Solved Another victim, Firefox redirect with combofix log

Status
Not open for further replies.

mikmaze

Posts: 36   +0
ComboFix 10-07-22.01 - MIKE 07/22/2010 19:04:33.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3263.2285 [GMT -4:00]
Running from: c:\users\MIKE\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-22 23:11 . 2010-07-22 23:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-22 23:11 . 2010-07-22 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-22 23:11 . 2010-07-22 23:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-07-22 23:02 . 2010-07-22 23:03 -------- d-----w- C:\32788R22FWJFW
2010-07-22 21:16 . 2010-07-22 21:16 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2010-07-22 21:09 . 2010-07-22 21:29 -------- d-----w- c:\programdata\ParetoLogic
2010-07-22 21:09 . 2010-07-22 21:29 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-07-21 12:35 . 2010-07-21 12:35 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 12:35 . 2010-07-21 12:35 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-21 12:35 . 2010-07-21 12:35 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 12:35 . 2010-07-21 12:35 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 12:35 . 2010-07-21 12:35 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 00:47 . 2010-07-22 17:16 63488 ----a-w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-21 00:47 . 2010-07-21 00:47 52224 ----a-w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-21 00:47 . 2010-07-22 17:16 117760 ----a-w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-21 00:47 . 2010-07-21 00:47 -------- d-----w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com
2010-07-21 00:47 . 2010-07-21 00:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-21 00:47 . 2010-07-22 01:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-21 00:32 . 2010-07-21 00:32 -------- d-----w- c:\program files\Common Files\Java
2010-07-18 00:48 . 2010-07-22 20:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-18 00:47 . 2010-07-18 00:52 -------- d-----w- c:\programdata\Hitman Pro
2010-07-18 00:47 . 2010-07-18 00:47 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-17 21:51 . 2010-07-17 21:51 -------- d-----w- c:\users\MIKE\AppData\Local\Sunbelt Software
2010-07-17 21:39 . 2010-07-17 21:39 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-17 21:39 . 2010-07-12 08:56 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-16 12:41 . 2010-07-16 12:41 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-16 12:41 . 2010-07-16 12:41 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-16 12:40 . 2010-07-16 12:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:39 . 2010-07-16 12:39 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-16 12:39 . 2010-07-16 12:39 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-16 12:39 . 2010-07-16 12:39 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-16 12:39 . 2010-07-16 12:39 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-05 22:10 . 2010-07-05 22:10 -------- d-----w- c:\users\MIKE\AppData\Local\Cooliris
2010-07-05 22:10 . 2010-06-14 16:08 4687872 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-07-05 22:10 . 2010-06-14 16:08 545280 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-07-05 22:10 . 2010-06-14 16:08 4687360 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-07-05 22:10 . 2010-06-14 16:08 103424 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-07-05 22:10 . 2010-06-14 16:08 425984 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-07-05 22:10 . 2010-06-14 16:08 152064 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-07-05 22:10 . 2010-06-14 16:08 57856 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-06-28 21:19 . 2010-06-28 21:19 -------- d-----w- c:\users\MIKE\AppData\Roaming\Enplase
2010-06-23 07:00 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:00 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:00 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:00 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:00 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 00:31 . 2010-06-06 23:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 12:40 . 2009-12-16 22:32 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:40 . 2009-12-16 22:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 07:01 . 2009-12-19 15:43 -------- d-----w- c:\programdata\Microsoft Help
2010-07-12 08:55 . 2010-06-05 22:57 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-01-04 14:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-08 01:12 . 2009-12-23 01:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:36 . 2009-12-16 22:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 16:58 . 2009-12-16 22:48 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-05-27 07:24 . 2010-06-09 08:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 08:13 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 22:00 . 2009-12-16 22:32 -------- d-----w- c:\programdata\avg9
2010-05-26 00:15 . 2010-05-26 00:15 -------- d-----w- c:\program files\Wondershare
2010-05-21 05:18 . 2010-06-09 08:13 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-06-09 08:13 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-01-25 13:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-01-25 13:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-17_15.03.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-17 01:05 . 2010-07-22 21:58 29122 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-07-22 21:58 36528 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-06-05 22:57 . 2010-06-05 22:56 64288 c:\windows\System32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2010-06-05 22:57 . 2010-07-12 08:55 64288 c:\windows\System32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
- 2009-12-17 01:14 . 2010-07-17 12:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 01:14 . 2010-07-22 21:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 01:14 . 2010-07-22 21:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 01:14 . 2010-07-17 12:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-07-22 21:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-07-17 12:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-07-22 21:15 85688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 00:02 . 2010-07-22 23:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 00:02 . 2010-07-17 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 00:02 . 2010-07-17 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-17 00:02 . 2010-07-22 23:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-17 00:02 . 2010-07-22 23:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-17 00:02 . 2010-07-17 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-16 22:50 . 2010-07-17 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-16 22:50 . 2010-07-22 23:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-16 22:57 . 2010-07-22 21:58 7106 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2735080834-11081467-332214384-1001_UserData.bin
- 2010-06-23 07:16 . 2010-06-23 07:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-22 21:57 . 2010-07-22 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-22 21:57 . 2010-07-22 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-06-23 07:16 . 2010-06-23 07:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-07-22 22:01 618264 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-16 23:20 618264 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-07-22 22:01 104546 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-07-16 23:20 104546 c:\windows\System32\perfc009.dat
- 2010-06-06 23:29 . 2010-06-06 23:29 153376 c:\windows\System32\javaws.exe
+ 2010-07-21 00:32 . 2010-07-21 00:31 153376 c:\windows\System32\javaws.exe
- 2010-06-06 23:29 . 2010-06-06 23:29 145184 c:\windows\System32\javaw.exe
+ 2010-07-21 00:32 . 2010-07-21 00:31 145184 c:\windows\System32\javaw.exe
- 2010-06-06 23:29 . 2010-06-06 23:29 145184 c:\windows\System32\java.exe
+ 2010-07-21 00:32 . 2010-07-21 00:31 145184 c:\windows\System32\java.exe
+ 2010-07-21 00:32 . 2010-07-21 00:32 183808 c:\windows\Installer\ffa125e.msi
+ 2010-07-21 00:31 . 2010-07-21 00:31 681984 c:\windows\Installer\ffa1257.msi
+ 2009-07-14 02:03 . 2010-07-22 22:10 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-07-17 05:16 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-07-17 21:39 . 2010-07-17 21:39 1869312 c:\windows\Installer\7eaf728e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^MIKE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-16 12:40 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-06 18:52 1832232 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 16:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 16:52 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-01-30 16:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDiagnosticM]
2007-02-27 21:29 315392 ----a-w- c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 07:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 07:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
R2 MSWU-56c79e92;MSWU-56c79e92;c:\windows\system32\56c79e92.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\DRIVERS\lknuhst.sys [2006-12-15 13824]
S3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\DRIVERS\lknuhub.sys [2006-12-15 35840]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-22 19:13:39
ComboFix-quarantined-files.txt 2010-07-22 23:13
ComboFix2.txt 2010-07-17 15:05

Pre-Run: 73,448,296,448 bytes free
Post-Run: 73,404,821,504 bytes free

- - End Of File - - 5845FA688C3789BDEDB9B7A7D4B1B6BC
 
Never run Combofix on your own.
I can see, you ran Combofix before already.
I'd like to see ComboFix2.txt log.

Is Firefox the only browser affected?

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

======================================================================

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.



DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
DDS (Ver_10-03-17.01) - NTFSx86
Run by MIKE at 20:47:10.64 on Thu 07/22/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3263.1970 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MIKE\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PSDiagnosticM] "c:\program files\linksys wireless-g print server\PSDiagnosticM.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\5h6vm4il.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\5h6vm4il.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\5h6vm4il.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-5 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-16 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-16 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-16 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2009-12-17 13824]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2009-12-17 35840]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-5-8 16640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
S2 MSWU-56c79e92;MSWU-56c79e92;c:\windows\system32\56c79e92.exe --> c:\windows\system32\56c79e92.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]

=============== Created Last 30 ================

2010-07-23 00:12:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-07-23 00:10:47 0 d-----w- c:\windows\WindowsMobile
2010-07-22 23:12:46 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-22 21:16:04 3162 ----a-w- C:\rollback.ini
2010-07-22 21:09:07 0 d-----w- c:\programdata\ParetoLogic
2010-07-22 21:09:07 0 d-----w- c:\program files\common files\ParetoLogic
2010-07-21 00:47:19 0 d-----w- c:\users\mike\appdata\roaming\SUPERAntiSpyware.com
2010-07-21 00:47:19 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-21 00:47:12 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-18 00:48:24 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-18 00:47:37 0 d-----w- c:\programdata\Hitman Pro
2010-07-18 00:47:35 0 d-----w- c:\program files\Hitman Pro 3.5
2010-07-17 21:39:49 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-17 14:55:35 98816 ----a-w- c:\windows\sed.exe
2010-07-17 14:55:35 77312 ----a-w- c:\windows\MBR.exe
2010-07-17 14:55:35 256512 ----a-w- c:\windows\PEV.exe
2010-07-17 14:55:35 161792 ----a-w- c:\windows\SWREG.exe
2010-07-16 12:40:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-28 21:19:51 0 d-----w- c:\users\mike\appdata\roaming\Enplase
2010-06-23 07:00:33 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:00:33 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:00:33 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:00:33 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:00:33 1130824 ----a-w- c:\windows\system32\dfshim.dll

==================== Find3M ====================

2010-07-21 00:31:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 12:40:51 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:40:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 08:55:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-28 16:58:26 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-23 08:18:40 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:47:29.22 ===============
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4339

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/22/2010 8:56:13 PM
mbam-log-2010-07-22 (20-56-13).txt

Scan type: Quick scan
Objects scanned: 136137
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-22 21:11:53
Windows 6.1.7600
Running: bk5tnhgz.exe; Driver: C:\Users\MIKE\AppData\Local\Temp\kwlyipow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A052D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A04898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7C599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9283F340, 0x3EE217, 0xE8000020]
.text peauth.sys 9F81FC9D 28 Bytes [8F, B5, 53, B8, 30, 62, 2A, ...]
.text peauth.sys 9F81FCC1 28 Bytes [8F, B5, 53, B8, 30, 62, 2A, ...]
PAGE peauth.sys 9F825B9B 72 Bytes [A0, 73, EC, 75, B6, AF, AF, ...]
PAGE peauth.sys 9F825BEC 111 Bytes [2E, 22, F4, 18, 31, EC, 2A, ...]
PAGE peauth.sys 9F825E20 101 Bytes [64, A5, CD, 6C, 78, 17, AA, ...]
PAGE ...
? C:\Users\MIKE\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\Users\MIKE\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] ntdll.dll!LdrLoadDll 77C0F585 5 Bytes JMP 013213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1220] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1220] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1220] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1220] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3288] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3288] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3288] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3288] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C55E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
combo fix is what I got, if I need to run it again to find the log, I will. what part of dds do you need to see ?
 
DDS (Ver_10-03-17.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/16/2009 5:19:34 PM
System Uptime: 7/22/2010 5:56:36 PM (4 hours ago)

Motherboard: Quanta | | 30EA
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57 | Socket S1 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 100 GiB total, 67.983 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.724 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 298 GiB total, 279.397 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30EA103C&REV_12\4&2A4C3A5&0&2A40
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30EA103C&REV_12\4&2A4C3A5&0&2A40
Service:

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: FCR-HS219/1
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9738#094603005580&3#
Manufacturer: Kingston
Name: K:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9738#094603005580&3#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: WALKMAN NWZ-E345
Device ID: USB\VID_054C&PID_03FC\0E497423108382
Manufacturer: Sony Corporation
Name: WALKMAN
PNP Device ID: USB\VID_054C&PID_03FC\0E497423108382
Service: WUDFRd

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30EA103C&REV_12\4&2A4C3A5&0&2940
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30EA103C&REV_12\4&2A4C3A5&0&2940
Service:

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: FCR-HS219/1
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9738#094603005580&0#
Manufacturer: Kingston
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9738#094603005580&0#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: FCR-HS219/1
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9738#094603005580&1#
Manufacturer: Kingston
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9738#094603005580&1#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: FCR-HS219/1
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9738#094603005580&2#
Manufacturer: Kingston
Name: J:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9738#094603005580&2#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: WPD FileSystem Volume Driver
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SD#VID_17&OID_5457&PID_&REV_1.0#5&267FDEAA&0&0#
Manufacturer: Microsoft
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SD#VID_17&OID_5457&PID_&REV_1.0#5&267FDEAA&0&0#
Service: WUDFRd

==== System Restore Points ===================

RP107: 6/28/2010 5:48:24 PM - Removed Ask Toolbar.
RP108: 7/6/2010 12:27:33 AM - Scheduled Checkpoint
RP109: 7/14/2010 1:45:35 AM - Scheduled Checkpoint
RP110: 7/15/2010 3:00:20 AM - Windows Update
RP113: 7/16/2010 8:40:54 AM - Avg Update
RP114: 7/20/2010 8:29:26 PM - Removed Java(TM) 6 Update 20
RP115: 7/20/2010 8:31:42 PM - Installed Java(TM) 6 Update 21
RP117: 7/22/2010 5:08:39 PM - Installed ParetoLogic Anti-Virus PLUS.
RP118: 7/22/2010 5:28:09 PM - Removed ParetoLogic Anti-Virus PLUS.
RP119: 7/22/2010 5:28:45 PM - Removed ParetoLogic Anti-Virus PLUS.
RP120: 7/22/2010 8:11:10 PM - Installed Windows Mobile Device Center

==== Installed Programs ======================

µTorrent
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader 9.3.3
Adobe® Flash® Player 10 ActiveX
Apple Application Support
Apple Software Update
AVG Free 9.0
Belarc Advisor 8.1
CCleaner
Conexant HD Audio
Content Transfer
CopperHeadEFI
EPSON Printer Software
EPSON Scan
Google Earth
HDAUDIO Soft Data Fax Modem with SmartCP
HP OrderReminder
Java Auto Updater
Java(TM) 6 Update 21
LaserJet 1018
Linksys Wireless-G Print Server
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Drivers
NVIDIA PhysX
NWZ-E340 WALKMAN Guide
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Sothink Logo Maker
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Wondershare Streaming Audio Recorder(Build 1.0.10.1)

==== Event Viewer Messages From Past Week ========

7/22/2010 8:11:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR1.
7/22/2010 7:22:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TIM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{594F5156-0126-46CD-A862-30D07FF5B7B. The master browser is stopping or an election is being forced.
7/22/2010 7:11:15 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/22/2010 5:57:12 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Unknown Error Processor ID: 1 The details view of this entry contains further information.
7/22/2010 5:28:41 PM, Error: Service Control Manager [7034] - The plasservice service terminated unexpectedly. It has done this 1 time(s).
7/21/2010 9:16:26 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
7/17/2010 8:57:42 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HOLLY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{594F5156-0126-46CD-A862-30D07FF5B. The master browser is stopping or an election is being forced.
7/17/2010 6:01:59 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
7/17/2010 5:51:18 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================
 
Thank you :)

Are you still being redirected?

Please, navigate to:
C:\Qoobox
Open ComboFix-quarantined-files.txt in a Notepad, copy everything, and paste into your next reply.
 
yes, still getting redirected, quite annoying.

ComboFix 10-07-22.01 - MIKE 07/22/2010 19:04:33.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3263.2285 [GMT -4:00]
Running from: c:\users\MIKE\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-22 23:11 . 2010-07-22 23:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-22 23:11 . 2010-07-22 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-22 23:11 . 2010-07-22 23:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-07-22 23:02 . 2010-07-22 23:03 -------- d-----w- C:\32788R22FWJFW
2010-07-22 21:16 . 2010-07-22 21:16 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2010-07-22 21:09 . 2010-07-22 21:29 -------- d-----w- c:\programdata\ParetoLogic
2010-07-22 21:09 . 2010-07-22 21:29 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-07-21 12:35 . 2010-07-21 12:35 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 12:35 . 2010-07-21 12:35 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-21 12:35 . 2010-07-21 12:35 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 12:35 . 2010-07-21 12:35 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 12:35 . 2010-07-21 12:35 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 00:47 . 2010-07-22 17:16 63488 ----a-w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-21 00:47 . 2010-07-21 00:47 52224 ----a-w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-21 00:47 . 2010-07-22 17:16 117760 ----a-w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-21 00:47 . 2010-07-21 00:47 -------- d-----w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com
2010-07-21 00:47 . 2010-07-21 00:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-21 00:47 . 2010-07-22 01:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-21 00:32 . 2010-07-21 00:32 -------- d-----w- c:\program files\Common Files\Java
2010-07-18 00:48 . 2010-07-22 20:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-18 00:47 . 2010-07-18 00:52 -------- d-----w- c:\programdata\Hitman Pro
2010-07-18 00:47 . 2010-07-18 00:47 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-17 21:51 . 2010-07-17 21:51 -------- d-----w- c:\users\MIKE\AppData\Local\Sunbelt Software
2010-07-17 21:39 . 2010-07-17 21:39 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-17 21:39 . 2010-07-12 08:56 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-16 12:41 . 2010-07-16 12:41 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-16 12:41 . 2010-07-16 12:41 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-16 12:40 . 2010-07-16 12:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:39 . 2010-07-16 12:39 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-16 12:39 . 2010-07-16 12:39 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-16 12:39 . 2010-07-16 12:39 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-16 12:39 . 2010-07-16 12:39 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-05 22:10 . 2010-07-05 22:10 -------- d-----w- c:\users\MIKE\AppData\Local\Cooliris
2010-07-05 22:10 . 2010-06-14 16:08 4687872 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-07-05 22:10 . 2010-06-14 16:08 545280 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-07-05 22:10 . 2010-06-14 16:08 4687360 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-07-05 22:10 . 2010-06-14 16:08 103424 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-07-05 22:10 . 2010-06-14 16:08 425984 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-07-05 22:10 . 2010-06-14 16:08 152064 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-07-05 22:10 . 2010-06-14 16:08 57856 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-06-28 21:19 . 2010-06-28 21:19 -------- d-----w- c:\users\MIKE\AppData\Roaming\Enplase
2010-06-23 07:00 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:00 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:00 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:00 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:00 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 00:31 . 2010-06-06 23:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 12:40 . 2009-12-16 22:32 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:40 . 2009-12-16 22:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 07:01 . 2009-12-19 15:43 -------- d-----w- c:\programdata\Microsoft Help
2010-07-12 08:55 . 2010-06-05 22:57 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-01-04 14:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-08 01:12 . 2009-12-23 01:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:36 . 2009-12-16 22:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 16:58 . 2009-12-16 22:48 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-05-27 07:24 . 2010-06-09 08:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 08:13 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 22:00 . 2009-12-16 22:32 -------- d-----w- c:\programdata\avg9
2010-05-26 00:15 . 2010-05-26 00:15 -------- d-----w- c:\program files\Wondershare
2010-05-21 05:18 . 2010-06-09 08:13 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-06-09 08:13 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-01-25 13:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-01-25 13:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-17_15.03.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-17 01:05 . 2010-07-22 21:58 29122 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-07-22 21:58 36528 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-06-05 22:57 . 2010-06-05 22:56 64288 c:\windows\System32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2010-06-05 22:57 . 2010-07-12 08:55 64288 c:\windows\System32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
- 2009-12-17 01:14 . 2010-07-17 12:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 01:14 . 2010-07-22 21:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 01:14 . 2010-07-22 21:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 01:14 . 2010-07-17 12:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-07-22 21:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-07-17 12:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-07-22 21:15 85688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 00:02 . 2010-07-22 23:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 00:02 . 2010-07-17 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 00:02 . 2010-07-17 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-17 00:02 . 2010-07-22 23:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-17 00:02 . 2010-07-22 23:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-17 00:02 . 2010-07-17 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-16 22:50 . 2010-07-17 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-16 22:50 . 2010-07-22 23:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 22:50 . 2010-06-23 07:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-16 22:50 . 2010-07-22 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-16 22:57 . 2010-07-22 21:58 7106 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2735080834-11081467-332214384-1001_UserData.bin
- 2010-06-23 07:16 . 2010-06-23 07:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-22 21:57 . 2010-07-22 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-22 21:57 . 2010-07-22 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-06-23 07:16 . 2010-06-23 07:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-07-22 22:01 618264 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-16 23:20 618264 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-07-22 22:01 104546 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-07-16 23:20 104546 c:\windows\System32\perfc009.dat
- 2010-06-06 23:29 . 2010-06-06 23:29 153376 c:\windows\System32\javaws.exe
+ 2010-07-21 00:32 . 2010-07-21 00:31 153376 c:\windows\System32\javaws.exe
- 2010-06-06 23:29 . 2010-06-06 23:29 145184 c:\windows\System32\javaw.exe
+ 2010-07-21 00:32 . 2010-07-21 00:31 145184 c:\windows\System32\javaw.exe
- 2010-06-06 23:29 . 2010-06-06 23:29 145184 c:\windows\System32\java.exe
+ 2010-07-21 00:32 . 2010-07-21 00:31 145184 c:\windows\System32\java.exe
+ 2010-07-21 00:32 . 2010-07-21 00:32 183808 c:\windows\Installer\ffa125e.msi
+ 2010-07-21 00:31 . 2010-07-21 00:31 681984 c:\windows\Installer\ffa1257.msi
+ 2009-07-14 02:03 . 2010-07-22 22:10 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-07-17 05:16 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-07-17 21:39 . 2010-07-17 21:39 1869312 c:\windows\Installer\7eaf728e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^MIKE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-16 12:40 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-06 18:52 1832232 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 16:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 16:52 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-01-30 16:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDiagnosticM]
2007-02-27 21:29 315392 ----a-w- c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 07:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
R2 MSWU-56c79e92;MSWU-56c79e92;c:\windows\system32\56c79e92.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\DRIVERS\lknuhst.sys [2006-12-15 13824]
S3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\DRIVERS\lknuhub.sys [2006-12-15 35840]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-22 19:13:39
ComboFix-quarantined-files.txt 2010-07-22 23:13
ComboFix2.txt 2010-07-17 15:05

Pre-Run: 73,448,296,448 bytes free
Post-Run: 73,404,821,504 bytes free

- - End Of File - - 5845FA688C3789BDEDB9B7A7D4B1B6BC
 
the redirects happen like this, say I go to bing, type in overstock on the search bar, result page comes up, shows the link for overstock, but when I hover I can see its not going to go well, I can see the bs down the bottom of the page with what should be the link to overstock, is not that at all, and if I click the link to overstock, it takes me to the ad site, car and driver, tons of crap sites that just irritates me to no end because I can not get rid of it, and it happens if I use IE also.

EDIT well I am on east coast time here, and alarm clock goes off in 7 hours, I thank you for your help so far but I need to get some sleep. cya tomorrow.
 
No problem :)
Don't worry, we'll fix your issue.

You posted another Combofix log.
What I asked was:

Please, navigate to:
C:\Qoobox
Open ComboFix-quarantined-files.txt in a Notepad, copy everything, and paste into your next reply.
 
here ya go.......

2010-07-17 15:04:33 . 2010-07-17 15:04:33 928 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg.dat
2010-07-17 15:04:22 . 2010-07-17 15:04:22 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2010-07-17 15:00:34 . 2010-07-22 23:08:29 4,991 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-17 14:55:30 . 2010-07-22 23:04:33 175 ----a-w- C:\Qoobox\Quarantine\catchme.log
 
Which browser is getting redirected?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\56c79e92.exe


Driver::
MSWU-56c79e92


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
I am dying here, tried starting combo fix like you said, it stopped runing 2 minutes into it, does that cf script text make the program run a different scan or can I just launch the program normally by clicking the icon ? I can find the combofix quarantined files, and the log which you said I posted twice already, I do not see , computer has no combofix.txt file that it can find.
 
tried your way in safe mode, I end up with the same log, maybe its the new version of combo fix that is saving the file in a different way/ format ?
 
Delete your Combofix file, download fresh one, but rename combofix.exe to broni.com BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe


  • * Double-click on the Rkill desktop icon to run the tool.
    * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    * If not, delete the file, then download and use the one provided in Link 2.
    * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    * Do not reboot until instructed.
    * If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now, drag CFScript.txt to broni.com
 
ok, rank rkill then broni,com....... here is the result, posted in two parts due to 2k charcture limit.

ComboFix 10-07-23.01 - MIKE 07/23/2010 18:08:27.7.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3263.2212 [GMT -4:00]
Running from: c:\users\MIKE\Desktop\broni.com.exe
Command switches used :: c:\qoobox\CFScript_used_2010-07-23_16.19.29.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-23 22:14 . 2010-07-23 22:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-23 22:14 . 2010-07-23 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 22:14 . 2010-07-23 22:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-07-23 22:05 . 2010-07-23 22:05 -------- d-----w- C:\32788R22FWJFW
2010-07-23 00:10 . 2010-07-23 00:11 -------- d-----w- c:\windows\WindowsMobile
2010-07-22 21:16 . 2010-07-22 21:16 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2010-07-22 21:09 . 2010-07-22 21:29 -------- d-----w- c:\programdata\ParetoLogic
2010-07-22 21:09 . 2010-07-22 21:29 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-07-21 00:47 . 2010-07-23 20:22 63488 ----a-w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-21 00:47 . 2010-07-21 00:47 52224 ----a-w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-21 00:47 . 2010-07-23 20:22 117760 ----a-w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-21 00:47 . 2010-07-21 00:47 -------- d-----w- c:\users\MIKE\AppData\Roaming\SUPERAntiSpyware.com
2010-07-21 00:47 . 2010-07-21 00:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-21 00:47 . 2010-07-22 01:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-21 00:32 . 2010-07-21 00:32 -------- d-----w- c:\program files\Common Files\Java
2010-07-18 00:48 . 2010-07-22 20:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-18 00:47 . 2010-07-18 00:52 -------- d-----w- c:\programdata\Hitman Pro
2010-07-18 00:47 . 2010-07-18 00:47 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-17 21:51 . 2010-07-17 21:51 -------- d-----w- c:\users\MIKE\AppData\Local\Sunbelt Software
2010-07-17 21:39 . 2010-07-17 21:39 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-17 21:39 . 2010-07-12 08:56 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-16 12:40 . 2010-07-16 12:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-05 22:10 . 2010-07-05 22:10 -------- d-----w- c:\users\MIKE\AppData\Local\Cooliris
2010-07-05 22:10 . 2010-06-14 16:08 4687872 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-07-05 22:10 . 2010-06-14 16:08 545280 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-07-05 22:10 . 2010-06-14 16:08 4687360 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-07-05 22:10 . 2010-06-14 16:08 103424 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-07-05 22:10 . 2010-06-14 16:08 425984 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-07-05 22:10 . 2010-06-14 16:08 152064 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-07-05 22:10 . 2010-06-14 16:08 57856 ----a-w- c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-06-28 21:19 . 2010-06-28 21:19 -------- d-----w- c:\users\MIKE\AppData\Roaming\Enplase

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 00:12 . 2010-07-23 00:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-07-21 00:31 . 2010-06-06 23:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 12:40 . 2009-12-16 22:32 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:40 . 2009-12-16 22:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 07:01 . 2009-12-19 15:43 -------- d-----w- c:\programdata\Microsoft Help
2010-07-12 08:55 . 2010-06-05 22:57 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-01-04 14:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-08 01:12 . 2009-12-23 01:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:36 . 2009-12-16 22:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 16:58 . 2009-12-16 22:48 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-05-27 07:24 . 2010-06-09 08:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 08:13 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 22:00 . 2009-12-16 22:32 -------- d-----w- c:\programdata\avg9
2010-05-26 00:15 . 2010-05-26 00:15 -------- d-----w- c:\program files\Wondershare
2010-05-21 05:18 . 2010-06-09 08:13 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-06-09 08:13 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-01-25 13:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-01-25 13:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-23_21.58.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-12-17 00:02 . 2010-07-23 21:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-17 00:02 . 2010-07-23 22:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-17 00:02 . 2010-07-23 22:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-17 00:02 . 2010-07-23 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-17 00:02 . 2010-07-23 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-17 00:02 . 2010-07-23 22:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-16 22:50 . 2010-07-23 22:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 22:50 . 2010-07-23 21:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^MIKE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-16 12:40 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-06 18:52 1832232 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 16:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 16:52 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-01-30 16:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDiagnosticM]
2007-02-27 21:29 315392 ----a-w- c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 07:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
 
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\DRIVERS\lknuhst.sys [2006-12-15 13824]
S3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\DRIVERS\lknuhub.sys [2006-12-15 35840]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\5h6vm4il.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-23 18:17:10
ComboFix-quarantined-files.txt 2010-07-23 22:17
ComboFix2.txt 2010-07-23 22:00

Pre-Run: 72,180,559,872 bytes free
Post-Run: 72,126,263,296 bytes free

- - End Of File - - 161DA0AF7A123E57699C1B1439518A1B
 
whatever you are asking me to do still generates the same log file in combofix.txt I right clicked and selected properties of the file and it is indeed labled combofix.txt.
 
Looks good now.
How is redirection?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
 
Status
Not open for further replies.
Back