Google redirect virus - ran Spybot, MWB and Hitman; all found nothing

Solved
By acidburn2448
Jul 26, 2011
Topic Status:
Not open for further replies.
  1. I have had the virus for a few months now and learned to live with it but recently, its been worse. Redirecting me almost everytime I do something on google instead of the once every 15 when i first began to notice it. I have run MWB and Spybot Search and Destroy and Hitman (Free Trial Version), I can rerun and provide logs if that is where you wish for me to start. None of these found anything besides cookies.

    Thanks
    Austin
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! I'll help with the redirect problem.

    We have an organized start, so please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    I strongly recommend that you uninstall Hitman Pro. It is nothing more than a bundle of programs that can all be found free on the internet. and those programs are fully functional in that they remove bad entries. The scam from Hitman is that removal is only free while in the trial period- after that you have to pay.
    ========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Hard to believe you've gone on for months knowing you have some kind of malwarwe!
  3. acidburn2448

    acidburn2448 Newcomer, in training Topic Starter

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
    Run by Austin at 15:25:59 on 2011-07-26
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2311 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\msvcp7132.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AirPort\APAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\Austin\Desktop\Youtube Videos\06jnne7k.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
    uInternet Settings,ProxyOverride = *.local
    BHO: {140d1708-3d25-46bc-8aca-b35f2b6b2cb3} - C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    dRun: [Safe Run Start] C:\Windows\SysWOW64\saferun.exe
    StartupFolder: C:\Users\Austin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Austin\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{01157349-93C7-4E7A-9ADF-F602D26B2D5A} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF}\071677071677 : DhcpNameServer = 68.87.68.166 68.87.74.166
    TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF}\140707C65647F677E6 : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF}\34F627E656272416B656279775966696 : DhcpNameServer = 8.8.8.8 8.8.4.4 10.12.1.12
    TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF}\35861646F677 : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
    C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
    FF - plugin: C:\Users\Austin\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: XULRunner: {A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3} - C:\Windows\system32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}
    FF - Ext: XULRunner: {0B84D067-4F89-45D3-9EF7-205454709767} - C:\Users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}
    FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
    FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
    FF - Ext: XUL Cache: {d1f25624-e58f-4811-a96c-0c89d0436750} - %profile%\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 Dhcp32;DHCP Client ;C:\Windows\System32\msvcp7132.exe [2011-7-16 554496]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-3-8 844320]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-15 135664]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-16 1153368]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-15 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-29 225280]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-07-26 17:44:41 -------- d-----w- C:\Program Files (x86)\Citrix
    2011-07-26 17:42:11 72080 ----a-w- C:\Users\Austin\g2mdlhlpx.exe
    2011-07-26 15:56:33 -------- d-----w- C:\Program Files\CCleaner
    2011-07-16 06:42:57 554496 ----a-w- C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.exe
    2011-07-16 06:42:55 554496 ----a-w- C:\Windows\SysWow64\msvcp7132.exe
    2011-07-16 06:42:51 348672 ----a-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
    2011-07-15 18:19:02 -------- d-----r- C:\Users\Austin\Dropbox
    2011-07-15 18:17:03 -------- d-----w- C:\Users\Austin\AppData\Roaming\Dropbox
    2011-07-01 16:10:32 -------- d-----w- C:\Users\Austin\AppData\Local\FeedDemon
    2011-07-01 16:10:26 -------- d-----w- C:\Program Files (x86)\FeedDemon
    .
    ==================== Find3M ====================
    .
    2011-07-17 09:06:57 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2011-06-22 18:42:16 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-05-29 14:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-29 14:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 15:26:43.96 ===============

    **** I am waiting until we are done to uninstall Hitman so nothing gets changed *****
    EDIT:
    **** While I'm running MalwareBytes its finding things that it didn't previously. Not quite sure why, I have removed them*****

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    1. I don't see an antivirus program on the system. Please put one of these on the system now:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast-Free Antivirus

    2. Did you miss this?
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.


    Don't let the log named Attach.txt from DDS fool you. It must be pasted in and not zipped.
    ========================================
    3. Please remove Hitman Pro now.
  5. acidburn2448

    acidburn2448 Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/16/2010 11:10:59 AM
    System Uptime: 7/23/2011 11:48:58 PM (64 hours ago)
    .
    Motherboard: Gateway | | SJV50TR
    Processor: AMD Athlon(tm) II Dual-Core M300 | Socket S1G3 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 335.169 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP46: 7/7/2011 5:42:58 AM - Scheduled Checkpoint
    RP47: 7/15/2011 4:23:49 PM - Scheduled Checkpoint
    RP48: 7/23/2011 4:01:01 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X
    AirPort
    AMD USB Filter Driver
    Apple Application Support
    Apple Software Update
    Ares 2.1.0
    Backup Manager Basic
    Business Plan Pro 15th Anniversary Edition
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    ConvertXtoDVD 4.0.12.327
    Dropbox
    FeedDemon
    Gateway InfoCentre
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Updater
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.8.0.723
    Identity Card
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    Launch Manager
    Malwarebytes' Anti-Malware version 1.51.0.1200
    McAfee Security Scan Plus
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox (3.6.18)
    MSVCRT
    NetTools 5.0
    NeuLion Adaptive Plugin
    QuickTime
    Realtek USB 2.0 Card Reader
    Skype™ 4.2
    Spybot - Search & Destroy
    TeamSpeak 3 Client
    TeamViewer 5
    TeamViewer 6
    UltraISO Premium V9.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Word 2007 (KB974631)
    Video Web Camera
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinPcap 3.0
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/26/2011 1:45:55 PM, Error: atikmdag [43029] - Display is not active
    7/24/2011 6:14:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    7/24/2011 3:14:55 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    7/23/2011 11:25:30 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/23/2011 11:22:53 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/19/2011 4:06:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    7/19/2011 4:05:06 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/19/2011 4:04:54 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/19/2011 4:04:25 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/19/2011 4:04:25 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    7/19/2011 4:04:25 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/19/2011 4:04:25 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/19/2011 4:03:09 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    7/19/2011 4:02:59 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/19/2011 4:02:54 PM, Error: Service Control Manager [7034] - The Updater Service service terminated unexpectedly. It has done this 1 time(s).
    7/19/2011 4:02:48 PM, Error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s).
    7/19/2011 4:02:45 PM, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================




    MalwareBytes

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4447

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    8/18/2010 9:31:24 PM
    mbam-log-2010-08-18 (21-31-24).txt

    Scan type: Quick scan
    Objects scanned: 131134
    Time elapsed: 4 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 17
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 12

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xemrapxhhury (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hpeqtkgiwfp (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\procohidimenip (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\levcbgol (Trojan.Dropper) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files (x86)\$NtUninstallWTF1012$ (Adware.EZLife) -> Quarantined and deleted successfully.
    C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Windows\SysWOW64\ovxopfahmysnez.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\xmypncox.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\cihvetptt\kmosocytssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\cmaii.dll (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\Windows\System32\cmaii.dll (Adware.AdShot) -> Quarantined and deleted successfully.
    C:\Windows\System32\ovxopfahmysnez.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
    C:\Windows\System32\umaii.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Windows\System32\xemrapxhhury.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
    C:\Users\Austin\AppData\Local\Temp\dssknt.exe (Virus.Agent) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\$NtUninstallWTF1012$\elUninstall.exe (Adware.EZLife) -> Quarantined and deleted successfully.
    C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
    C:\ProgramData\Update\seupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    GMER
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-07-26 15:40:41
    Windows 6.1.7600
    Running: 06jnne7k.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\Austin\AppData\Local\Mozilla\Firefox\Profiles\02gy5ajk.default\Cache\3082967Bd01 9338880 bytes

    ---- EOF - GMER 1.0.15 ----


    ***Uninstalled Hitman Pro and installed Avira****
    ***I didn't see your private message saying 2 days, and I had thought it was a day, not 2. Sorry for the message.****
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Repeating FYI:
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    If would be appreciated if you read all instructions carefully> including this in Malwarebytes:
  7. acidburn2448

    acidburn2448 Newcomer, in training Topic Starter

    ComboFix 11-07-29.03 - Austin 07/30/2011 1:04.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2196 [GMT -5:00]
    Running from: c:\users\Austin\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\dns_lookup.tmp
    C:\Install.exe
    c:\programdata\5162qny2ob203v1p2ryg257h14
    c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}
    c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome.manifest
    c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome\content\_cfg.js
    c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome\content\overlay.xul
    c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\install.rdf
    c:\users\Austin\AppData\Local\5162qny2ob203v1p2ryg257h14
    c:\users\Austin\AppData\Roaming\inst.exe
    c:\users\Austin\AppData\Roaming\Microsoft\Windows\Templates\5162qny2ob203v1p2ryg257h14
    c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}
    c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome.manifest
    c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome\xulcache.jar
    c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\defaults\preferences\xulcache.js
    c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\install.rdf
    c:\users\Austin\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-30 06:30 . 2011-07-30 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-28 07:54 . 2011-07-28 07:54 -------- d-----w- c:\programdata\AVS4YOU
    2011-07-28 07:54 . 2011-07-28 07:54 -------- d-----w- c:\users\Austin\AppData\Roaming\AVS4YOU
    2011-07-28 07:48 . 2011-07-28 08:01 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
    2011-07-28 07:47 . 2011-06-23 18:26 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
    2011-07-27 22:55 . 2011-07-27 22:55 -------- d-----w- c:\users\Austin\AppData\Roaming\Avira
    2011-07-27 22:50 . 2011-07-28 22:54 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-07-27 22:50 . 2011-07-28 22:54 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-07-27 22:50 . 2011-07-27 22:50 -------- d-----w- c:\programdata\Avira
    2011-07-27 22:50 . 2011-07-27 22:50 -------- d-----w- c:\program files (x86)\Avira
    2011-07-26 17:44 . 2011-07-28 08:05 -------- d-----w- c:\program files (x86)\Citrix
    2011-07-26 15:56 . 2011-07-26 15:56 -------- d-----w- c:\program files\CCleaner
    2011-07-15 18:19 . 2011-07-24 04:25 -------- d-----r- c:\users\Austin\Dropbox
    2011-07-15 18:17 . 2011-07-24 04:26 -------- d-----w- c:\users\Austin\AppData\Roaming\Dropbox
    2011-07-01 16:10 . 2011-07-01 16:10 -------- d-----w- c:\users\Austin\AppData\Local\FeedDemon
    2011-07-01 16:10 . 2011-07-01 16:10 -------- d-----w- c:\program files (x86)\FeedDemon
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-17 09:06 . 2010-09-27 04:42 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-07-07 00:52 . 2010-08-19 02:23 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 00:52 . 2010-08-19 02:23 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-23 18:25 . 2010-03-08 16:36 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2011-06-22 18:43 . 2011-06-22 18:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-06-22 18:43 . 2011-06-22 18:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-06-22 18:43 . 2011-06-22 18:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-06-22 18:43 . 2011-06-22 18:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-06-22 18:43 . 2011-06-22 18:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-06-22 18:43 . 2011-06-22 18:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-06-22 18:43 . 2011-06-22 18:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-06-22 18:43 . 2011-06-22 18:43 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-06-22 18:43 . 2011-06-22 18:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-06-22 18:43 . 2011-06-22 18:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-06-22 18:43 . 2011-06-22 18:43 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-06-22 18:43 . 2011-06-22 18:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-06-22 18:43 . 2011-06-22 18:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-06-22 18:43 . 2011-06-22 18:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-06-22 18:43 . 2011-06-22 18:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-06-22 18:43 . 2011-06-22 18:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-06-22 18:43 . 2011-06-22 18:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-06-22 18:43 . 2011-06-22 18:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-06-22 18:43 . 2011-06-22 18:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-06-22 18:43 . 2011-06-22 18:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-06-22 18:43 . 2011-06-22 18:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-22 18:43 . 2011-06-22 18:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-22 18:43 . 2011-06-22 18:43 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-22 18:43 . 2011-06-22 18:43 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-22 18:43 . 2011-06-22 18:43 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-22 18:43 . 2011-06-22 18:43 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-22 18:43 . 2011-06-22 18:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-22 18:43 . 2011-06-22 18:43 448512 ----a-w- c:\windows\system32\html.iec
    2011-06-22 18:43 . 2011-06-22 18:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-06-22 18:43 . 2011-06-22 18:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-22 18:43 . 2011-06-22 18:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-22 18:43 . 2011-06-22 18:43 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-22 18:43 . 2011-06-22 18:43 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-06-22 18:43 . 2011-06-22 18:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-06-22 18:43 . 2011-06-22 18:43 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-22 18:43 . 2011-06-22 18:43 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-06-22 18:43 . 2011-06-22 18:43 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-22 18:43 . 2011-06-22 18:43 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-06-22 18:43 . 2011-06-22 18:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-22 18:43 . 2011-06-22 18:43 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-06-22 18:43 . 2011-06-22 18:43 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-06-22 18:43 . 2011-06-22 18:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-22 18:42 . 2011-06-22 18:42 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-06-22 18:42 . 2011-06-22 18:42 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-06-22 18:42 . 2011-06-22 18:42 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-06-22 18:42 . 2011-06-22 18:42 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-06-22 18:42 . 2011-06-22 18:42 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-06-22 18:42 . 2011-06-22 18:42 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-06-22 18:42 . 2011-06-22 18:42 4068864 ----a-w- c:\windows\system32\mf.dll
    2011-06-22 18:42 . 2011-06-22 18:42 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-06-22 18:42 . 2011-06-22 18:42 3181568 ----a-w- c:\windows\SysWow64\mf.dll
    2011-06-22 18:42 . 2011-06-22 18:42 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-06-22 18:42 . 2011-06-22 18:42 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-06-22 18:42 . 2011-06-22 18:42 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-06-22 18:42 . 2011-06-22 18:42 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-06-22 18:42 . 2011-06-22 18:42 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2011-06-22 18:42 . 2011-06-22 18:42 206848 ----a-w- c:\windows\system32\mfps.dll
    2011-06-22 18:42 . 2011-06-22 18:42 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-06-22 18:42 . 2011-06-22 18:42 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2011-06-22 18:42 . 2011-06-22 18:42 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2011-06-22 18:42 . 2011-06-22 18:42 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1540608 ----a-w- c:\windows\system32\DWrite.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
    2011-06-22 18:42 . 2011-06-22 18:42 144384 ----a-w- c:\windows\system32\cdd.dll
    2011-06-22 18:42 . 2011-06-22 18:42 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1133568 ----a-w- c:\windows\system32\FntCache.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Austin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    .
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 72196045
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB
    *NewlyCreated* - RMCAST
    *Deregistered* - 72196045
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 02:27]
    .
    2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 02:27]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-16 206208]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 10.0.1.1
    FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
    FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKU-Default-Run-Safe Run Start - c:\windows\SysWOW64\saferun.exe
    Toolbar-Locked - (no file)
    AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
    36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a9,f2,32,33,14,38,cc,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-07-30 01:33:25
    ComboFix-quarantined-files.txt 2011-07-30 06:33
    .
    Pre-Run: 355,777,380,352 bytes free
    Post-Run: 355,650,691,072 bytes free
    .
    - - End Of File - - DD2E37DB882796E1C3D55537D3C6C735





    ====================================================
    ESET
    C:\ProgramData\Spybot - Search & Destroy\Recovery\AdRotator8.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm
    C:\Qoobox\Quarantine\C\Users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan
    C:\Qoobox\Quarantine\C\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\AdRotator8.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm
    C:\Users\Austin\Dragon Naturally Speaking V10 Preferred.rar a variant of Win32/Keygen.AG application
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\3a9c5000-4474acaf a variant of Java/Exploit.CVE-2009-2843.B trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-14262a4e Java/Exploit.CVE-2010-4452.A trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6add3540-1078a65a multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-3063e418 multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-4cf06321 multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\25b8b8f-15cd60df multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3084712-79d03a0f multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\455b1452-1df4e952 a variant of Win32/Kryptik.LAE trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\49e473d2-441964e8 a variant of Win32/Injector.GIB trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-32f1e3f2 multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\50c80b59-7f38132b multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\f4dfdd-30e8ddbd multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-6fdb229d multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-15cdc859 a variant of Java/Exploit.CVE-2009-2843.B trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-50c319ea a variant of Java/Exploit.CVE-2009-2843.B trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3630b029-17726db1 multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\752509ab-5a615bec a variant of Java/Exploit.CVE-2009-2843.B trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\32e44eaf-52bee64b probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\37cf23b0-51fbdb5d a variant of Win32/Kryptik.LAE trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5461bbba-21276d1e Java/TrojanDownloader.Agent.NCM trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\686c0d7c-7ad57c57 multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-44e00e17 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-51655cd9 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2f19163f-2a72b692 multiple threats
    C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\bfacb09-6e1834fc multiple threats
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\ggbrzx[1].htm Win32/Adware.SpywareProtect2009 application
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\id2[1].htm multiple threats
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\iss22[1].exe Win32/TrojanDownloader.Small.OVG trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\jwrlgbvd[1].htm a variant of Win32/Kryptik.GXW trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\spsf12[1].exe a variant of Win32/Injector.CDG trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT8WHFS0\ggbrzx[1].htm Win32/Adware.SpywareProtect2009 application
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT8WHFS0\gkbjdlwqlt[1].htm a variant of Win32/Cimag.CQ trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\kksahc[1].htm Win32/TrojanDownloader.Small.OTT trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\nss32[1].exe Win32/TrojanDownloader.FakeAlert.AQI trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\wzdytaicxe[1].htm probably a variant of Win32/Agent.CPURUFH trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\dms419[1].exe a variant of Win32/Injector.CDG trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\dst213[1].exe a variant of Win32/Olmarik.AFR trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\gkbjdlwqlt[1].htm a variant of Win32/Cimag.CQ trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\jjaiqxsq[1].htm a variant of Win32/Kryptik.EZZ trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\kksaupwr[1].htm a variant of Win32/Kryptik.FAT trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\ggbrzx[1].htm Win32/Adware.SpywareProtect2009 application
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\id2[1].htm multiple threats
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\iss22[1].exe Win32/TrojanDownloader.Small.OVG trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\jwrlgbvd[1].htm a variant of Win32/Kryptik.GXW trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\spsf12[1].exe a variant of Win32/Injector.CDG trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT8WHFS0\ggbrzx[1].htm Win32/Adware.SpywareProtect2009 application
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT8WHFS0\gkbjdlwqlt[1].htm a variant of Win32/Cimag.CQ trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\kksahc[1].htm Win32/TrojanDownloader.Small.OTT trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\nss32[1].exe Win32/TrojanDownloader.FakeAlert.AQI trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\wzdytaicxe[1].htm probably a variant of Win32/Agent.CPURUFH trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\dms419[1].exe a variant of Win32/Injector.CDG trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\dst213[1].exe a variant of Win32/Olmarik.AFR trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\gkbjdlwqlt[1].htm a variant of Win32/Cimag.CQ trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\jjaiqxsq[1].htm a variant of Win32/Kryptik.EZZ trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\kksaupwr[1].htm a variant of Win32/Kryptik.FAT trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay then- let's work on the Eset entries. Many are in the Java cache. I am seeing this frequently now and all systems with these multiple Java cache entries have outdated Java on their systems. You have Java(TM) 6 Update 20. The current is v6u26. This is a vulnerability. So we'll clean the cache, then you will update Java:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the cControl Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]
      ==========================================
      [B]Please update Java[/B]: [url=http://www.java.com/en/download/manual.jsp][b][color=blue]Java Updates[/b][/color][/url] [B]Uninstall any earlier versions in Add/Remove Programs [/B]
      [b]Note: Uncheck 'Install Yahoo Toolbar' on the download screen [u]before[/u] you do the update.[/b]
      =========================================

      Please download [url=http://oldtimer.geekstogo.com/OTM.exe][b][color=blue]OTMovit by Old Timer[/b][/color][/url] and save to your desktop.
      [list]
      [*] Double-click [b]OTMoveIt3.exe[/b] to run it. (Vista users, please right click on [b]OTMoveit3.exe[/b] and select "Run as an [b]Administrator[/b]")
      [*][b]Copy the file paths below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):
      [CODE]
      :Files
      C:\Users\Austin\Dragon Naturally Speaking V10 Preferred.rar
      C:\ProgramData\Spybot - Search & Destroy\Recovery\AdRotator8.zip
      C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip
      C:\Users\All Users\Spybot - Search & Destroy\Recovery\AdRotator8.zip
      C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot][/CODE]
      [*] Return to OTMoveIt3, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window and choose [b]Paste[/b].
      [*]Click the red [b]Moveit![/b] button.
      [*]A log of files and folders moved will be created in the [b]c:\_OTMoveIt\MovedFiles[/b] folder in the form of Date and Time ([b]mmddyyyy_hhmmss.log[/b]). Please open this log in Notepad and post its contents in your next reply.
      [*]Close [b]OTMoveIt3[/b]
      [/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b]
      ===================================================
      [B]The following was pirated. Please remove it from your system.[/B]
      C:\Users\Austin\Dragon Naturally Speaking V10 Preferred.rar a variant of Win32/[B]Keygen.[/B]AG application
      ===================================================
      [b]When you have finished with all of the above, please reboot, then rescan with Eset to make sure the quarantined Spybot entrie and all of the infeted temporary internet files are removed.[/b]

      [B]You will leave 2 logs:[/B]
      1. OTM log
      2. New Eset scan log.

      [B][U][COLOR="Red"]A comment: All those program you ran found nothing![/COLOR][/U][/B]
      ===============================================
      Please reset the Cookies on each account as follows:
      [b]Reset Cookies[/b]

      [b]For Internet Explorer:[/b] Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'>[b] CHECK 'accept[/b] first party Cookies'>[b] CHECK 'Block[/b] third party Cookies'> [b]CHECK 'allow[/b] per session Cookies'> Apply> OK.

      [b]For Firefox:[/b] Tools> Options> Privacy> Cookies> [b]CHECK ‘accept[/b] Cookies from Sites’> [b]UNCHECK 'accept[/b] third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

      [B]I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:[/B]
      [url=https://addons.mozilla.org/en-US/firefox/addon/1865][b][color=blue]AdBlock Plus[/b][/color][/url]
      [url=http://easylist.adblockplus.org/][b][color=blue]Easy List[/b][/color][/url]

      [b]For Chrome:[/b] Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
      (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
  9. acidburn2448

    acidburn2448 Newcomer, in training Topic Starter

    OTM

    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\Austin\Dragon Naturally Speaking V10 Preferred.rar not found.
    File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\AdRotator8.zip not found.
    File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip not found.
    File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\AdRotator8.zip not found.
    File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Austin
    ->Temp folder emptied: 327976 bytes
    ->Temporary Internet Files folder emptied: 2818182 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 68514355 bytes
    ->Flash cache emptied: 2920 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50601 bytes
    RecycleBin emptied: 5076831 bytes

    Total Files Cleaned = 73.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 08012011_000443

    Files moved on Reboot...
    C:\Users\Austin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...



    ESET

    C:\Qoobox\Quarantine\C\Users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan
    C:\Qoobox\Quarantine\C\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
    C:\Windows\System32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan
    C:\_OTM\MovedFiles\07312011_235613\C_Users\Austin\Dragon Naturally Speaking V10 Preferred.rar a variant of Win32/Keygen.AG application



    ===============
    I removed the Dragon Naturally Speaking, since OTM moved it, I thought it was deleted but saw it still wasn't after running ESET so I went and found it and deleted it completely.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    There is still have a security leak somewhere. Most of the Eset entries are in the Qoobox. That's where Combofix puts the quarantined files. They are not active in the system and will be removed when I have you uninstall Combofix:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Windows\System32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul 
      C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ------------------------------
    Please have a look HERE about the overlay.xul addon. I've never used this addon and am not familiat with it's settings.
    This appears to be the addon in Firefox: FF - Ext: XUL Cache: {d1f25624-e58f-4811-a96c-0c89d0436750} - %profile%\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}
    =========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\drivers\hitmanpro35.sys
    DDS::
    BHO: {140d1708-3d25-46bc-8aca-b35f2b6b2cb3} - C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please update Java if you haven't done it already: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.

    You also need to remove Java v6u20 from Firefox.
    =================================================
    Have the redirects been resolved?
  11. acidburn2448

    acidburn2448 Newcomer, in training Topic Starter

    All processes killed
    ========== FILES ==========
    C:\Windows\System32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul moved successfully.
    File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Austin
    ->Temp folder emptied: 439870 bytes
    ->Temporary Internet Files folder emptied: 239306 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 92913698 bytes
    ->Flash cache emptied: 1019 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 89.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 08052011_133601

    Files moved on Reboot...
    C:\Users\Austin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...


    COMBOFIX

    ComboFix 11-08-05.01 - Austin 08/05/2011 13:55:47.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2746 [GMT -5:00]
    Running from: c:\users\Austin\Desktop\ComboFix.exe
    Command switches used :: c:\users\Austin\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\drivers\hitmanpro35.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\hitmanpro35.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-05 19:02 . 2011-08-05 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-01 04:56 . 2011-08-01 04:56 -------- d-----w- C:\_OTM
    2011-08-01 04:54 . 2011-08-01 04:54 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-07-30 06:37 . 2011-07-30 06:37 -------- d-----w- c:\program files (x86)\ESET
    2011-07-28 07:54 . 2011-07-28 07:54 -------- d-----w- c:\programdata\AVS4YOU
    2011-07-28 07:54 . 2011-07-28 07:54 -------- d-----w- c:\users\Austin\AppData\Roaming\AVS4YOU
    2011-07-28 07:48 . 2011-07-28 08:01 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
    2011-07-28 07:47 . 2011-06-23 18:26 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
    2011-07-27 22:55 . 2011-07-27 22:55 -------- d-----w- c:\users\Austin\AppData\Roaming\Avira
    2011-07-27 22:50 . 2011-07-28 22:54 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-07-27 22:50 . 2011-07-28 22:54 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-07-27 22:50 . 2011-07-27 22:50 -------- d-----w- c:\programdata\Avira
    2011-07-27 22:50 . 2011-07-27 22:50 -------- d-----w- c:\program files (x86)\Avira
    2011-07-26 17:44 . 2011-07-28 08:05 -------- d-----w- c:\program files (x86)\Citrix
    2011-07-26 15:56 . 2011-07-26 15:56 -------- d-----w- c:\program files\CCleaner
    2011-07-15 18:19 . 2011-08-05 18:38 -------- d-----r- c:\users\Austin\Dropbox
    2011-07-15 18:17 . 2011-08-05 18:38 -------- d-----w- c:\users\Austin\AppData\Roaming\Dropbox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-07 00:52 . 2010-08-19 02:23 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 00:52 . 2010-08-19 02:23 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-23 18:25 . 2010-03-08 16:36 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2011-06-22 18:43 . 2011-06-22 18:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-06-22 18:43 . 2011-06-22 18:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-06-22 18:43 . 2011-06-22 18:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-06-22 18:43 . 2011-06-22 18:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-06-22 18:43 . 2011-06-22 18:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-06-22 18:43 . 2011-06-22 18:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-06-22 18:43 . 2011-06-22 18:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-06-22 18:43 . 2011-06-22 18:43 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-06-22 18:43 . 2011-06-22 18:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-06-22 18:43 . 2011-06-22 18:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-06-22 18:43 . 2011-06-22 18:43 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-06-22 18:43 . 2011-06-22 18:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-06-22 18:43 . 2011-06-22 18:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-06-22 18:43 . 2011-06-22 18:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-06-22 18:43 . 2011-06-22 18:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-06-22 18:43 . 2011-06-22 18:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-06-22 18:43 . 2011-06-22 18:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-06-22 18:43 . 2011-06-22 18:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-06-22 18:43 . 2011-06-22 18:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-06-22 18:43 . 2011-06-22 18:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-06-22 18:43 . 2011-06-22 18:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-22 18:43 . 2011-06-22 18:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-22 18:43 . 2011-06-22 18:43 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-22 18:43 . 2011-06-22 18:43 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-22 18:43 . 2011-06-22 18:43 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-22 18:43 . 2011-06-22 18:43 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-22 18:43 . 2011-06-22 18:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-22 18:43 . 2011-06-22 18:43 448512 ----a-w- c:\windows\system32\html.iec
    2011-06-22 18:43 . 2011-06-22 18:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-06-22 18:43 . 2011-06-22 18:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-22 18:43 . 2011-06-22 18:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-22 18:43 . 2011-06-22 18:43 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-22 18:43 . 2011-06-22 18:43 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-06-22 18:43 . 2011-06-22 18:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-06-22 18:43 . 2011-06-22 18:43 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-22 18:43 . 2011-06-22 18:43 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-06-22 18:43 . 2011-06-22 18:43 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-22 18:43 . 2011-06-22 18:43 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-06-22 18:43 . 2011-06-22 18:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-22 18:43 . 2011-06-22 18:43 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-06-22 18:43 . 2011-06-22 18:43 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-06-22 18:43 . 2011-06-22 18:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-22 18:42 . 2011-06-22 18:42 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-06-22 18:42 . 2011-06-22 18:42 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-06-22 18:42 . 2011-06-22 18:42 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-06-22 18:42 . 2011-06-22 18:42 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-06-22 18:42 . 2011-06-22 18:42 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-06-22 18:42 . 2011-06-22 18:42 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-06-22 18:42 . 2011-06-22 18:42 4068864 ----a-w- c:\windows\system32\mf.dll
    2011-06-22 18:42 . 2011-06-22 18:42 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-06-22 18:42 . 2011-06-22 18:42 3181568 ----a-w- c:\windows\SysWow64\mf.dll
    2011-06-22 18:42 . 2011-06-22 18:42 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-06-22 18:42 . 2011-06-22 18:42 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-06-22 18:42 . 2011-06-22 18:42 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-06-22 18:42 . 2011-06-22 18:42 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-06-22 18:42 . 2011-06-22 18:42 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2011-06-22 18:42 . 2011-06-22 18:42 206848 ----a-w- c:\windows\system32\mfps.dll
    2011-06-22 18:42 . 2011-06-22 18:42 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-06-22 18:42 . 2011-06-22 18:42 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2011-06-22 18:42 . 2011-06-22 18:42 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2011-06-22 18:42 . 2011-06-22 18:42 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1540608 ----a-w- c:\windows\system32\DWrite.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
    2011-06-22 18:42 . 2011-06-22 18:42 144384 ----a-w- c:\windows\system32\cdd.dll
    2011-06-22 18:42 . 2011-06-22 18:42 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1133568 ----a-w- c:\windows\system32\FntCache.dll
    2011-06-22 18:42 . 2011-06-22 18:42 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-07-30_06.30.34 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2010-09-27 04:33 . 2011-07-29 22:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2010-09-27 04:33 . 2011-08-04 18:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2011-08-04 18:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-07-29 22:54 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-07-29 22:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-08-04 18:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-29 20:15 . 2011-08-01 05:08 24838 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-08-05 18:39 39058 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2010-03-08 16:28 . 2011-07-27 08:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-03-08 16:28 . 2011-08-03 06:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-08-03 06:33 . 2011-08-03 06:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-03-08 16:28 . 2011-07-27 08:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-07-27 08:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-08-03 06:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-05-23 01:48 . 2011-07-01 17:27 27796 c:\windows\system32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin
    + 2011-05-23 01:48 . 2011-08-03 06:34 27796 c:\windows\system32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin
    - 2009-07-14 04:46 . 2011-07-14 17:40 80736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 04:46 . 2011-08-01 05:14 80736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-08-01 07:55 . 2011-08-01 07:55 25088 c:\windows\Installer\9ba108.msi
    + 2010-06-16 02:13 . 2011-08-05 18:39 7910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-399312784-4078098850-4138850989-1000_UserData.bin
    + 2011-08-05 18:37 . 2011-08-05 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-06-22 18:54 . 2011-07-24 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-08-05 18:37 . 2011-08-05 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-06-22 18:54 . 2011-07-24 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-01 04:54 . 2011-05-04 09:52 157472 c:\windows\SysWOW64\javaws.exe
    - 2010-07-02 20:08 . 2010-07-02 20:08 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-08-01 04:54 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\javaw.exe
    - 2010-07-02 20:08 . 2010-07-02 20:08 145184 c:\windows\SysWOW64\java.exe
    + 2011-08-01 04:54 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\java.exe
    + 2010-07-02 20:08 . 2011-05-04 09:52 472808 c:\windows\SysWOW64\deployJava1.dll
    + 2009-07-14 04:54 . 2011-08-04 18:58 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-07-29 22:54 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-06-16 14:44 . 2011-08-04 23:07 285730 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2011-08-05 18:41 618264 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-07-28 15:51 618264 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-07-28 15:51 104546 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2011-08-05 18:41 104546 c:\windows\system32\perfc009.dat
    + 2009-07-14 04:45 . 2011-08-01 04:58 426200 c:\windows\system32\FNTCACHE.DAT
    + 2009-07-14 05:12 . 2011-08-03 06:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:12 . 2011-07-26 13:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2011-05-23 01:48 . 2011-08-03 06:34 111240 c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
    + 2009-07-14 05:01 . 2011-08-05 18:36 391916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-08-05 18:36 . 2011-08-05 18:36 391916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-399312784-4078098850-4138850989-1000-12288.dat
    + 2011-08-01 04:54 . 2011-08-01 04:54 207360 c:\windows\Installer\294ceeff.msi
    + 2009-07-14 02:34 . 2011-08-01 08:15 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2011-07-28 07:47 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 04:45 . 2011-08-01 05:02 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2011-06-22 18:56 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Austin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 02:27]
    .
    2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 02:27]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-16 206208]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 10.0.1.1
    FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
    FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
    36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a9,f2,32,33,14,38,cc,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-08-05 14:04:35
    ComboFix-quarantined-files.txt 2011-08-05 19:04
    ComboFix2.txt 2011-07-30 06:33
    .
    Pre-Run: 353,627,152,384 bytes free
    Post-Run: 353,564,430,336 bytes free
    .
    - - End Of File - - 4D5D8ED9D9AE39BF42A2BA5F397DC459





    ====================================
    I got 2 errors and screenshotted them both, would you like me to upload them?
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please give me an update on how the system is running now. Has the redirect been resolved?

    What were you trying to do when you got the errors? Don't need screen shot if you can tell me simply what they said.
  13. acidburn2448

    acidburn2448 Newcomer, in training Topic Starter

    Sorry for the late reply, it appears to be gone. I'll PM you if it reappears.

    Thank you for all of your time and help!
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You're welcome! Since the problem has been resolved>>

    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.