TechSpot

Firefox browser redirects my search results

By jerryandtabatha
Feb 12, 2011
  1. Hello,
    Yet another broswer redirect problem. I have WIn 7 64 bit, I use Firefox . I have not noticed this on IE ( but then again i dont really use it). When i search for something using google, i click on whatever result i want and i am redirected to a fake looking search engine site (with my search words). The websites are different each time but however they seem to alternate between like 5 different sites. On the TAB it says Jump when it does this.

    I followed the 8 step post. Here are my logs.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5744

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/11/2011 11:46:20 PM
    mbam-log-2011-02-11 (23-46-20).txt

    Scan type: Quick scan
    Objects scanned: 184483
    Time elapsed: 3 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER
    On this one, I did what it said, i opened the file and it ran rather quickly, then i clicked on save file and copy. But nothing was there just blank space.



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Tabatha at 0:11:12.34 on Sat 02/12/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.809 [GMT -5:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe
    C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Users\Tabatha\Desktop\8 steps\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.startsearcher.com
    BHO: {07B9D136-9E7F-A4A1-E6F2-43237D2DD2F4} - No File
    BHO: {0FE4BD86-B042-4A99-B329-455DEB643C46} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {35831574-8F60-8D9E-9F39-AD79D179EE25} - No File
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
    uRun: [MobiLink3] C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
    mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin.dll
    FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin2.dll
    FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin3.dll
    FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin4.dll
    FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin5.dll
    FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin6.dll
    FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin7.dll
    FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
    FF - Ext: XUL Cache: {1d878283-d0e3-4b3b-87b1-2e7641d68d98} - %profile%\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-8-23 69152]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-24 55856]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-2-11 273488]
    R1 dtcdrom;dtcdrom;C:\Windows\SysWOW64\drivers\dtcdrom.sys [2010-9-18 234048]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-2-11 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-2-11 62032]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-11 40384]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 DTNetService;DTNetService;C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe [2010-7-29 394560]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-12 1405384]
    R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-8-24 82432]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-19 1153368]
    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]
    R3 NWVMModem;Virgin Mobile USB Modem Driver;C:\Windows\System32\drivers\nwvmmdm.sys [2009-5-15 213376]
    R3 NWVMPort;Virgin Mobile USB Status Port Driver;C:\Windows\System32\drivers\nwvmser.sys [2009-5-15 213376]
    R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;C:\Windows\System32\drivers\nwvmser2.sys [2009-5-15 213376]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-24 215552]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-24 393728]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-7 135664]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17152]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-6 1255736]

    =============== Created Last 30 ================

    2011-02-12 01:56:01 -------- d-----w- C:\Program Files (x86)\WildGames
    2011-02-12 01:34:40 -------- d-----w- C:\Program Files (x86)\WildTangent Games
    2011-02-11 22:13:18 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-02-11 22:12:48 38848 ----a-w- C:\Windows\avastSS.scr
    2011-02-11 22:12:45 -------- d-----w- C:\PROGRA~3\Alwil Software
    2011-02-11 21:36:05 98816 ----a-w- C:\Windows\sed.exe
    2011-02-11 21:36:05 89088 ----a-w- C:\Windows\MBR.exe
    2011-02-11 21:36:05 256512 ----a-w- C:\Windows\PEV.exe
    2011-02-11 21:36:05 161792 ----a-w- C:\Windows\SWREG.exe
    2011-02-11 20:31:26 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-02-11 17:57:14 -------- d-----w- C:\Users\Tabatha\AppData\Local\Sunbelt Software
    2011-02-11 17:28:08 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
    2011-02-11 15:44:46 -------- d-----w- C:\Users\Tabatha\AppData\Roaming\Malwarebytes
    2011-02-11 15:37:32 100352 ----a-w- C:\Windows\System32\Vxdif.dll
    2011-02-11 15:37:31 301688 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys
    2011-02-10 22:30:18 -------- d-----w- C:\Users\Tabatha\AppData\Local\Microsoft Games
    2011-02-10 22:22:41 -------- d-----w- C:\PROGRA~3\MumboJumbo
    2011-02-09 22:54:46 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2011-02-04 04:38:27 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-01-24 21:38:56 -------- d-----w- C:\PROGRA~3\MFAData
    2011-01-24 03:48:07 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-01-24 03:42:45 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-01-24 03:42:39 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-01-24 02:39:08 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-01-24 02:39:08 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2011-01-24 02:39:08 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2011-01-24 02:39:08 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2011-01-24 02:39:08 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2011-01-24 02:39:08 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2011-01-24 02:39:08 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2011-01-24 02:39:08 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2011-01-24 02:39:07 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2011-01-24 02:39:07 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2011-01-24 02:38:06 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2011-01-24 02:38:06 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2011-01-24 02:38:06 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-01-24 02:38:06 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-01-24 02:38:05 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-01-24 02:38:05 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-01-24 02:38:05 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-01-24 02:38:05 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-24 02:38:05 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-01-24 02:38:05 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-24 02:37:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-01-24 02:37:34 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-01-24 02:32:05 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-01-24 02:32:05 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-01-24 02:30:46 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
    2011-01-24 02:30:46 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
    2011-01-24 02:30:46 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
    2011-01-24 02:30:44 112000 ----a-w- C:\Windows\System32\consent.exe
    2011-01-23 21:14:35 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
    2011-01-23 21:14:20 -------- d-----w- C:\PROGRA~3\Novatel Wireless
    2011-01-23 21:13:44 -------- d-----w- C:\Program Files (x86)\Novatel Wireless

    ==================== Find3M ====================

    2011-02-11 18:03:28 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-18 06:15:38 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 05:32:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-12-02 03:35:18 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-29 06:26:41 827392 ----a-w- C:\Windows\SysWow64\FLASH.OCX

    ============= FINISH: 0:11:40.00 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/29/2010 5:51:10 PM
    System Uptime: 2/11/2011 11:07:02 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0G848F
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | Microprocessor | 2194/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 218 GiB total, 166.841 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP74: 12/9/2010 11:13:00 AM - Scheduled Checkpoint
    RP75: 12/21/2010 4:36:32 PM - Removed ArtRage 2 Starter Edition
    RP76: 1/2/2011 5:04:05 PM - Scheduled Checkpoint
    RP77: 1/11/2011 1:26:30 AM - Scheduled Checkpoint
    RP78: 1/21/2011 10:26:56 PM - Scheduled Checkpoint
    RP79: 1/23/2011 4:13:19 PM - Installed Virgin Mobile Broadband Modem Drivers.
    RP80: 1/23/2011 4:13:58 PM - Installed MobiLink3.
    RP81: 1/26/2011 10:55:29 AM - Windows Update
    RP82: 1/28/2011 11:51:54 AM - Windows Update
    RP83: 2/2/2011 1:01:21 PM - Windows Update
    RP84: 2/9/2011 6:33:37 PM - Windows Update
    RP85: 2/11/2011 4:19:39 PM - Installed Microsoft Fix it 50267
    RP86: 2/11/2011 5:12:37 PM - avast! Free Antivirus Setup
    RP87: 2/11/2011 8:16:09 PM - Installed Java(TM) 6 Update 23
    RP88: 2/11/2011 8:55:02 PM - Installed QuickTime

    ==== Installed Programs ======================

    7-Zip 4.65
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    Audacity 1.2.6
    avast! Free Antivirus
    Banctec Service Agreement
    Barnes & Noble Desktop Reader
    Bible Explorer AMG Nave's Edition
    BibleMax
    BibleMax Noah Webster's Dictionary of American English
    Big Fish Games: Game Manager
    Broadband2Go
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    DAEMON Tools Net
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    DivX Setup
    GameHouse Solitaire Challenge
    GnuCash 2.2.9
    Google Update Helper
    GoToAssist 8.0.0.514
    HijackThis 2.0.2
    Hive Drive
    InstallVC90Support
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    K-Lite Mega Codec Pack 6.2.0
    Ladybugs
    LAME v3.98.2 for Audacity
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets & Trips 2010
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable Package
    Microsoft Works
    Mozilla Firefox (3.6.13)
    MSVCRT
    Mystery Cookbook
    National Geographic DogTown(TM)
    PFPortChecker 1.0.36
    Picasa 3
    PowerDVD DX
    QuickTime
    QuickTime Alternative 3.2.2
    REACTOR
    RealPlayer
    RealUpgrade 1.0
    Roxio Burn
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Souptoys
    Spybot - Search & Destroy
    Stellarium 0.10.5
    Super Yum Yum: Puzzle Adventures
    TeamViewer 5
    Unity Web Player
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update Installer for WildTangent Games App
    VC80CRTRedist - 8.0.50727.4053
    Virgin Mobile Broadband Modem Drivers
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 Runtime Setup Package (x64)
    WildTangent Games
    WildTangent Games App (Dell Games)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Zuma's Revenge - Adventure

    ==== Event Viewer Messages From Past Week ========

    2/9/2011 6:38:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR129.
    2/9/2011 5:10:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR127.
    2/9/2011 10:58:54 PM, Error: Disk [11] - The driver detected a controller error on \...\DR131.
    2/8/2011 12:48:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR115.
    2/12/2011 12:11:00 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    2/11/2011 9:28:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
    2/11/2011 9:28:50 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/11/2011 9:28:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2/11/2011 11:07:13 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    2/11/2011 11:05:13 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot![​IMG]
    (Image courtesy animationplayhouse.com)

    Would one of these site be from 'startsearcher' by chance? I see that on your system. There are some “Free” Facebook themes being offered online. At first, they look like a theme, nothing more. But when the theme is installed it adds a process software called StartSearcher.com. This actually changes your browser configuration settings at the code level, so that even when you attempt to change your home page back to one you want, it keeps reverting to StartSearcher.com.>> and here it is:
    mStart Page = hxxp://www.startsearcher.com

    It doesn't appear to have an uninstaller, so please use the following directions to remove:
    How do I remove Startsearcher.com from my computer?
    1. Open Firefox
    2. In the address bar type about:config and hit enter. A warning page will pop up indicating that you may void your warranty, you are entering the advanced settings area and to only continue if you are sure of what you are doing. If you're comfortable proceeding, click "I'll be careful, I promise!"
    3. Find the filter box and search for: startsearcher
    4. You will likely have more than one entry. Each of these basic Firefox settings has had its value overwritten by startsearcher, so you'll want to reset them.
    5. To reset, right click on each of the rows and select 'Reset' [​IMG] from the list of options. You should see startsearcher disappear from the value field and default Firefox values return.

    Close Firefox, then reopen.
    ===============================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  3. jerryandtabatha

    jerryandtabatha TS Rookie Topic Starter

    Hi , Sorry about the delay, im never home on the weekends.

    So , I did the firefox thing for Starsearcher and nothing was found, however i had done those same steps months ago and starsearcher was found and i reset it. But Starsearcher isnt one of the sites it directs me to.

    Combofix Log:

    ComboFix 11-02-13.03 - Tabatha 02/14/2011 2:58.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.770 [GMT -5:00]
    Running from: c:\users\Tabatha\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files (x86)\QuickTime Alternative\QTTask.exe
    c:\programdata\Desktop
    c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}
    c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome.manifest
    c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome\xulcache.jar
    c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\defaults\preferences\xulcache.js
    c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\install.rdf
    c:\users\Jerry Van Meter\Favorites\Games.url
    c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}
    c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome.manifest
    c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome\xulcache.jar
    c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\defaults\preferences\xulcache.js
    c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\install.rdf

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
    .

    2011-02-14 08:05 . 2011-02-14 08:05 -------- d-----w- c:\users\Jerry Van Meter\AppData\Local\temp
    2011-02-14 08:05 . 2011-02-14 08:05 -------- d-----w- c:\users\Grace\AppData\Local\temp
    2011-02-14 08:05 . 2011-02-14 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-12 20:52 . 2011-02-12 20:54 -------- d-----w- c:\users\Tabatha\AppData\Local\Adobe
    2011-02-12 01:56 . 2011-02-12 01:56 -------- d-----w- c:\program files (x86)\WildGames
    2011-02-12 01:34 . 2011-02-12 01:37 -------- d-----w- c:\program files (x86)\WildTangent Games
    2011-02-11 22:13 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-11 22:13 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-11 22:13 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-11 22:13 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-02-11 22:13 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
    2011-02-11 22:13 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-02-11 22:12 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
    2011-02-11 22:12 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-02-11 22:12 . 2011-02-11 22:12 -------- d-----w- c:\programdata\Alwil Software
    2011-02-11 22:12 . 2011-02-11 22:12 -------- d-----w- c:\program files\Alwil Software
    2011-02-11 20:31 . 2011-02-11 20:31 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-02-11 17:57 . 2011-02-11 17:57 -------- d-----w- c:\users\Tabatha\AppData\Local\Sunbelt Software
    2011-02-11 17:28 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
    2011-02-11 15:44 . 2011-02-11 15:44 -------- d-----w- c:\users\Tabatha\AppData\Roaming\Malwarebytes
    2011-02-11 15:37 . 2010-02-27 02:32 100352 ----a-w- c:\windows\system32\Vxdif.dll
    2011-02-11 15:37 . 2010-04-15 18:40 301688 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
    2011-02-10 22:30 . 2011-02-10 22:45 -------- d-----w- c:\users\Tabatha\AppData\Local\Microsoft Games
    2011-02-10 22:22 . 2011-02-10 22:22 -------- d-----w- c:\programdata\MumboJumbo
    2011-02-09 22:54 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-04 04:38 . 2011-02-04 04:38 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-02-02 04:17 . 2011-02-02 04:17 -------- d-----w- c:\users\Jerry Van Meter\AppData\Roaming\Template
    2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-01-24 21:38 . 2011-02-11 15:55 -------- d-----w- c:\programdata\MFAData
    2011-01-24 03:48 . 2011-01-24 03:48 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-01-24 03:42 . 2011-01-24 03:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-01-24 03:42 . 2011-01-24 03:42 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-01-24 02:39 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-01-24 02:39 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
    2011-01-24 02:39 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
    2011-01-24 02:39 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
    2011-01-24 02:39 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
    2011-01-24 02:39 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
    2011-01-24 02:39 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2011-01-24 02:39 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2011-01-24 02:39 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2011-01-24 02:39 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2011-01-24 02:38 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-24 02:38 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-24 02:38 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-24 02:38 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2011-01-24 02:38 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-24 02:38 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-24 02:38 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2011-01-24 02:38 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-24 02:38 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2011-01-24 02:38 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-24 02:37 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-01-24 02:37 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-01-24 02:32 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
    2011-01-24 02:32 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
    2011-01-24 02:30 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2011-01-24 02:30 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2011-01-24 02:30 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
    2011-01-24 02:30 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
    2011-01-23 21:14 . 2009-08-24 23:53 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
    2011-01-23 21:14 . 2011-01-23 21:14 -------- d-----w- c:\programdata\Novatel Wireless
    2011-01-23 21:13 . 2011-01-23 21:14 -------- d-----w- c:\program files (x86)\Novatel Wireless

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-11 18:03 . 2010-09-06 04:09 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2010-12-20 23:09 . 2010-10-04 03:49 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-10-04 03:49 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-29 06:26 . 2010-11-29 06:26 827392 ----a-w- c:\windows\SysWow64\FLASH.OCX
    2010-11-23 18:34 . 2010-11-23 18:34 49152 ----a-r- c:\users\Jerry Van Meter\AppData\Roaming\Microsoft\Installer\{CEEA65D4-E9F8-4B2C-B512-8872343403F3}\NewShortcut4_CEEA65D4E9F84B2CB5128872343403F3.exe
    2010-11-23 18:34 . 2010-11-23 18:34 49152 ----a-r- c:\users\Jerry Van Meter\AppData\Roaming\Microsoft\Installer\{CEEA65D4-E9F8-4B2C-B512-8872343403F3}\NewShortcut1_CEEA65D4E9F84B2CB5128872343403F3_1.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobiLink3"="c:\program files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-27 902144]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-11 17152]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-06 1255736]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 69152]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-04-27 55856]
    S1 aswSP;aswSP; [x]
    S1 dtcdrom;dtcdrom;c:\windows\SysWOW64\drivers\dtcdrom.sys [2010-09-19 234048]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 DTNetService;DTNetService;c:\program files (x86)\DAEMON Tools Net\DTNetSrv.exe [2010-07-29 394560]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-02-11 1405384]
    S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-08-24 82432]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
    S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys [2009-05-15 213376]
    S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys [2009-05-15 213376]
    S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys [2009-05-15 213376]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:01]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:39]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:39]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.startsearcher.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - ProfilePath - c:\users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
    FF - Ext: Flash Killer: flashkiller@joli.clic - %profile%\extensions\flashkiller@joli.clic
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{07B9D136-9E7F-A4A1-E6F2-43237D2DD2F4} - (no file)
    BHO-{0FE4BD86-B042-4A99-B329-455DEB643C46} - (no file)
    BHO-{35831574-8F60-8D9E-9F39-AD79D179EE25} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-QuickTime Task - c:\program files (x86)\QuickTime Alternative\QTTask.exe
    Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime Alternative\QTTask.exe
    Notify-GoToAssist - (no file)
    Notify-igfxcui - (no file)
    SafeBoot-Wdf01000.sys
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    Toolbar-Locked - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-14 03:12:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-14 08:12

    Pre-Run: 181,142,933,504 bytes free
    Post-Run: 180,631,617,536 bytes free

    - - End Of File - - A427F705048396DB0BDD6E5919BCAC77
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you would do something for me, I'd appreciate it. I am seeing AdAware-the paid version with AdWatch which is Real Time Protection. That's what I had for many years. But now there is a line showing an antivirus has been added, as you have it also:
    AV: Lavasoft Ad-Watch Live! Anti-Virus
    and then add AdWatch separately as antimalware.
    SP: Lavasoft Ad-Watch Live!
    I've been on the Lavasoft site many time to try and clear this up, without success. If they have added an AV, then I must tell my users-like you-that they are running 2 antivirus programs, that it makes the system more vulnerable and can slow it down.
    If you can open the program and check what's in it, I'd appreciate it. If it not an AV, I will contact their people and tell them to stop calling it an AV program!
    ==============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    DDS::
    mStart Page = hxxp://www.startsearcher.com
    BHO: {07B9D136-9E7F-A4A1-E6F2-43237D2DD2F4} - No File
    BHO: {0FE4BD86-B042-4A99-B329-455DEB643C46} - No File
    BHO: {35831574-8F60-8D9E-9F39-AD79D179EE25} - No File
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    
    DirLook::
    C:\PROGRA~3\MFAData
    
    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Recommend you uninstall this:
    PFPortChecker 1.0.36
    Description: A malicious backdoor trojan that runs in the background and allows remote access to the compromised system
    =====================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard)
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the cli[board, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
     
  5. jerryandtabatha

    jerryandtabatha TS Rookie Topic Starter

    Ok. I opened Ad-Aware and didnt see anything that said AntiVirus. But anyhow I have Malware Bytes, so to be safe i uninstalled ad-aware.

    I uninstalled the portchecker.

    ComboFix Log:

    ComboFix 11-02-13.03 - Jerry Van Meter 02/15/2011 23:18:24.2.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.1016 [GMT -5:00]
    Running from: c:\users\Tabatha\Downloads\ComboFix.exe
    Command switches used :: c:\users\Tabatha\Desktop\8 steps\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
    .

    2011-02-16 04:24 . 2011-02-16 04:27 -------- d-----w- c:\users\Tabatha\AppData\Local\temp
    2011-02-16 04:24 . 2011-02-16 04:24 -------- d-----w- c:\users\Grace\AppData\Local\temp
    2011-02-16 04:24 . 2011-02-16 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-15 02:06 . 2011-02-15 02:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-02-14 08:21 . 2011-02-14 08:21 -------- d-----w- c:\users\Tabatha\AppData\Local\Downloaded Installations
    2011-02-14 08:13 . 2011-02-16 04:24 -------- d-----w- c:\users\Jerry Van Meter\AppData\Local\temp
    2011-02-12 20:52 . 2011-02-15 02:06 -------- d-----w- c:\users\Tabatha\AppData\Local\Adobe
    2011-02-12 01:56 . 2011-02-12 01:56 -------- d-----w- c:\program files (x86)\WildGames
    2011-02-12 01:34 . 2011-02-12 01:37 -------- d-----w- c:\program files (x86)\WildTangent Games
    2011-02-11 22:13 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-11 22:13 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-11 22:13 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-11 22:13 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-02-11 22:13 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
    2011-02-11 22:13 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-02-11 22:12 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
    2011-02-11 22:12 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-02-11 22:12 . 2011-02-11 22:12 -------- d-----w- c:\programdata\Alwil Software
    2011-02-11 22:12 . 2011-02-11 22:12 -------- d-----w- c:\program files\Alwil Software
    2011-02-11 20:31 . 2011-02-11 20:31 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-02-11 17:57 . 2011-02-11 17:57 -------- d-----w- c:\users\Tabatha\AppData\Local\Sunbelt Software
    2011-02-11 17:28 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
    2011-02-11 15:44 . 2011-02-11 15:44 -------- d-----w- c:\users\Tabatha\AppData\Roaming\Malwarebytes
    2011-02-11 15:37 . 2010-02-27 02:32 100352 ----a-w- c:\windows\system32\Vxdif.dll
    2011-02-11 15:37 . 2010-04-15 18:40 301688 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
    2011-02-10 22:30 . 2011-02-10 22:45 -------- d-----w- c:\users\Tabatha\AppData\Local\Microsoft Games
    2011-02-10 22:22 . 2011-02-10 22:22 -------- d-----w- c:\programdata\MumboJumbo
    2011-02-09 22:54 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-04 04:38 . 2011-02-04 04:38 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-02-02 04:17 . 2011-02-02 04:17 -------- d-----w- c:\users\Jerry Van Meter\AppData\Roaming\Template
    2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-01-24 21:38 . 2011-02-11 15:55 -------- d-----w- c:\programdata\MFAData
    2011-01-24 03:48 . 2011-01-24 03:48 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-01-24 03:42 . 2011-01-24 03:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-01-24 03:42 . 2011-01-24 03:42 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-01-24 02:39 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-01-24 02:39 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
    2011-01-24 02:39 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
    2011-01-24 02:39 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
    2011-01-24 02:39 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
    2011-01-24 02:39 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
    2011-01-24 02:39 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2011-01-24 02:39 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2011-01-24 02:39 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2011-01-24 02:39 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2011-01-24 02:38 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-24 02:38 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-24 02:38 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-24 02:38 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2011-01-24 02:38 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-24 02:38 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-24 02:38 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2011-01-24 02:38 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-24 02:38 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2011-01-24 02:38 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-24 02:37 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-01-24 02:37 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-01-24 02:32 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
    2011-01-24 02:32 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
    2011-01-24 02:30 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2011-01-24 02:30 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2011-01-24 02:30 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
    2011-01-24 02:30 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
    2011-01-23 21:14 . 2009-08-24 23:53 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
    2011-01-23 21:14 . 2011-01-23 21:14 -------- d-----w- c:\programdata\Novatel Wireless
    2011-01-23 21:13 . 2011-01-23 21:14 -------- d-----w- c:\program files (x86)\Novatel Wireless

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-03 02:40 . 2010-07-06 05:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-12-20 23:09 . 2010-10-04 03:49 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-10-04 03:49 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-29 06:26 . 2010-11-29 06:26 827392 ----a-w- c:\windows\SysWow64\FLASH.OCX
    2010-11-23 18:34 . 2010-11-23 18:34 49152 ----a-r- c:\users\Jerry Van Meter\AppData\Roaming\Microsoft\Installer\{CEEA65D4-E9F8-4B2C-B512-8872343403F3}\NewShortcut4_CEEA65D4E9F84B2CB5128872343403F3.exe
    2010-11-23 18:34 . 2010-11-23 18:34 49152 ----a-r- c:\users\Jerry Van Meter\AppData\Roaming\Microsoft\Installer\{CEEA65D4-E9F8-4B2C-B512-8872343403F3}\NewShortcut1_CEEA65D4E9F84B2CB5128872343403F3_1.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\progra~3\MFAData ----

    2011-02-11 15:56 . 2011-02-11 15:58 297168 ----a-w- c:\progra~3\MFAData\logs\msi-20110211-155547.log
    2011-02-11 15:56 . 2011-02-11 15:56 64318 ----a-w- c:\progra~3\MFAData\pack\cnet_mis.mdf
    2011-02-11 15:56 . 2011-02-11 15:56 10550 ----a-w- c:\progra~3\MFAData\pack\cnet_mps.mdf
    2011-02-11 15:56 . 2011-02-11 15:56 166 ----a-w- c:\progra~3\MFAData\pack\lic.mdf
    2011-02-11 15:56 . 2011-02-11 15:56 4920832 ----a-w- c:\progra~3\MFAData\pack\Avgx64.msi
    2011-02-11 15:55 . 2011-02-11 16:05 375254 ----a-w- c:\progra~3\MFAData\logs\mfa-20110211-155547.log
    2011-02-11 15:55 . 2011-02-11 15:55 2547552 ----a-w- c:\progra~3\MFAData\SelfUpd\avgupdx.dll
    2011-02-11 15:55 . 2011-02-11 15:55 32 ----a-w- c:\progra~3\MFAData\SelfUpd\avgatupd.stp
    2011-02-11 15:55 . 2011-02-11 15:55 300 ----a-w- c:\progra~3\MFAData\SelfUpd\avgupd.sig
    2011-02-11 15:55 . 2011-02-11 15:55 32 ----a-w- c:\progra~3\MFAData\SelfUpd\avgatend.stp
    2011-02-11 15:52 . 2011-02-11 15:55 143043 ----a-w- c:\progra~3\MFAData\SelfUpd\mfazt.lns
    2011-02-11 15:52 . 2011-02-11 15:55 142720 ----a-w- c:\progra~3\MFAData\SelfUpd\mfazh.lns
    2011-02-11 15:52 . 2011-02-11 15:55 62 ----a-w- c:\progra~3\MFAData\SelfUpd\mfavera.txt
    2011-02-11 15:52 . 2011-02-11 15:55 62 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaverx.txt
    2011-02-11 15:52 . 2011-02-11 15:55 148081 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaus.lns
    2011-02-11 15:52 . 2011-02-11 15:55 163238 ----a-w- c:\progra~3\MFAData\SelfUpd\mfasp.lns
    2011-02-11 15:52 . 2011-02-11 15:55 159906 ----a-w- c:\progra~3\MFAData\SelfUpd\mfatr.lns
    2011-02-11 15:52 . 2011-02-11 15:55 163250 ----a-w- c:\progra~3\MFAData\SelfUpd\mfask.lns
    2011-02-11 15:52 . 2011-02-11 15:55 159100 ----a-w- c:\progra~3\MFAData\SelfUpd\mfasc.lns
    2011-02-11 15:52 . 2011-02-11 15:55 215656 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaru.lns
    2011-02-11 15:52 . 2011-02-11 15:55 163490 ----a-w- c:\progra~3\MFAData\SelfUpd\mfapt.lns
    2011-02-11 15:52 . 2011-02-11 15:55 161868 ----a-w- c:\progra~3\MFAData\SelfUpd\mfapl.lns
    2011-02-11 15:52 . 2011-02-11 15:55 159421 ----a-w- c:\progra~3\MFAData\SelfUpd\mfapb.lns
    2011-02-11 15:52 . 2011-02-11 15:55 158931 ----a-w- c:\progra~3\MFAData\SelfUpd\mfanl.lns
    2011-02-11 15:52 . 2011-02-11 15:55 154106 ----a-w- c:\progra~3\MFAData\SelfUpd\mfams.lns
    2011-02-11 15:52 . 2011-02-11 15:55 169547 ----a-w- c:\progra~3\MFAData\SelfUpd\mfako.lns
    2011-02-11 15:52 . 2011-02-11 15:55 183373 ----a-w- c:\progra~3\MFAData\SelfUpd\mfajp.lns
    2011-02-11 15:52 . 2011-02-11 15:55 163445 ----a-w- c:\progra~3\MFAData\SelfUpd\mfait.lns
    2011-02-11 15:52 . 2011-02-11 15:55 148085 ----a-w- c:\progra~3\MFAData\SelfUpd\mfain.lns
    2011-02-11 15:52 . 2011-02-11 15:55 152316 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaid.lns
    2011-02-11 15:52 . 2011-02-11 15:55 162287 ----a-w- c:\progra~3\MFAData\SelfUpd\mfahu.lns
    2011-02-11 15:52 . 2011-02-11 15:55 166720 ----a-w- c:\progra~3\MFAData\SelfUpd\mfage.lns
    2011-02-11 15:52 . 2011-02-11 15:55 167819 ----a-w- c:\progra~3\MFAData\SelfUpd\mfafr.lns
    2011-02-11 15:52 . 2010-12-01 23:16 160923 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaes.lns
    2011-02-11 15:52 . 2011-02-11 15:55 157108 ----a-w- c:\progra~3\MFAData\SelfUpd\mfacz.lns
    2011-02-11 15:52 . 2011-02-11 15:55 153109 ----a-w- c:\progra~3\MFAData\SelfUpd\mfada.lns
    2011-02-11 15:52 . 2010-12-22 08:48 66 ----a-w- c:\progra~3\MFAData\SelfUpd\mfaconf.txt
    2011-02-11 15:52 . 2011-02-11 15:55 21970 ----a-w- c:\progra~3\MFAData\SelfUpd\license_zh.htm
    2011-02-11 15:52 . 2011-02-11 15:55 22462 ----a-w- c:\progra~3\MFAData\SelfUpd\license_zt.htm
    2011-02-11 15:52 . 2011-02-11 15:55 26118 ----a-w- c:\progra~3\MFAData\SelfUpd\license_us.htm
    2011-02-11 15:52 . 2011-02-11 15:55 30997 ----a-w- c:\progra~3\MFAData\SelfUpd\license_sp.htm
    2011-02-11 15:52 . 2011-02-11 15:55 32355 ----a-w- c:\progra~3\MFAData\SelfUpd\license_tr.htm
    2011-02-11 15:52 . 2011-02-11 15:55 37302 ----a-w- c:\progra~3\MFAData\SelfUpd\license_sk.htm
    2011-02-11 15:52 . 2011-02-11 15:55 53177 ----a-w- c:\progra~3\MFAData\SelfUpd\license_ru.htm
    2011-02-11 15:52 . 2011-02-11 15:55 27604 ----a-w- c:\progra~3\MFAData\SelfUpd\license_sc.htm
    2011-02-11 15:52 . 2011-02-11 15:55 33353 ----a-w- c:\progra~3\MFAData\SelfUpd\license_pt.htm
    2011-02-11 15:52 . 2011-02-11 15:55 33146 ----a-w- c:\progra~3\MFAData\SelfUpd\license_pb.htm
    2011-02-11 15:52 . 2011-02-11 15:55 31512 ----a-w- c:\progra~3\MFAData\SelfUpd\license_pl.htm
    2011-02-11 15:52 . 2011-02-11 15:55 29766 ----a-w- c:\progra~3\MFAData\SelfUpd\license_nl.htm
    2011-02-11 15:52 . 2011-02-11 15:55 28458 ----a-w- c:\progra~3\MFAData\SelfUpd\license_ko.htm
    2011-02-11 15:52 . 2011-02-11 15:55 29245 ----a-w- c:\progra~3\MFAData\SelfUpd\license_ms.htm
    2011-02-11 15:52 . 2011-02-11 15:55 32601 ----a-w- c:\progra~3\MFAData\SelfUpd\license_jp.htm
    2011-02-11 15:52 . 2011-02-11 15:55 26118 ----a-w- c:\progra~3\MFAData\SelfUpd\license_in.htm
    2011-02-11 15:52 . 2011-02-11 15:55 31500 ----a-w- c:\progra~3\MFAData\SelfUpd\license_it.htm
    2011-02-11 15:52 . 2011-02-11 15:55 29375 ----a-w- c:\progra~3\MFAData\SelfUpd\license_id.htm
    2011-02-11 15:52 . 2011-02-11 15:55 30196 ----a-w- c:\progra~3\MFAData\SelfUpd\license_ge.htm
    2011-02-11 15:52 . 2011-02-11 15:55 42572 ----a-w- c:\progra~3\MFAData\SelfUpd\license_hu.htm
    2011-02-11 15:52 . 2011-02-11 15:55 34309 ----a-w- c:\progra~3\MFAData\SelfUpd\license_fr.htm
    2011-02-11 15:52 . 2011-02-11 15:55 29994 ----a-w- c:\progra~3\MFAData\SelfUpd\license_da.htm
    2011-02-11 15:52 . 2010-09-13 07:34 31241 ----a-w- c:\progra~3\MFAData\SelfUpd\license_es.htm
    2011-02-11 15:52 . 2011-02-11 15:55 28062 ----a-w- c:\progra~3\MFAData\SelfUpd\license_cz.htm
    2011-02-11 15:52 . 2010-11-24 23:47 241504 ----a-w- c:\progra~3\MFAData\SelfUpd\avgrunasx.exe
    2011-02-11 15:52 . 2011-02-11 15:55 939008 ----a-w- c:\progra~3\MFAData\SelfUpd\htmlayout.dll
    2011-02-11 15:52 . 2011-02-11 15:55 275808 ----a-w- c:\progra~3\MFAData\SelfUpd\avgntdumpx.exe
    2011-02-11 15:52 . 2011-02-11 15:55 724832 ----a-w- c:\progra~3\MFAData\SelfUpd\avgmfarx.dll
    2011-02-11 15:52 . 2011-02-11 15:55 3313504 ----a-w- c:\progra~3\MFAData\SelfUpd\avgmfapx.exe
    2011-02-11 15:52 . 2011-02-11 15:55 134258 ----a-w- c:\progra~3\MFAData\logs\mfa-20110211-155212.log
    2011-02-11 14:23 . 2011-02-11 15:55 2487 ----a-w- c:\progra~3\MFAData\pack\avg10infooi.ctf
    2011-02-11 14:23 . 2011-02-11 15:55 21605 ----a-w- c:\progra~3\MFAData\pack\avg10infowin.ctf
    2011-02-11 14:23 . 2011-02-11 15:57 2009 ----a-w- c:\progra~3\MFAData\pack\avg10infoavi.ctf
    2011-01-25 13:31 . 2011-02-11 16:05 8992297 ----a-w- c:\progra~3\MFAData\pack\bins\f10avisa1204oj.bin.partial
    2011-01-25 13:31 . 2011-02-11 15:56 1515323 ----a-w- c:\progra~3\MFAData\pack\bins\f10avga1204qi.bin
    2011-01-25 13:31 . 2011-02-11 16:00 5536442 ----a-w- c:\progra~3\MFAData\pack\bins\f10antivira1204ya.bin
    2011-01-25 13:30 . 2011-02-11 15:58 305699 ----a-w- c:\progra~3\MFAData\pack\bins\f10antirka1204qj.bin
    2011-01-25 13:29 . 2011-02-11 15:55 3420461 ----a-w- c:\progra~3\MFAData\SelfUpd\bins\f10upd1204gw.bin
    2011-01-25 13:29 . 2011-02-11 15:54 3675091 ----a-w- c:\progra~3\MFAData\SelfUpd\bins\f10mfa1204hu.bin
    2011-01-25 04:49 . 2011-02-11 15:58 647 ----a-w- c:\progra~3\MFAData\mkt\hi\Installation-Page_LinkScanner.html
    2011-01-25 04:49 . 2011-02-11 15:58 624 ----a-w- c:\progra~3\MFAData\mkt\hi\Installation-Page_Smart-Scanning.html
    2011-01-25 04:49 . 2011-02-11 15:58 691 ----a-w- c:\progra~3\MFAData\mkt\hi\Installation-Page_Social-Networking.html
    2011-01-25 04:49 . 2011-02-11 15:58 1397 ----a-w- c:\progra~3\MFAData\mkt\res\LinkScanner-style.css
    2011-01-25 04:49 . 2011-02-11 15:58 20775 ----a-w- c:\progra~3\MFAData\mkt\res\LinkScanner.jpg
    2011-01-25 04:49 . 2011-02-11 15:58 16581 ----a-w- c:\progra~3\MFAData\mkt\res\Smart-Scanning.jpg
    2011-01-25 04:49 . 2011-02-11 15:58 1400 ----a-w- c:\progra~3\MFAData\mkt\res\SmartScanning-style.css
    2011-01-25 04:49 . 2011-02-11 15:58 22974 ----a-w- c:\progra~3\MFAData\mkt\res\Social-Networking.jpg
    2011-01-25 04:49 . 2011-02-11 15:58 1403 ----a-w- c:\progra~3\MFAData\mkt\res\SocialNetworking-style.css
    2011-01-25 04:49 . 2011-02-11 15:58 647 ----a-w- c:\progra~3\MFAData\mkt\us\Installation-Page_LinkScanner.html
    2011-01-25 04:49 . 2011-02-11 15:58 624 ----a-w- c:\progra~3\MFAData\mkt\us\Installation-Page_Smart-Scanning.html
    2011-01-25 04:49 . 2011-02-11 15:58 670 ----a-w- c:\progra~3\MFAData\mkt\us\Installation-Page_Social-Networking.html
    2011-01-25 04:48 . 2011-01-25 04:49 295214 ----a-w- c:\progra~3\MFAData\logs\msi-20110125-044755.log
    2011-01-25 04:47 . 2011-01-25 05:20 308754 ----a-w- c:\progra~3\MFAData\logs\mfa-20110125-044755.log
    2011-01-24 21:51 . 2011-02-11 15:57 3799 ----a-w- c:\progra~3\MFAData\mkt\us\dm_marketing_message-en-us.html
    2011-01-24 21:51 . 2011-02-11 15:57 2198 ----a-w- c:\progra~3\MFAData\mkt\res\style.css
    2011-01-24 21:51 . 2011-02-11 15:57 4096 ----a-w- c:\progra~3\MFAData\mkt\res\Thumbs.db
    2011-01-24 21:51 . 2011-02-11 15:57 5293 ----a-w- c:\progra~3\MFAData\mkt\res\ui-background.jpg
    2011-01-24 21:51 . 2011-02-11 15:57 160 ----a-w- c:\progra~3\MFAData\mkt\res\ico-blue-bg.gif
    2011-01-24 21:51 . 2011-02-11 15:57 1294 ----a-w- c:\progra~3\MFAData\mkt\res\OK.png
    2011-01-24 21:51 . 2011-02-11 15:57 3107 ----a-w- c:\progra~3\MFAData\mkt\hi\dm_marketing_message-hi.html
    2011-01-24 21:40 . 2011-01-24 21:51 295214 ----a-w- c:\progra~3\MFAData\logs\msi-20110124-213856.log
    2011-01-24 21:39 . 2011-01-24 21:39 11958 ----a-w- c:\progra~3\MFAData\logs\mfa-20110124-213954.log
    2011-01-24 21:39 . 2011-01-24 21:39 11958 ----a-w- c:\progra~3\MFAData\logs\mfa-20110124-213901.log
    2011-01-24 21:38 . 2011-01-24 21:51 217924 ----a-w- c:\progra~3\MFAData\logs\mfa-20110124-213856.log
    2010-12-22 09:54 . 2011-01-25 05:20 29596837 ----a-w- c:\progra~3\MFAData\pack\bins\f10avisa1191tq.bin.partial
    2010-12-22 09:54 . 2011-01-24 21:40 1498859 ----a-w- c:\progra~3\MFAData\pack\bins\f10avga1191rg.bin
    2010-12-22 09:54 . 2011-01-25 04:53 5536607 ----a-w- c:\progra~3\MFAData\pack\bins\f10antivira1191eg.bin
    2010-12-22 09:54 . 2011-01-25 04:50 305699 ----a-w- c:\progra~3\MFAData\pack\bins\f10antirka1191ic.bin
    2010-11-24 12:19 . 2011-01-24 21:40 70044 ----a-w- c:\progra~3\MFAData\pack\bins\foi10cnet_mis15ni.bin
    2010-11-18 20:54 . 2011-01-24 21:40 16269 ----a-w- c:\progra~3\MFAData\pack\bins\foi10cnet_mps11fx.bin
    2010-09-24 21:42 . 2011-01-24 21:40 5882 ----a-w- c:\progra~3\MFAData\pack\bins\foi10cnet_lic8dn.bin
    2010-08-26 13:08 . 2011-02-11 15:55 798 ----a-w- c:\progra~3\MFAData\mfaurlconf.ini


    ((((((((((((((((((((((((((((( SnapShot@2011-02-14_08.07.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2011-02-16 04:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-02-14 08:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-02-14 08:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-16 04:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-02-14 08:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-16 04:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-04-24 11:48 . 2011-02-15 16:40 44302 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-02-15 16:40 40206 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2010-04-29 21:48 . 2011-02-12 08:56 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-04-29 21:48 . 2011-02-15 18:38 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-12 08:56 . 2011-02-15 18:38 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-15 18:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-02-12 08:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-04-29 22:26 . 2011-02-14 07:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-04-29 22:26 . 2011-02-16 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-04-29 22:26 . 2011-02-14 07:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-04-29 22:26 . 2011-02-16 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-11-10 17:49 . 2010-11-10 17:49 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\wow_helper.exe
    + 2010-11-10 17:49 . 2010-11-10 17:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
    + 2010-11-10 17:49 . 2010-11-10 17:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
    + 2010-11-10 17:49 . 2010-11-10 17:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
    + 2010-11-10 17:49 . 2010-11-10 17:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
    + 2010-11-10 17:49 . 2010-11-10 17:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
    + 2010-07-08 22:01 . 2011-02-15 16:40 5892 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-38433659-1002438047-1770949657-1002_UserData.bin
    - 2011-02-14 08:06 . 2011-02-14 08:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-16 04:26 . 2011-02-16 04:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-16 04:26 . 2011-02-16 04:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-02-14 08:06 . 2011-02-14 08:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-02-12 01:18 . 2010-11-12 23:53 157472 c:\windows\SysWOW64\javaws.exe
    + 2011-02-16 02:23 . 2011-02-03 02:40 157472 c:\windows\SysWOW64\javaws.exe
    + 2011-02-16 02:23 . 2011-02-03 02:40 145184 c:\windows\SysWOW64\javaw.exe
    - 2011-02-12 01:18 . 2010-11-12 23:53 145184 c:\windows\SysWOW64\javaw.exe
    - 2011-02-12 01:18 . 2010-11-12 23:53 145184 c:\windows\SysWOW64\java.exe
    + 2011-02-16 02:23 . 2011-02-03 02:40 145184 c:\windows\SysWOW64\java.exe
    + 2010-04-30 00:46 . 2011-02-15 20:41 308000 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2011-02-15 16:43 615360 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-02-14 07:52 615360 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-02-15 16:43 103702 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-02-14 07:52 103702 c:\windows\system32\perfc009.dat
    + 2011-02-16 02:23 . 2011-02-16 02:23 183808 c:\windows\Installer\2177da9.msi
    + 2010-11-10 17:49 . 2010-11-10 17:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
    + 2010-11-10 17:49 . 2010-11-10 17:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
    + 2010-11-10 20:54 . 2010-11-10 20:54 2307584 c:\windows\Installer\2b73dc.msi
    + 2010-11-10 17:49 . 2010-11-10 17:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
    + 2010-11-10 17:49 . 2010-11-10 17:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
    + 2010-11-10 17:49 . 2010-11-10 17:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
    - 2009-07-14 02:34 . 2011-02-14 08:02 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2011-02-15 22:52 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\2b73dd.msp
    + 2010-11-10 17:49 . 2010-11-10 17:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobiLink3"="c:\program files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-27 902144]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
    [BU]

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-06 1255736]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 69152]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-04-27 55856]
    S1 aswSP;aswSP; [x]
    S1 dtcdrom;dtcdrom;c:\windows\SysWOW64\drivers\dtcdrom.sys [2010-09-19 234048]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 DTNetService;DTNetService;c:\program files (x86)\DAEMON Tools Net\DTNetSrv.exe [2010-07-29 394560]
    S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-08-24 82432]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
    S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys [2009-05-15 213376]
    S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys [2009-05-15 213376]
    S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys [2009-05-15 213376]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:39]

    2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:39]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.techspot.com/vb/topic161099.html#post1005811
    FF - prefs.js: keyword.URL -
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
    FF - Ext: GMarks: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83} - %profile%\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
    FF - Ext: Make Address Bar Font Size Bigger: addressBarFontSizeBigger@papafresh.com - %profile%\extensions\addressBarFontSizeBigger@papafresh.com
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: mediaplayerconnectivity: {84b24861-62f6-364b-eba5-2e5e2061d7e6} - %profile%\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
    FF - Ext: ProCon Latte: {9D6218B8-03C7-4b91-AA43-680B305DD35C} - %profile%\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
    FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
    FF - Ext: Toy Factory: {31a48160-39fc-11de-8a39-0800200c9a66} - %profile%\extensions\{31a48160-39fc-11de-8a39-0800200c9a66}
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-15 23:31:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-16 04:30
    ComboFix2.txt 2011-02-14 08:13

    Pre-Run: 181,222,133,760 bytes free
    Post-Run: 180,800,544,768 bytes free

    - - End Of File - - E7789D2ED7B6A8AB3FE5977130FCB4E1




    Eset NOD32 Online AntiVirus scan LOG:
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=0fd06bd043958f4da3398749b2af0168
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-02-16 05:31:24
    # local_time=2011-02-16 12:31:24 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=512 16777215 100 0 292712 292712 0 0
    # compatibility_mode=768 16777215 100 0 286633 286633 0 0
    # compatibility_mode=5893 16776574 100 94 22072034 49375248 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=136929
    # found=2
    # cleaned=0
    # scan_time=2486
    C:\Qoobox\Quarantine\C\Users\Jerry Van Meter\AppData\Roaming\Mozilla\Firefox\Profiles\czy9hxpc.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\Users\Tabatha\AppData\Roaming\Mozilla\Firefox\Profiles\pnjgda0t.default\extensions\{1d878283-d0e3-4b3b-87b1-2e7641d68d98}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No new infections in the Eset log All are in the Qoobox which is where Combofix sends the quarantined files.

    Are you now using LogMeIn and/or GoToAssist> probably not since you have posted here.

    Also, are Tabatha, Grace, Jerry and the default user all logging on under the same account> There is app data for all 4. Scans are run by Tabatha.
     
  7. jerryandtabatha

    jerryandtabatha TS Rookie Topic Starter

    Hi. Yes, since i ran the Combofix all seems to be well. Haven't had a browser redirect since then.

    No, i dont use the logmein or the go to assist ( i dont even know that that is).

    We do have different profiles for the computer but the Grace side doesnt really get used, and I (Tabatha) use the Tabatha and the Jerry side mostly.

    I really appreciate all your hardwork on helping me fix this!
    Thanks a bunch!

    Tabatha
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You are most welcome! About those accounts, I saw some games in the logs and considered asking you if Tabatha, Jerry, Grace and Default played against each other! I thought that might not go over well, so left it out.

    As for LogMeIn, someone using the system most likely got online support from 'Go To Assist.' So if you have the GTA program in Add/Remove Programs, you can uninstall it there. I see LogMeIn in the Firefox Extensions, so go to Tools> Add-ons> and remove it from there.

    If you don't have any more questions and the redirects have stopped, we can clean up:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

      Creating a Restore Point in Windows 7:
      • Click on Start> right click on Computer> Properties
      • Select System Protection
      • Click on the Create button (near bottom)
      • Type a name for the Restore Point
      • Click on Create again to save the restore point.

      Deleting all but the most recent System Protection point in Windows 7
      1. Click Start> Computer> right click the C Drive and choose Properties> enter.
      2. Click Disk Cleanup from there.
        [​IMG]
      3. Click Clean up system files
        This restarts Disk Cleanup to run in elevated mode.
      4. Click the More Options tab
        [​IMG]
      5. Click the Clean up under System Restore and Shadow Copies.
      6. Click OK.
      7. You will get a confirmation screen> Just click Delete.
      8. Click OK on the Disk Cleanup Screen.
      9. Click Delete Files on the Confirmation screen.
      [​IMG]
      It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
      Images courtesy lytebyte.

      Empty the Recycle Bin

      (Tell Jerry, Grace and 'Default' hello for me!)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...