[Active] Firefox browser redirects my search results

jerryandtabatha · Feb 12, 2011

Hello,
Yet another broswer redirect problem. I have WIn 7 64 bit, I use Firefox . I have not noticed this on IE ( but then again i dont really use it). When i search for something using google, i click on whatever result i want and i am redirected to a fake looking search engine site (with my search words). The websites are different each time but however they seem to alternate between like 5 different sites. On the TAB it says Jump when it does this.

I followed the 8 step post. Here are my logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5744

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/11/2011 11:46:20 PM
mbam-log-2011-02-11 (23-46-20).txt

Scan type: Quick scan
Objects scanned: 184483
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER
On this one, I did what it said, i opened the file and it ran rather quickly, then i clicked on save file and copy. But nothing was there just blank space.

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Tabatha at 0:11:12.34 on Sat 02/12/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.809 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Tabatha\Desktop\8 steps\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.startsearcher.com
BHO: {07B9D136-9E7F-A4A1-E6F2-43237D2DD2F4} - No File
BHO: {0FE4BD86-B042-4A99-B329-455DEB643C46} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {35831574-8F60-8D9E-9F39-AD79D179EE25} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
uRun: [MobiLink3] C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
FF - Ext: XUL Cache: {1d878283-d0e3-4b3b-87b1-2e7641d68d98} - %profile%\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-8-23 69152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-24 55856]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-2-11 273488]
R1 dtcdrom;dtcdrom;C:\Windows\SysWOW64\drivers\dtcdrom.sys [2010-9-18 234048]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-2-11 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-2-11 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-11 40384]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 DTNetService;DTNetService;C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe [2010-7-29 394560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-12 1405384]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-8-24 82432]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-19 1153368]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]
R3 NWVMModem;Virgin Mobile USB Modem Driver;C:\Windows\System32\drivers\nwvmmdm.sys [2009-5-15 213376]
R3 NWVMPort;Virgin Mobile USB Status Port Driver;C:\Windows\System32\drivers\nwvmser.sys [2009-5-15 213376]
R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;C:\Windows\System32\drivers\nwvmser2.sys [2009-5-15 213376]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-24 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-24 393728]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-7 135664]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-6 1255736]

=============== Created Last 30 ================

2011-02-12 01:56:01 -------- d-----w- C:\Program Files (x86)\WildGames
2011-02-12 01:34:40 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2011-02-11 22:13:18 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-11 22:12:48 38848 ----a-w- C:\Windows\avastSS.scr
2011-02-11 22:12:45 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-02-11 21:36:05 98816 ----a-w- C:\Windows\sed.exe
2011-02-11 21:36:05 89088 ----a-w- C:\Windows\MBR.exe
2011-02-11 21:36:05 256512 ----a-w- C:\Windows\PEV.exe
2011-02-11 21:36:05 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-11 20:31:26 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-02-11 17:57:14 -------- d-----w- C:\Users\Tabatha\AppData\Local\Sunbelt Software
2011-02-11 17:28:08 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-02-11 15:44:46 -------- d-----w- C:\Users\Tabatha\AppData\Roaming\Malwarebytes
2011-02-11 15:37:32 100352 ----a-w- C:\Windows\System32\Vxdif.dll
2011-02-11 15:37:31 301688 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys
2011-02-10 22:30:18 -------- d-----w- C:\Users\Tabatha\AppData\Local\Microsoft Games
2011-02-10 22:22:41 -------- d-----w- C:\PROGRA~3\MumboJumbo
2011-02-09 22:54:46 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-04 04:38:27 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-01-24 21:38:56 -------- d-----w- C:\PROGRA~3\MFAData
2011-01-24 03:48:07 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-01-24 03:42:45 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-01-24 03:42:39 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-24 02:39:08 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-01-24 02:39:08 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2011-01-24 02:39:08 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2011-01-24 02:39:08 464384 ----a-w- C:\Windows\System32\taskeng.exe
2011-01-24 02:39:08 285696 ----a-w- C:\Windows\System32\schtasks.exe
2011-01-24 02:39:08 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2011-01-24 02:39:08 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2011-01-24 02:39:08 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2011-01-24 02:39:07 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-01-24 02:39:07 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2011-01-24 02:38:06 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-24 02:38:06 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-24 02:38:06 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-24 02:38:06 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-24 02:38:05 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-24 02:38:05 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-24 02:38:05 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-24 02:38:05 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-24 02:38:05 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-24 02:38:05 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-24 02:37:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-01-24 02:37:34 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-01-24 02:32:05 395776 ----a-w- C:\Windows\System32\webio.dll
2011-01-24 02:32:05 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-01-24 02:30:46 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-01-24 02:30:46 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-01-24 02:30:46 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-01-24 02:30:44 112000 ----a-w- C:\Windows\System32\consent.exe
2011-01-23 21:14:35 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
2011-01-23 21:14:20 -------- d-----w- C:\PROGRA~3\Novatel Wireless
2011-01-23 21:13:44 -------- d-----w- C:\Program Files (x86)\Novatel Wireless

==================== Find3M ====================

2011-02-11 18:03:28 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-18 06:15:38 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:32:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-02 03:35:18 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-29 06:26:41 827392 ----a-w- C:\Windows\SysWow64\FLASH.OCX

============= FINISH: 0:11:40.00 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/29/2010 5:51:10 PM
System Uptime: 2/11/2011 11:07:02 PM (1 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | Microprocessor | 2194/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 166.841 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP74: 12/9/2010 11:13:00 AM - Scheduled Checkpoint
RP75: 12/21/2010 4:36:32 PM - Removed ArtRage 2 Starter Edition
RP76: 1/2/2011 5:04:05 PM - Scheduled Checkpoint
RP77: 1/11/2011 1:26:30 AM - Scheduled Checkpoint
RP78: 1/21/2011 10:26:56 PM - Scheduled Checkpoint
RP79: 1/23/2011 4:13:19 PM - Installed Virgin Mobile Broadband Modem Drivers.
RP80: 1/23/2011 4:13:58 PM - Installed MobiLink3.
RP81: 1/26/2011 10:55:29 AM - Windows Update
RP82: 1/28/2011 11:51:54 AM - Windows Update
RP83: 2/2/2011 1:01:21 PM - Windows Update
RP84: 2/9/2011 6:33:37 PM - Windows Update
RP85: 2/11/2011 4:19:39 PM - Installed Microsoft Fix it 50267
RP86: 2/11/2011 5:12:37 PM - avast! Free Antivirus Setup
RP87: 2/11/2011 8:16:09 PM - Installed Java(TM) 6 Update 23
RP88: 2/11/2011 8:55:02 PM - Installed QuickTime

==== Installed Programs ======================

7-Zip 4.65
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Audacity 1.2.6
avast! Free Antivirus
Banctec Service Agreement
Barnes & Noble Desktop Reader
Bible Explorer AMG Nave's Edition
BibleMax
BibleMax Noah Webster's Dictionary of American English
Big Fish Games: Game Manager
Broadband2Go
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
DAEMON Tools Net
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
DivX Setup
GameHouse Solitaire Challenge
GnuCash 2.2.9
Google Update Helper
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hive Drive
InstallVC90Support
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
K-Lite Mega Codec Pack 6.2.0
Ladybugs
LAME v3.98.2 for Audacity
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
Mystery Cookbook
National Geographic DogTown(TM)
PFPortChecker 1.0.36
Picasa 3
PowerDVD DX
QuickTime
QuickTime Alternative 3.2.2
REACTOR
RealPlayer
RealUpgrade 1.0
Roxio Burn
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Souptoys
Spybot - Search & Destroy
Stellarium 0.10.5
Super Yum Yum: Puzzle Adventures
TeamViewer 5
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.4053
Virgin Mobile Broadband Modem Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge - Adventure

==== Event Viewer Messages From Past Week ========

2/9/2011 6:38:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR129.
2/9/2011 5:10:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR127.
2/9/2011 10:58:54 PM, Error: Disk [11] - The driver detected a controller error on \...\DR131.
2/8/2011 12:48:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR115.
2/12/2011 12:11:00 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
2/11/2011 9:28:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
2/11/2011 9:28:50 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/11/2011 9:28:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/11/2011 11:07:13 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
2/11/2011 11:05:13 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Bobbye · Feb 12, 2011

Welcome to TechSpot!
(Image courtesy animationplayhouse.com)

Would one of these site be from 'startsearcher' by chance? I see that on your system. There are some “Free” Facebook themes being offered online. At first, they look like a theme, nothing more. But when the theme is installed it adds a process software called StartSearcher.com. This actually changes your browser configuration settings at the code level, so that even when you attempt to change your home page back to one you want, it keeps reverting to StartSearcher.com.>> and here it is:
mStart Page = hxxp://www.startsearcher.com

It doesn't appear to have an uninstaller, so please use the following directions to remove:
How do I remove Startsearcher.com from my computer?
1. Open Firefox
2. In the address bar type about:config and hit enter. A warning page will pop up indicating that you may void your warranty, you are entering the advanced settings area and to only continue if you are sure of what you are doing. If you're comfortable proceeding, click "I'll be careful, I promise!"
3. Find the filter box and search for: startsearcher
4. You will likely have more than one entry. Each of these basic Firefox settings has had its value overwritten by startsearcher, so you'll want to reset them.
5. To reset, right click on each of the rows and select 'Reset' from the list of options. You should see startsearcher disappear from the value field and default Firefox values return.

Close Firefox, then reopen.
===============================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2

Double click combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Query- Recovery Console image

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

jerryandtabatha · Feb 14, 2011

Hi , Sorry about the delay, im never home on the weekends.

So , I did the firefox thing for Starsearcher and nothing was found, however i had done those same steps months ago and starsearcher was found and i reset it. But Starsearcher isnt one of the sites it directs me to.

Combofix Log:

ComboFix 11-02-13.03 - Tabatha 02/14/2011 2:58.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.770 [GMT -5:00]
Running from: c:\users\Tabatha\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\QuickTime Alternative\QTTask.exe
c:\programdata\Desktop
c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}
c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome.manifest
c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome\xulcache.jar
c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\defaults\preferences\xulcache.js
c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\install.rdf
c:\users\Jerry Van Meter\Favorites\Games.url
c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}
c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome.manifest
c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome\xulcache.jar
c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\defaults\preferences\xulcache.js
c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.

2011-02-14 08:05 . 2011-02-14 08:05 -------- d-----w- c:\users\Jerry Van Meter\AppData\Local\temp
2011-02-14 08:05 . 2011-02-14 08:05 -------- d-----w- c:\users\Grace\AppData\Local\temp
2011-02-14 08:05 . 2011-02-14 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-12 20:52 . 2011-02-12 20:54 -------- d-----w- c:\users\Tabatha\AppData\Local\Adobe
2011-02-12 01:56 . 2011-02-12 01:56 -------- d-----w- c:\program files (x86)\WildGames
2011-02-12 01:34 . 2011-02-12 01:37 -------- d-----w- c:\program files (x86)\WildTangent Games
2011-02-11 22:13 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-11 22:13 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-11 22:13 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-11 22:13 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-11 22:13 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-11 22:13 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-11 22:12 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-11 22:12 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-11 22:12 . 2011-02-11 22:12 -------- d-----w- c:\programdata\Alwil Software
2011-02-11 22:12 . 2011-02-11 22:12 -------- d-----w- c:\program files\Alwil Software
2011-02-11 20:31 . 2011-02-11 20:31 -------- d-----w- c:\program files (x86)\Trend Micro
2011-02-11 17:57 . 2011-02-11 17:57 -------- d-----w- c:\users\Tabatha\AppData\Local\Sunbelt Software
2011-02-11 17:28 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-02-11 15:44 . 2011-02-11 15:44 -------- d-----w- c:\users\Tabatha\AppData\Roaming\Malwarebytes
2011-02-11 15:37 . 2010-02-27 02:32 100352 ----a-w- c:\windows\system32\Vxdif.dll
2011-02-11 15:37 . 2010-04-15 18:40 301688 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-02-10 22:30 . 2011-02-10 22:45 -------- d-----w- c:\users\Tabatha\AppData\Local\Microsoft Games
2011-02-10 22:22 . 2011-02-10 22:22 -------- d-----w- c:\programdata\MumboJumbo
2011-02-09 22:54 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-04 04:38 . 2011-02-04 04:38 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-02 04:17 . 2011-02-02 04:17 -------- d-----w- c:\users\Jerry Van Meter\AppData\Roaming\Template
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-24 21:38 . 2011-02-11 15:55 -------- d-----w- c:\programdata\MFAData
2011-01-24 03:48 . 2011-01-24 03:48 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-01-24 03:42 . 2011-01-24 03:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-01-24 03:42 . 2011-01-24 03:42 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-24 02:39 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-01-24 02:39 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
2011-01-24 02:39 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
2011-01-24 02:39 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2011-01-24 02:39 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
2011-01-24 02:39 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
2011-01-24 02:39 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2011-01-24 02:39 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2011-01-24 02:39 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2011-01-24 02:39 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2011-01-24 02:38 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-24 02:38 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-24 02:38 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-24 02:38 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-24 02:38 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-24 02:38 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-24 02:38 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-24 02:38 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-24 02:38 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-24 02:38 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-24 02:37 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-24 02:37 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-01-24 02:32 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-01-24 02:32 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2011-01-24 02:30 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-01-24 02:30 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-01-24 02:30 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2011-01-24 02:30 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-01-23 21:14 . 2009-08-24 23:53 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-01-23 21:14 . 2011-01-23 21:14 -------- d-----w- c:\programdata\Novatel Wireless
2011-01-23 21:13 . 2011-01-23 21:14 -------- d-----w- c:\program files (x86)\Novatel Wireless

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 18:03 . 2010-09-06 04:09 16432 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-20 23:09 . 2010-10-04 03:49 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-10-04 03:49 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-29 06:26 . 2010-11-29 06:26 827392 ----a-w- c:\windows\SysWow64\FLASH.OCX
2010-11-23 18:34 . 2010-11-23 18:34 49152 ----a-r- c:\users\Jerry Van Meter\AppData\Roaming\Microsoft\Installer\{CEEA65D4-E9F8-4B2C-B512-8872343403F3}\NewShortcut4_CEEA65D4E9F84B2CB5128872343403F3.exe
2010-11-23 18:34 . 2010-11-23 18:34 49152 ----a-r- c:\users\Jerry Van Meter\AppData\Roaming\Microsoft\Installer\{CEEA65D4-E9F8-4B2C-B512-8872343403F3}\NewShortcut1_CEEA65D4E9F84B2CB5128872343403F3_1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink3"="c:\program files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-27 902144]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-11 17152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-06 1255736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 69152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-04-27 55856]
S1 aswSP;aswSP; [x]
S1 dtcdrom;dtcdrom;c:\windows\SysWOW64\drivers\dtcdrom.sys [2010-09-19 234048]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 DTNetService;DTNetService;c:\program files (x86)\DAEMON Tools Net\DTNetSrv.exe [2010-07-29 394560]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-02-11 1405384]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-08-24 82432]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys [2009-05-15 213376]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys [2009-05-15 213376]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys [2009-05-15 213376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:01]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:39]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:39]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.startsearcher.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
FF - Ext: Flash Killer: flashkiller@joli.clic - %profile%\extensions\flashkiller@joli.clic
.
- - - - ORPHANS REMOVED - - - -

BHO-{07B9D136-9E7F-A4A1-E6F2-43237D2DD2F4} - (no file)
BHO-{0FE4BD86-B042-4A99-B329-455DEB643C46} - (no file)
BHO-{35831574-8F60-8D9E-9F39-AD79D179EE25} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-QuickTime Task - c:\program files (x86)\QuickTime Alternative\QTTask.exe
Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime Alternative\QTTask.exe
Notify-GoToAssist - (no file)
Notify-igfxcui - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-02-14 03:12:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-14 08:12

Pre-Run: 181,142,933,504 bytes free
Post-Run: 180,631,617,536 bytes free

- - End Of File - - A427F705048396DB0BDD6E5919BCAC77

Bobbye · Feb 15, 2011

If you would do something for me, I'd appreciate it. I am seeing AdAware-the paid version with AdWatch which is Real Time Protection. That's what I had for many years. But now there is a line showing an antivirus has been added, as you have it also:
AV: Lavasoft Ad-Watch Live! Anti-Virus
and then add AdWatch separately as antimalware.
SP: Lavasoft Ad-Watch Live!
I've been on the Lavasoft site many time to try and clear this up, without success. If they have added an AV, then I must tell my users-like you-that they are running 2 antivirus programs, that it makes the system more vulnerable and can slow it down.
If you can open the program and check what's in it, I'd appreciate it. If it not an AV, I will contact their people and tell them to stop calling it an AV program!
==============================================
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
DDS::
mStart Page = hxxp://www.startsearcher.com
BHO: {07B9D136-9E7F-A4A1-E6F2-43237D2DD2F4} - No File
BHO: {0FE4BD86-B042-4A99-B329-455DEB643C46} - No File
BHO: {35831574-8F60-8D9E-9F39-AD79D179EE25} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

DirLook::
C:\PROGRA~3\MFAData

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Recommend you uninstall this:
PFPortChecker 1.0.36
Description: A malicious backdoor trojan that runs in the background and allows remote access to the compromised system

Produces outbound traffic.
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.

=====================
Run Eset NOD32 Online AntiVirus scan HERE

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the Active X control to install

Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.

Click Start

Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

Click Scan

Wait for the scan to finish

Click on "Copy to Clipboard"> (you won't see the 'clipboard)

Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.

Re-enable your Antivirus software.
NOTE: If you forget to copy to the cli[board, you can find the log here:
C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

jerryandtabatha · Feb 16, 2011

Ok. I opened Ad-Aware and didnt see anything that said AntiVirus. But anyhow I have Malware Bytes, so to be safe i uninstalled ad-aware.

I uninstalled the portchecker.

ComboFix Log:

ComboFix 11-02-13.03 - Jerry Van Meter 02/15/2011 23:18:24.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.1016 [GMT -5:00]
Running from: c:\users\Tabatha\Downloads\ComboFix.exe
Command switches used :: c:\users\Tabatha\Desktop\8 steps\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-16 04:24 . 2011-02-16 04:27 -------- d-----w- c:\users\Tabatha\AppData\Local\temp
2011-02-16 04:24 . 2011-02-16 04:24 -------- d-----w- c:\users\Grace\AppData\Local\temp
2011-02-16 04:24 . 2011-02-16 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-15 02:06 . 2011-02-15 02:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-02-14 08:21 . 2011-02-14 08:21 -------- d-----w- c:\users\Tabatha\AppData\Local\Downloaded Installations
2011-02-14 08:13 . 2011-02-16 04:24 -------- d-----w- c:\users\Jerry Van Meter\AppData\Local\temp
2011-02-12 20:52 . 2011-02-15 02:06 -------- d-----w- c:\users\Tabatha\AppData\Local\Adobe
2011-02-12 01:56 . 2011-02-12 01:56 -------- d-----w- c:\program files (x86)\WildGames
2011-02-12 01:34 . 2011-02-12 01:37 -------- d-----w- c:\program files (x86)\WildTangent Games
2011-02-11 22:13 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-11 22:13 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-11 22:13 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-11 22:13 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-11 22:13 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-11 22:13 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-11 22:12 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-11 22:12 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-11 22:12 . 2011-02-11 22:12 -------- d-----w- c:\programdata\Alwil Software
2011-02-11 22:12 . 2011-02-11 22:12 -------- d-----w- c:\program files\Alwil Software
2011-02-11 20:31 . 2011-02-11 20:31 -------- d-----w- c:\program files (x86)\Trend Micro
2011-02-11 17:57 . 2011-02-11 17:57 -------- d-----w- c:\users\Tabatha\AppData\Local\Sunbelt Software
2011-02-11 17:28 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-02-11 15:44 . 2011-02-11 15:44 -------- d-----w- c:\users\Tabatha\AppData\Roaming\Malwarebytes
2011-02-11 15:37 . 2010-02-27 02:32 100352 ----a-w- c:\windows\system32\Vxdif.dll
2011-02-11 15:37 . 2010-04-15 18:40 301688 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-02-10 22:30 . 2011-02-10 22:45 -------- d-----w- c:\users\Tabatha\AppData\Local\Microsoft Games
2011-02-10 22:22 . 2011-02-10 22:22 -------- d-----w- c:\programdata\MumboJumbo
2011-02-09 22:54 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-04 04:38 . 2011-02-04 04:38 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-02 04:17 . 2011-02-02 04:17 -------- d-----w- c:\users\Jerry Van Meter\AppData\Roaming\Template
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-24 21:38 . 2011-02-11 15:55 -------- d-----w- c:\programdata\MFAData
2011-01-24 03:48 . 2011-01-24 03:48 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-01-24 03:42 . 2011-01-24 03:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-01-24 03:42 . 2011-01-24 03:42 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-24 02:39 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-01-24 02:39 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
2011-01-24 02:39 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
2011-01-24 02:39 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2011-01-24 02:39 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
2011-01-24 02:39 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
2011-01-24 02:39 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2011-01-24 02:39 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2011-01-24 02:39 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2011-01-24 02:39 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2011-01-24 02:38 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-24 02:38 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-24 02:38 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-24 02:38 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-24 02:38 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-24 02:38 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-24 02:38 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-24 02:38 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-24 02:38 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-24 02:38 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-24 02:37 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-24 02:37 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-01-24 02:32 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-01-24 02:32 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2011-01-24 02:30 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-01-24 02:30 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-01-24 02:30 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2011-01-24 02:30 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-01-23 21:14 . 2009-08-24 23:53 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-01-23 21:14 . 2011-01-23 21:14 -------- d-----w- c:\programdata\Novatel Wireless
2011-01-23 21:13 . 2011-01-23 21:14 -------- d-----w- c:\program files (x86)\Novatel Wireless

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2010-07-06 05:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-20 23:09 . 2010-10-04 03:49 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-10-04 03:49 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-29 06:26 . 2010-11-29 06:26 827392 ----a-w- c:\windows\SysWow64\FLASH.OCX
2010-11-23 18:34 . 2010-11-23 18:34 49152 ----a-r- c:\users\Jerry Van Meter\AppData\Roaming\Microsoft\Installer\{CEEA65D4-E9F8-4B2C-B512-8872343403F3}\NewShortcut4_CEEA65D4E9F84B2CB5128872343403F3.exe
2010-11-23 18:34 . 2010-11-23 18:34 49152 ----a-r- c:\users\Jerry Van Meter\AppData\Roaming\Microsoft\Installer\{CEEA65D4-E9F8-4B2C-B512-8872343403F3}\NewShortcut1_CEEA65D4E9F84B2CB5128872343403F3_1.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\progra~3\MFAData ----

2011-02-11 15:56 . 2011-02-11 15:58 297168 ----a-w- c:\progra~3\MFAData\logs\msi-20110211-155547.log
2011-02-11 15:56 . 2011-02-11 15:56 64318 ----a-w- c:\progra~3\MFAData\pack\cnet_mis.mdf
2011-02-11 15:56 . 2011-02-11 15:56 10550 ----a-w- c:\progra~3\MFAData\pack\cnet_mps.mdf
2011-02-11 15:56 . 2011-02-11 15:56 166 ----a-w- c:\progra~3\MFAData\pack\lic.mdf
2011-02-11 15:56 . 2011-02-11 15:56 4920832 ----a-w- c:\progra~3\MFAData\pack\Avgx64.msi
2011-02-11 15:55 . 2011-02-11 16:05 375254 ----a-w- c:\progra~3\MFAData\logs\mfa-20110211-155547.log
2011-02-11 15:55 . 2011-02-11 15:55 2547552 ----a-w- c:\progra~3\MFAData\SelfUpd\avgupdx.dll
2011-02-11 15:55 . 2011-02-11 15:55 32 ----a-w- c:\progra~3\MFAData\SelfUpd\avgatupd.stp
2011-02-11 15:55 . 2011-02-11 15:55 300 ----a-w- c:\progra~3\MFAData\SelfUpd\avgupd.sig
2011-02-11 15:55 . 2011-02-11 15:55 32 ----a-w- c:\progra~3\MFAData\SelfUpd\avgatend.stp
2011-02-11 15:52 . 2011-02-11 15:55 143043 ----a-w- c:\progra~3\MFAData\SelfUpd\mfazt.lns
2011-02-11 15:52 . 2011-02-11 15:55 142720 ----a-w- c:\progra~3\MFAData\SelfUpd\mfazh.lns
2011-02-11 15:52 . 2011-02-11 15:55 62 ----a-w- c:\progra~3\MFAData\SelfUpd\mfavera.txt
2011-02-11 15:52 . 2011-02-11 15:55 62 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaverx.txt
2011-02-11 15:52 . 2011-02-11 15:55 148081 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaus.lns
2011-02-11 15:52 . 2011-02-11 15:55 163238 ----a-w- c:\progra~3\MFAData\SelfUpd\mfasp.lns
2011-02-11 15:52 . 2011-02-11 15:55 159906 ----a-w- c:\progra~3\MFAData\SelfUpd\mfatr.lns
2011-02-11 15:52 . 2011-02-11 15:55 163250 ----a-w- c:\progra~3\MFAData\SelfUpd\mfask.lns
2011-02-11 15:52 . 2011-02-11 15:55 159100 ----a-w- c:\progra~3\MFAData\SelfUpd\mfasc.lns
2011-02-11 15:52 . 2011-02-11 15:55 215656 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaru.lns
2011-02-11 15:52 . 2011-02-11 15:55 163490 ----a-w- c:\progra~3\MFAData\SelfUpd\mfapt.lns
2011-02-11 15:52 . 2011-02-11 15:55 161868 ----a-w- c:\progra~3\MFAData\SelfUpd\mfapl.lns
2011-02-11 15:52 . 2011-02-11 15:55 159421 ----a-w- c:\progra~3\MFAData\SelfUpd\mfapb.lns
2011-02-11 15:52 . 2011-02-11 15:55 158931 ----a-w- c:\progra~3\MFAData\SelfUpd\mfanl.lns
2011-02-11 15:52 . 2011-02-11 15:55 154106 ----a-w- c:\progra~3\MFAData\SelfUpd\mfams.lns
2011-02-11 15:52 . 2011-02-11 15:55 169547 ----a-w- c:\progra~3\MFAData\SelfUpd\mfako.lns
2011-02-11 15:52 . 2011-02-11 15:55 183373 ----a-w- c:\progra~3\MFAData\SelfUpd\mfajp.lns
2011-02-11 15:52 . 2011-02-11 15:55 163445 ----a-w- c:\progra~3\MFAData\SelfUpd\mfait.lns
2011-02-11 15:52 . 2011-02-11 15:55 148085 ----a-w- c:\progra~3\MFAData\SelfUpd\mfain.lns
2011-02-11 15:52 . 2011-02-11 15:55 152316 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaid.lns
2011-02-11 15:52 . 2011-02-11 15:55 162287 ----a-w- c:\progra~3\MFAData\SelfUpd\mfahu.lns
2011-02-11 15:52 . 2011-02-11 15:55 166720 ----a-w- c:\progra~3\MFAData\SelfUpd\mfage.lns
2011-02-11 15:52 . 2011-02-11 15:55 167819 ----a-w- c:\progra~3\MFAData\SelfUpd\mfafr.lns
2011-02-11 15:52 . 2010-12-01 23:16 160923 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaes.lns
2011-02-11 15:52 . 2011-02-11 15:55 157108 ----a-w- c:\progra~3\MFAData\SelfUpd\mfacz.lns
2011-02-11 15:52 . 2011-02-11 15:55 153109 ----a-w- c:\progra~3\MFAData\SelfUpd\mfada.lns
2011-02-11 15:52 . 2010-12-22 08:48 66 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaconf.txt
2011-02-11 15:52 . 2011-02-11 15:55 21970 ----a-w- c:\progra~3\MFAData\SelfUpd\license_zh.htm
2011-02-11 15:52 . 2011-02-11 15:55 22462 ----a-w- c:\progra~3\MFAData\SelfUpd\license_zt.htm
2011-02-11 15:52 . 2011-02-11 15:55 26118 ----a-w- c:\progra~3\MFAData\SelfUpd\license_us.htm
2011-02-11 15:52 . 2011-02-11 15:55 30997 ----a-w- c:\progra~3\MFAData\SelfUpd\license_sp.htm
2011-02-11 15:52 . 2011-02-11 15:55 32355 ----a-w- c:\progra~3\MFAData\SelfUpd\license_tr.htm
2011-02-11 15:52 . 2011-02-11 15:55 37302 ----a-w- c:\progra~3\MFAData\SelfUpd\license_sk.htm
2011-02-11 15:52 . 2011-02-11 15:55 53177 ----a-w- c:\progra~3\MFAData\SelfUpd\license_ru.htm
2011-02-11 15:52 . 2011-02-11 15:55 27604 ----a-w- c:\progra~3\MFAData\SelfUpd\license_sc.htm
2011-02-11 15:52 . 2011-02-11 15:55 33353 ----a-w- c:\progra~3\MFAData\SelfUpd\license_pt.htm
2011-02-11 15:52 . 2011-02-11 15:55 33146 ----a-w- c:\progra~3\MFAData\SelfUpd\license_pb.htm
2011-02-11 15:52 . 2011-02-11 15:55 31512 ----a-w- c:\progra~3\MFAData\SelfUpd\license_pl.htm
2011-02-11 15:52 . 2011-02-11 15:55 29766 ----a-w- c:\progra~3\MFAData\SelfUpd\license_nl.htm
2011-02-11 15:52 . 2011-02-11 15:55 28458 ----a-w- c:\progra~3\MFAData\SelfUpd\license_ko.htm
2011-02-11 15:52 . 2011-02-11 15:55 29245 ----a-w- c:\progra~3\MFAData\SelfUpd\license_ms.htm
2011-02-11 15:52 . 2011-02-11 15:55 32601 ----a-w- c:\progra~3\MFAData\SelfUpd\license_jp.htm
2011-02-11 15:52 . 2011-02-11 15:55 26118 ----a-w- c:\progra~3\MFAData\SelfUpd\license_in.htm
2011-02-11 15:52 . 2011-02-11 15:55 31500 ----a-w- c:\progra~3\MFAData\SelfUpd\license_it.htm
2011-02-11 15:52 . 2011-02-11 15:55 29375 ----a-w- c:\progra~3\MFAData\SelfUpd\license_id.htm
2011-02-11 15:52 . 2011-02-11 15:55 30196 ----a-w- c:\progra~3\MFAData\SelfUpd\license_ge.htm
2011-02-11 15:52 . 2011-02-11 15:55 42572 ----a-w- c:\progra~3\MFAData\SelfUpd\license_hu.htm
2011-02-11 15:52 . 2011-02-11 15:55 34309 ----a-w- c:\progra~3\MFAData\SelfUpd\license_fr.htm
2011-02-11 15:52 . 2011-02-11 15:55 29994 ----a-w- c:\progra~3\MFAData\SelfUpd\license_da.htm
2011-02-11 15:52 . 2010-09-13 07:34 31241 ----a-w- c:\progra~3\MFAData\SelfUpd\license_es.htm
2011-02-11 15:52 . 2011-02-11 15:55 28062 ----a-w- c:\progra~3\MFAData\SelfUpd\license_cz.htm
2011-02-11 15:52 . 2010-11-24 23:47 241504 ----a-w- c:\progra~3\MFAData\SelfUpd\avgrunasx.exe
2011-02-11 15:52 . 2011-02-11 15:55 939008 ----a-w- c:\progra~3\MFAData\SelfUpd\htmlayout.dll
2011-02-11 15:52 . 2011-02-11 15:55 275808 ----a-w- c:\progra~3\MFAData\SelfUpd\avgntdumpx.exe
2011-02-11 15:52 . 2011-02-11 15:55 724832 ----a-w- c:\progra~3\MFAData\SelfUpd\avgmfarx.dll
2011-02-11 15:52 . 2011-02-11 15:55 3313504 ----a-w- c:\progra~3\MFAData\SelfUpd\avgmfapx.exe
2011-02-11 15:52 . 2011-02-11 15:55 134258 ----a-w- c:\progra~3\MFAData\logs\mfa-20110211-155212.log
2011-02-11 14:23 . 2011-02-11 15:55 2487 ----a-w- c:\progra~3\MFAData\pack\avg10infooi.ctf
2011-02-11 14:23 . 2011-02-11 15:55 21605 ----a-w- c:\progra~3\MFAData\pack\avg10infowin.ctf
2011-02-11 14:23 . 2011-02-11 15:57 2009 ----a-w- c:\progra~3\MFAData\pack\avg10infoavi.ctf
2011-01-25 13:31 . 2011-02-11 16:05 8992297 ----a-w- c:\progra~3\MFAData\pack\bins\f10avisa1204oj.bin.partial
2011-01-25 13:31 . 2011-02-11 15:56 1515323 ----a-w- c:\progra~3\MFAData\pack\bins\f10avga1204qi.bin
2011-01-25 13:31 . 2011-02-11 16:00 5536442 ----a-w- c:\progra~3\MFAData\pack\bins\f10antivira1204ya.bin
2011-01-25 13:30 . 2011-02-11 15:58 305699 ----a-w- c:\progra~3\MFAData\pack\bins\f10antirka1204qj.bin
2011-01-25 13:29 . 2011-02-11 15:55 3420461 ----a-w- c:\progra~3\MFAData\SelfUpd\bins\f10upd1204gw.bin
2011-01-25 13:29 . 2011-02-11 15:54 3675091 ----a-w- c:\progra~3\MFAData\SelfUpd\bins\f10mfa1204hu.bin
2011-01-25 04:49 . 2011-02-11 15:58 647 ----a-w- c:\progra~3\MFAData\mkt\hi\Installation-Page_LinkScanner.html
2011-01-25 04:49 . 2011-02-11 15:58 624 ----a-w- c:\progra~3\MFAData\mkt\hi\Installation-Page_Smart-Scanning.html
2011-01-25 04:49 . 2011-02-11 15:58 691 ----a-w- c:\progra~3\MFAData\mkt\hi\Installation-Page_Social-Networking.html
2011-01-25 04:49 . 2011-02-11 15:58 1397 ----a-w- c:\progra~3\MFAData\mkt\res\LinkScanner-style.css
2011-01-25 04:49 . 2011-02-11 15:58 20775 ----a-w- c:\progra~3\MFAData\mkt\res\LinkScanner.jpg
2011-01-25 04:49 . 2011-02-11 15:58 16581 ----a-w- c:\progra~3\MFAData\mkt\res\Smart-Scanning.jpg
2011-01-25 04:49 . 2011-02-11 15:58 1400 ----a-w- c:\progra~3\MFAData\mkt\res\SmartScanning-style.css
2011-01-25 04:49 . 2011-02-11 15:58 22974 ----a-w- c:\progra~3\MFAData\mkt\res\Social-Networking.jpg
2011-01-25 04:49 . 2011-02-11 15:58 1403 ----a-w- c:\progra~3\MFAData\mkt\res\SocialNetworking-style.css
2011-01-25 04:49 . 2011-02-11 15:58 647 ----a-w- c:\progra~3\MFAData\mkt\us\Installation-Page_LinkScanner.html
2011-01-25 04:49 . 2011-02-11 15:58 624 ----a-w- c:\progra~3\MFAData\mkt\us\Installation-Page_Smart-Scanning.html
2011-01-25 04:49 . 2011-02-11 15:58 670 ----a-w- c:\progra~3\MFAData\mkt\us\Installation-Page_Social-Networking.html
2011-01-25 04:48 . 2011-01-25 04:49 295214 ----a-w- c:\progra~3\MFAData\logs\msi-20110125-044755.log
2011-01-25 04:47 . 2011-01-25 05:20 308754 ----a-w- c:\progra~3\MFAData\logs\mfa-20110125-044755.log
2011-01-24 21:51 . 2011-02-11 15:57 3799 ----a-w- c:\progra~3\MFAData\mkt\us\dm_marketing_message-en-us.html
2011-01-24 21:51 . 2011-02-11 15:57 2198 ----a-w- c:\progra~3\MFAData\mkt\res\style.css
2011-01-24 21:51 . 2011-02-11 15:57 4096 ----a-w- c:\progra~3\MFAData\mkt\res\Thumbs.db
2011-01-24 21:51 . 2011-02-11 15:57 5293 ----a-w- c:\progra~3\MFAData\mkt\res\ui-background.jpg
2011-01-24 21:51 . 2011-02-11 15:57 160 ----a-w- c:\progra~3\MFAData\mkt\res\ico-blue-bg.gif
2011-01-24 21:51 . 2011-02-11 15:57 1294 ----a-w- c:\progra~3\MFAData\mkt\res\OK.png
2011-01-24 21:51 . 2011-02-11 15:57 3107 ----a-w- c:\progra~3\MFAData\mkt\hi\dm_marketing_message-hi.html
2011-01-24 21:40 . 2011-01-24 21:51 295214 ----a-w- c:\progra~3\MFAData\logs\msi-20110124-213856.log
2011-01-24 21:39 . 2011-01-24 21:39 11958 ----a-w- c:\progra~3\MFAData\logs\mfa-20110124-213954.log
2011-01-24 21:39 . 2011-01-24 21:39 11958 ----a-w- c:\progra~3\MFAData\logs\mfa-20110124-213901.log
2011-01-24 21:38 . 2011-01-24 21:51 217924 ----a-w- c:\progra~3\MFAData\logs\mfa-20110124-213856.log
2010-12-22 09:54 . 2011-01-25 05:20 29596837 ----a-w- c:\progra~3\MFAData\pack\bins\f10avisa1191tq.bin.partial
2010-12-22 09:54 . 2011-01-24 21:40 1498859 ----a-w- c:\progra~3\MFAData\pack\bins\f10avga1191rg.bin
2010-12-22 09:54 . 2011-01-25 04:53 5536607 ----a-w- c:\progra~3\MFAData\pack\bins\f10antivira1191eg.bin
2010-12-22 09:54 . 2011-01-25 04:50 305699 ----a-w- c:\progra~3\MFAData\pack\bins\f10antirka1191ic.bin
2010-11-24 12:19 . 2011-01-24 21:40 70044 ----a-w- c:\progra~3\MFAData\pack\bins\foi10cnet_mis15ni.bin
2010-11-18 20:54 . 2011-01-24 21:40 16269 ----a-w- c:\progra~3\MFAData\pack\bins\foi10cnet_mps11fx.bin
2010-09-24 21:42 . 2011-01-24 21:40 5882 ----a-w- c:\progra~3\MFAData\pack\bins\foi10cnet_lic8dn.bin
2010-08-26 13:08 . 2011-02-11 15:55 798 ----a-w- c:\progra~3\MFAData\mfaurlconf.ini

((((((((((((((((((((((((((((( SnapShot@2011-02-14_08.07.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-02-16 04:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-14 08:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-14 08:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-16 04:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-14 08:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-16 04:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-24 11:48 . 2011-02-15 16:40 44302 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-15 16:40 40206 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-04-29 21:48 . 2011-02-12 08:56 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-29 21:48 . 2011-02-15 18:38 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-12 08:56 . 2011-02-15 18:38 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-15 18:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-12 08:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-29 22:26 . 2011-02-14 07:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-29 22:26 . 2011-02-16 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-29 22:26 . 2011-02-14 07:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-29 22:26 . 2011-02-16 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-10 17:49 . 2010-11-10 17:49 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\wow_helper.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2010-07-08 22:01 . 2011-02-15 16:40 5892 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-38433659-1002438047-1770949657-1002_UserData.bin
- 2011-02-14 08:06 . 2011-02-14 08:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-16 04:26 . 2011-02-16 04:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-16 04:26 . 2011-02-16 04:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-14 08:06 . 2011-02-14 08:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-12 01:18 . 2010-11-12 23:53 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-02-16 02:23 . 2011-02-03 02:40 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-02-16 02:23 . 2011-02-03 02:40 145184 c:\windows\SysWOW64\javaw.exe
- 2011-02-12 01:18 . 2010-11-12 23:53 145184 c:\windows\SysWOW64\javaw.exe
- 2011-02-12 01:18 . 2010-11-12 23:53 145184 c:\windows\SysWOW64\java.exe
+ 2011-02-16 02:23 . 2011-02-03 02:40 145184 c:\windows\SysWOW64\java.exe
+ 2010-04-30 00:46 . 2011-02-15 20:41 308000 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-02-15 16:43 615360 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-02-14 07:52 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-02-15 16:43 103702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-14 07:52 103702 c:\windows\system32\perfc009.dat
+ 2011-02-16 02:23 . 2011-02-16 02:23 183808 c:\windows\Installer\2177da9.msi
+ 2010-11-10 17:49 . 2010-11-10 17:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2010-11-10 20:54 . 2010-11-10 20:54 2307584 c:\windows\Installer\2b73dc.msi
+ 2010-11-10 17:49 . 2010-11-10 17:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
- 2009-07-14 02:34 . 2011-02-14 08:02 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-02-15 22:52 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\2b73dd.msp
+ 2010-11-10 17:49 . 2010-11-10 17:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink3"="c:\program files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-27 902144]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-06 1255736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 69152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-04-27 55856]
S1 aswSP;aswSP; [x]
S1 dtcdrom;dtcdrom;c:\windows\SysWOW64\drivers\dtcdrom.sys [2010-09-19 234048]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 DTNetService;DTNetService;c:\program files (x86)\DAEMON Tools Net\DTNetSrv.exe [2010-07-29 394560]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-08-24 82432]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys [2009-05-15 213376]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys [2009-05-15 213376]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys [2009-05-15 213376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:39]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:39]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.techspot.com/vb/topic161099.html#post1005811
FF - prefs.js: keyword.URL -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
FF - Ext: GMarks: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83} - %profile%\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
FF - Ext: Make Address Bar Font Size Bigger: addressBarFontSizeBigger@papafresh.com - %profile%\extensions\addressBarFontSizeBigger@papafresh.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: mediaplayerconnectivity: {84b24861-62f6-364b-eba5-2e5e2061d7e6} - %profile%\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
FF - Ext: ProCon Latte: {9D6218B8-03C7-4b91-AA43-680B305DD35C} - %profile%\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
FF - Ext: Toy Factory: {31a48160-39fc-11de-8a39-0800200c9a66} - %profile%\extensions\{31a48160-39fc-11de-8a39-0800200c9a66}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-02-15 23:31:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-16 04:30
ComboFix2.txt 2011-02-14 08:13

Pre-Run: 181,222,133,760 bytes free
Post-Run: 180,800,544,768 bytes free

- - End Of File - - E7789D2ED7B6A8AB3FE5977130FCB4E1

Eset NOD32 Online AntiVirus scan LOG:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=0fd06bd043958f4da3398749b2af0168
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-16 05:31:24
# local_time=2011-02-16 12:31:24 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 292712 292712 0 0
# compatibility_mode=768 16777215 100 0 286633 286633 0 0
# compatibility_mode=5893 16776574 100 94 22072034 49375248 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=136929
# found=2
# cleaned=0
# scan_time=2486
C:\Qoobox\Quarantine\C\Users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I

Bobbye · Feb 18, 2011

No new infections in the Eset log All are in the Qoobox which is where Combofix sends the quarantined files.

Are you now using LogMeIn and/or GoToAssist> probably not since you have posted here.

Also, are Tabatha, Grace, Jerry and the default user all logging on under the same account> There is app data for all 4. Scans are run by Tabatha.

jerryandtabatha · Feb 22, 2011

Hi. Yes, since i ran the Combofix all seems to be well. Haven't had a browser redirect since then.

No, i dont use the logmein or the go to assist ( i dont even know that that is).

We do have different profiles for the computer but the Grace side doesnt really get used, and I (Tabatha) use the Tabatha and the Jerry side mostly.

I really appreciate all your hardwork on helping me fix this!
Thanks a bunch!

Tabatha

Bobbye · Feb 24, 2011

You are most welcome! About those accounts, I saw some games in the logs and considered asking you if Tabatha, Jerry, Grace and Default played against each other! I thought that might not go over well, so left it out.

As for LogMeIn, someone using the system most likely got online support from 'Go To Assist.' So if you have the GTA program in Add/Remove Programs, you can uninstall it there. I see LogMeIn in the Firefox Extensions, so go to Tools> Add-ons> and remove it from there.

If you don't have any more questions and the redirects have stopped, we can clean up:
Removing all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.

Double click OTCleanIt.exe.

Click the CleanUp! button.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

Creating a Restore Point in Windows 7:

Click on Start> right click on Computer> Properties

Select System Protection

Click on the Create button (near bottom)

Type a name for the Restore Point

Click on Create again to save the restore point.

Deleting all but the most recent System Protection point in Windows 7

Click Start> Computer> right click the C Drive and choose Properties> enter.

Click Disk Cleanup from there.

Click Clean up system files
This restarts Disk Cleanup to run in elevated mode.

Click the More Options tab

Click the Clean up under System Restore and Shadow Copies.

Click OK.

You will get a confirmation screen> Just click Delete.

Click OK on the Disk Cleanup Screen.

Click Delete Files on the Confirmation screen.

It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin

(Tell Jerry, Grace and 'Default' hello for me!)

TechSpot

[Active] Firefox browser redirects my search results

jerryandtabatha Newcomer, in training

Bobbye Helper on the Fringe

jerryandtabatha Newcomer, in training

Bobbye Helper on the Fringe

jerryandtabatha Newcomer, in training

Bobbye Helper on the Fringe

jerryandtabatha Newcomer, in training

Bobbye Helper on the Fringe