011-06-27 17:02 . 2011-06-27 17:02 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 17:02 . 2011-06-27 17:02 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-13 16:35 . 2011-06-13 16:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 11:52 . 2011-04-12 01:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 09:25 . 2011-04-12 01:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-27 17:02 . 2011-04-15 01:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-12-13 20:26 . 2010-12-13 20:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-06-01 16007168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-08 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-08 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-08 142872]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-01 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-13 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-07 532320]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-05-11 5607080]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-05-11 5806912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Canon\\Network ScanGear\\SgTool.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFWSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDMonSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [5/6/2011 5:33 PM 393112]
R2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\Spybot - Search & Destroy 2\SDFWSvc.exe [6/29/2011 5:40 PM 3585696]
R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\Spybot - Search & Destroy 2\SDMonSvc.exe [6/29/2011 5:40 PM 3834456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [6/29/2011 5:40 PM 3515656]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [6/29/2011 5:40 PM 3769048]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/20/2009 2:10 PM 241880]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [1/9/2010 12:51 PM 110080]
S1 MpKslf3818085;MpKslf3818085;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5AAF97FE-A326-4363-BDAC-50E67BCD750E}\MpKslf3818085.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5AAF97FE-A326-4363-BDAC-50E67BCD750E}\MpKslf3818085.sys [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [6/29/2011 5:40 PM 167040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/9/2010 12:49 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/13/2010 1:26 PM 30192]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-06-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1450960922-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
2011-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1450960922-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
2011-06-30 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-04-19 16:21]
.
2011-06-30 c:\windows\Tasks\User_Feed_Synchronization-{17499CB0-9609-4F5E-802C-CD22A5985F69}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 209.162.195.5
FF - ProfilePath - c:\documents and settings\Hanna\Application Data\Mozilla\Firefox\Profiles\o7ei1y35.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-30 15:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Background Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="URL Shortcut PropSetStorage Mapping"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\Instance]
"CLSID"="{942bc614-676c-464e-b384-d3202aaa02da}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft BrowserBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Fade Task"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE OrderListExport"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Desk Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shared Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE AutoComplete"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="TravelLog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Subscribe Dialog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Navigation Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDataObjectWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Site"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Band"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Document"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\ProgID]
@="xmlfile"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft History AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Tracking Shell Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE BandProxy"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Private Profile Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDropSourceWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Executable"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="INI Property Set Storage Handler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
@=expand:"ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE MRU AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Folder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\ShellFolder]
"Attributes"=dword:a0000000
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9c7a1728-b694-427a-94a2-a1b2c60f0360}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ShdocvwBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9c7a1728-b694-427a-94a2-a1b2c60f0360}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Free"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Shell Folder AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread Handshake"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Bands"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS FeedFolder Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Shell Name Space ListView"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Multiple AutoComplete List Container"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Microsoft Browser Architecture"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\ShellFolder]
"Attributes"=dword:a0000050
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Rebar BandSite"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Docking Bar Property Bag"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@="ieproxy.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories conditional cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Application State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Band Site Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ProtectedModeAPI"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="&Links"
"MenuTextPUI"="@ieframe.dll,-13138"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Registry Tree Options Utility"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE User Assist"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft CommBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Custom MRU AutoCompleted List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Moniker"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}]
@Class="REG_SZ"
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="IBrowserService"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\NumMethods]
@Class="REG_SZ"
@="33"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\ProxyStubClsid32]
@Class="REG_SZ"
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IBrowserFrame"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\NumMethods]
@="16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}]
@Class="REG_SZ"
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="IBrowserWindows"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}\NumMethods]
@Class="REG_SZ"
@="8"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}\ProxyStubClsid32]
@Class="REG_SZ"
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}]
@Class="REG_SZ"
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="ITravelLog"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\NumMethods]
@Class="REG_SZ"
@="14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\ProxyStubClsid32]
@Class="REG_SZ"
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabBrowserService"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\NumMethods]
@="6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}]
@Class="REG_SZ"
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="ITravelLogUI"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\NumMethods]
@Class="REG_SZ"
@="6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\ProxyStubClsid32]
@Class="REG_SZ"
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindow"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\NumMethods]
@="28"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindowManager"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\NumMethods]
@="17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\WININET.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\SoftwareDistribution\Download\c0374054817394c06e1150f2b5fba483\update\update.exe
.
**************************************************************************
.
Completion time: 2011-06-30 16:07:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-30 23:07
ComboFix2.txt 2011-03-31 20:57
.
Pre-Run: 272,570,134,528 bytes free
Post-Run: 272,761,671,680 bytes free
.
- - End Of File - - D7CC73186BE6202248C1FCA5B3850DFC

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:59 PM

Posted 30 June 2011 - 06:48 PM

Is this a new or old version of ComboFix....I see it was run back in March?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 raleighNW

raleighNW
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 30 June 2011 - 10:07 PM

I downloaded it from the link provided and ran the program from that. I did use ComboFix for another problem on this computer back in March, so maybe there was something left on the computer from that previous time. Let me know if I need to delete something and run it again.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:59 PM

Posted 30 June 2011 - 11:25 PM

Thanks for the info. :thumbup2:

Not seeing what I thought I would see there.....let's try this :

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Do you use a router?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 raleighNW

raleighNW
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 01 July 2011 - 11:01 AM

Thanks for your reply. I'll be out of the office for a few days and won't have access to the computer, but I will follow up with the requested information as soon as possible. We do use a router - I don't remember the exact type, but I believe it is Linksys, and probably several years old.

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:59 PM

Posted 01 July 2011 - 02:09 PM

See you when you get back. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 raleighNW

raleighNW
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 05 July 2011 - 04:16 PM

Hi Tea,

Back from the holiday weekend. Looks like MBAM didn't detect anything - but I'm still having the problem.

More about the router: It's an Actiontec wireless modem/router, model GT701-WG. It came from Qwest as part of our DSL package, and it's probably 5-6 years old. Probably more info than you need, but just in case...

Let me know if there's any other info that would be helpful.

Thanks

-------------------------------------------------


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7029

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/5/2011 1:50:45 PM
mbam-log-2011-07-05 (13-50-45).txt

Scan type: Quick scan
Objects scanned: 192756
Time elapsed: 25 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 raleighNW

raleighNW
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 07 July 2011 - 12:20 PM

This issue seems to have resolved itself - I am no longer getting the redirects as of this morning. I didn't run any additional repair or diagnostic tools, but we had to do a hard reset on our router a few times yesterday because of connectivity problems. I've since learned that redirect malware can establish itself in a router, so maybe that was what was going on and the reset flushed it out. Thanks for your help - I'll check in again if anything else comes up.

#11 raleighNW

raleighNW
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 07 July 2011 - 12:30 PM

Oops - I spoke too soon. The redirects are now happening again. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users