TechSpot

Google search links re-direct to adware/malware sites

By ravyn23259
Mar 1, 2011
  1. Like so many others, anytime I do a search in Google, the links are hijacked and redirected to advertising sites. Followed the instructions and here are the resulting logs. Any help is much appreciated!

    GMER reported nothing detected, so I don't have a log for that.

    Malwarebytes Log:
    -----------------------------------------------------
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5919

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/1/2011 2:20:46 PM
    mbam-log-2011-03-01 (14-20-46).txt

    Scan type: Quick scan
    Objects scanned: 220199
    Time elapsed: 2 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ---
    DDS Logs:
    -------

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by BeckyD at 14:23:06.58 on Tue 03/01/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4087.2085 [GMT -5:00]

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe
    C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe
    c:\wamp2\bin\apache\apache2.2.11\bin\httpd.exe
    c:\wamp2\bin\mysql\mysql5.1.36\bin\mysqld.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\wamp2\bin\apache\apache2.2.11\bin\httpd.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\MozyPro\mozyprobackup.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\MozyPro\mozyprobackup.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Users\beckyd\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\MozyPro\mozyprostat.exe
    C:\Program Files (x86)\MicroTouch\MT 7\TwMonitor.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\Digsby\lib\digsby-app.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\beckyd\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://lenovo.live.com
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit=userinit.exe
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    uRun: [Google Update] "C:\Users\beckyd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [AdobeBridge]
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYPR~1.LNK - C:\Program Files\MozyPro\mozyprostat.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOUCHM~1.LNK - C:\Program Files (x86)\MicroTouch\MT 7\TwMonitor.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: {4862BE6C-15BD-422A-9933-819AD7C17D8A} - hxxp://callawayupdate.bitshuttle.com/activex/bitshuttle.cab
    DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} - hxxp://corecamptz.realityi.local/activex/decoder/h264_dec.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {A5C3ACE4-EAEB-49EE-8529-1DA287A86C00} - file:///C:/Users/beckyd/Documents/Behr/POD/BehrPOD-Demo-02-12-10/PODdemoL/app/scannerx.ocx
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://corecamptz.realityi.local/activex/AMC.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\beckyd\AppData\Roaming\Mozilla\Firefox\Profiles\p1mn7cge.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: C:\Users\beckyd\AppData\Roaming\Mozilla\Firefox\Profiles\p1mn7cge.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll
    FF - component: C:\Users\beckyd\AppData\Roaming\Mozilla\Firefox\Profiles\p1mn7cge.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\beckyd\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\beckyd\AppData\Roaming\Mozilla\Firefox\Profiles\p1mn7cge.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: XULRunner: {8D257997-B2B0-4A71-8934-94DB847F5461} - C:\Users\beckyd\AppData\Local\{8D257997-B2B0-4A71-8934-94DB847F5461}
    FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Firefox Throttle: {ca8b7b3d-b6e6-438f-b935-601b3de48d66} - %profile%\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
    FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
    FF - Ext: Flashbug: flashbug@coursevector.com - %profile%\extensions\flashbug@coursevector.com
    FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-9 55280]
    R1 mozyproFilter;mozyproFilter;C:\Windows\System32\drivers\mozypro.sys [2011-2-10 66552]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 mozyprobackup;MozyPro Backup Service;C:\Program Files\MozyPro\mozyprobackup.exe [2010-1-4 79672]
    R2 MSSQL$SQLEXPRESS1;SQL Server (SQLEXPRESS1);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS1\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R2 TwDrvService;MT7 Serial Search Service;C:\Program Files (x86)\MicroTouch\MT 7\TwService.exe [2010-10-20 196096]
    R2 TwRegSvc;MT7 Registry Service;C:\Program Files (x86)\MicroTouch\MT 7\TwRegSvc.exe [2010-10-20 44544]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-2-9 317480]
    R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\System32\drivers\OA002Afx.sys [2007-6-8 219544]
    R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\System32\drivers\OA002Ufd.sys [2008-6-3 168864]
    R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\System32\drivers\OA002Vid.sys [2008-8-1 306560]
    R3 TwBus;3M MicroTouch Serial Bus Enumerator;C:\Windows\System32\drivers\TwBus.sys [2010-10-20 18856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-30 136176]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-17 1038088]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TwTouch;3M MicroTouch Sensor;C:\Windows\System32\drivers\TwTouch.sys [2010-10-20 113576]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2010-12-1 43792]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-3 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-8-15 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    S4 SQLAgent$SQLEXPRESS1;SQL Server Agent (SQLEXPRESS1);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS1\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

    =============== Created Last 30 ================

    2011-03-01 18:40:18 -------- d-----w- C:\Users\beckyd\AppData\Roaming\Malwarebytes
    2011-03-01 18:40:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-01 18:40:12 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-01 18:40:09 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-01 18:40:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-01 18:26:03 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C20DB860-D861-481C-AD88-D34A674974F3}\mpengine.dll
    2011-03-01 14:14:15 -------- d-----w- C:\Program Files (x86)\ESET
    2011-02-16 21:10:37 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2011-02-16 21:09:38 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-02-16 14:08:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-02-16 14:08:04 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2011-02-10 14:50:50 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
    2011-02-10 05:05:44 66552 ----a-w- C:\Windows\System32\drivers\mozypro.sys
    2011-02-10 05:03:14 10852008 ----a-w- C:\PROGRA~3\Tempmozypro-update-2608b8ce618371968079f4bf2fb6cf20.exe
    2011-02-07 17:26:55 -------- d-----w- C:\OptiPNG-UI_TEMP
    2011-02-07 14:49:56 -------- d-----w- C:\optipng
    2011-02-04 15:49:18 -------- d-----w- C:\jpegtran
    2011-02-01 16:24:30 0 ----a-w- C:\Users\beckyd\AppData\Local\Xqifohaqite.bin
    2011-02-01 16:24:29 -------- d-----w- C:\Users\beckyd\AppData\Local\{8D257997-B2B0-4A71-8934-94DB847F5461}
    2011-01-31 15:20:35 -------- d-----w- C:\Users\beckyd\net
    2011-01-31 15:18:26 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion

    ==================== Find3M ====================

    2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe

    ============= FINISH: 14:23:25.49 ===============

    ------
    DDS Attach:
    ----------

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/17/2010 9:26:23 AM
    System Uptime: 3/1/2011 1:37:41 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0X231R
    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 2801/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 923 GiB total, 762.704 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is CDROM ()
    X: is NetworkDisk (NTFS) - 5493 GiB total, 3925.187 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description:
    Device ID: ROOT\DISPLAY\FSVIDMIR
    Manufacturer:
    Name:
    PNP Device ID: ROOT\DISPLAY\FSVIDMIR
    Service:

    ==== System Restore Points ===================

    RP187: 2/21/2011 12:00:01 AM - Scheduled Checkpoint
    RP189: 2/28/2011 10:54:05 AM - Scheduled Checkpoint
    RP190: 3/1/2011 12:40:39 PM - Removed Freedom Scientific Synthesizer Eloquence
    RP191: 3/1/2011 12:41:13 PM - Removed Freedom Scientific Talking Installer 8.0

    ==== Installed Programs ======================

    Acrobat.com
    Adobe Acrobat 9 Pro - English, Fran├žais, Deutsch
    Adobe Acrobat 9.4.2 - CPSID_83708
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Community Help
    Adobe Contribute CS4
    Adobe Creative Suite 4 Web Premium
    Adobe CS4 American English Speech Analysis Models
    Adobe CS4 French Speech Analysis Models
    Adobe CS4 German Speech Analysis Models
    Adobe CS4 International English Speech Analysis Models
    Adobe CS4 Italian Speech Analysis Models
    Adobe CS4 Japanese Speech Analysis Models
    Adobe CS4 Korean Speech Analysis Models
    Adobe CS4 Spanish Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash Builder 4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flex Builder 3 Plug-in
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Soundbooth CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Software Update
    Belarc Advisor 8.1
    BlackBerry Email and MDS Services Simulators 4.1.2
    BlackBerry Smartphone Simulators 4.6.1.313 (8350i)
    BlackBerry Smartphone Simulators 5.0.0.517 (9550)
    BlackBerry Smartphone Simulators 5.0.0.545 (9700)
    BlackBerry Smartphone Simulators 5.0.0.604 (9100)
    BlackBerry Smartphone Simulators 5.0.0.604 (9105)
    BlackBerry Smartphone Simulators 6.0.0.141 (9800)
    Brother MFL-Pro Suite MFC-8460N
    Compatibility Pack for the 2007 Office system
    Connect
    Course Vector .minerva
    Crystal Reports Basic for Visual Studio 2008
    Digsby
    DirectXInstallService
    EMC 10 Content
    ESET Online Scanner v3
    FileZilla Client 3.3.5.1
    Freedom Scientific Braille
    Freedom Scientific Document Server
    Freedom Scientific Elevation
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    GoToMeeting 4.5.0.457
    GPL Ghostscript 8.63
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)
    Java(TM) 6 Update 14
    Java(TM) SE Development Kit 6 Update 13
    Junk Mail filter update
    kuler
    Malwarebytes' Anti-Malware
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft Choice Guard
    Microsoft Document Explorer 2005
    Microsoft Document Explorer 2008
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Live Meeting 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 Policies
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Surface SDK 1.0 SP1, Workstation Edition
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual SourceSafe 2005 - ENU
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Works
    Microsoft XNA Framework Redistributable 2.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MT 7.13 Build 1 for Windows
    Multimedia Card Reader
    Notepad++
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PowerDVD DX
    PremiumSoft Navicat 8.2 for MySQL
    PremiumSoft Navicat 9.0 for MySQL
    PuTTY version 0.60
    QuickTime
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
    SmartDraw VP
    Sonic CinePlayer Decoder Pack
    Sothink SWF Decompiler
    SQL Dependency Tracker 2
    SQL Server System CLR Types
    Suite Shared Configuration CS4
    System Requirements Lab
    Trillian
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Project 2007 Help (KB963668)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    Update for Outlook 2007 Junk Email Filter (kb2279264)
    VC Runtimes MSI
    VirtualCloneDrive
    Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - (v9.0.30729)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    VLC media player 1.0.5
    WampServer 2.0
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Windows Resource Kit Tools - SubInAcl.exe
    WinZip Self-Extractor
    ZIP 2 Secure EXE

    ==== Event Viewer Messages From Past Week ========

    3/1/2011 2:16:35 PM, Error: Microsoft-Windows-GroupPolicy [1030] - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
    3/1/2011 2:14:09 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    3/1/2011 2:02:11 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain REALITYI due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    3/1/2011 1:38:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 RxFilter
    3/1/2011 1:38:01 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
    3/1/2011 1:36:31 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
    2/28/2011 8:53:23 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    2/28/2011 8:50:53 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    2/28/2011 8:48:25 AM, Error: Service Control Manager [7031] - The MozyPro Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    2/28/2011 8:45:45 AM, Error: Service Control Manager [7000] - The Freedom Scientific Kernel Manager service failed to start due to the following error: This driver has been blocked from loading
    2/28/2011 8:45:45 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWOW64\fsKMgr.dll has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/28/2011 8:45:17 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\fsvidmir.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/28/2011 12:10:54 PM, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer DAA21529SQL400 using any of the configured protocols.
    2/28/2011 10:54:05 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    [​IMG]
    (Image courtesy animationplayhouse.com)

    Welcome to TechSpot! I'll help you sort through the redirect. But as I went down your list of installed programs, passed the A, the N, the S and finished the W, I did not see any antivirus program running. You have a nice machine there but it won't stay that way long without an AV program. The Eset install you have is for the online virus scan which I will have you run. But you need a program protecting the system all the time, not just when you want to run a scan.

    Windows Defender is only an antispyware progrm and does not have AV features. If I've missed it, let me know what you have. If not, please get one of these on now:
    Antivirus Software(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o]Avast Free Version
    Please reboot the system after the installation is complete.
    ============================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===========================================
    And let's go ahead and run this:
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the cli[board, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ======================================
    Tell me please if this redirect is only on Firefox, or if it's on IE also if you use it.
     
  3. ravyn23259

    ravyn23259 TS Rookie Topic Starter

    Thank you for taking the time to assist.

    I installed Avast per your recommendation.

    I have noticed the issue in Firefox only, as I don't use IE enough to notice if it has happened there.

    The logs are as follows:
    ---------------------------
    Combofix:
    -------------------------
    ComboFix 11-03-01.03 - beckyd 03/02/2011 9:29.2.8 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4087.1592 [GMT -5:00]
    Running from: c:\users\beckyd\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Install.exe
    c:\users\beckyd\AppData\Local\{8D257997-B2B0-4A71-8934-94DB847F5461}
    c:\users\beckyd\AppData\Local\{8D257997-B2B0-4A71-8934-94DB847F5461}\chrome.manifest
    c:\users\beckyd\AppData\Local\{8D257997-B2B0-4A71-8934-94DB847F5461}\chrome\content\_cfg.js
    c:\users\beckyd\AppData\Local\{8D257997-B2B0-4A71-8934-94DB847F5461}\chrome\content\overlay.xul
    c:\users\beckyd\AppData\Local\{8D257997-B2B0-4A71-8934-94DB847F5461}\install.rdf
    c:\users\beckyd\g2mdlhlpx.exe
    c:\windows\SysWow64\html
    c:\windows\SysWow64\html\calendar.html
    c:\windows\SysWow64\html\calendarbottom.html
    c:\windows\SysWow64\html\calendartop.html
    c:\windows\SysWow64\html\crystalexportdialog.htm
    c:\windows\SysWow64\html\crystalprinthost.html
    c:\windows\SysWow64\images
    c:\windows\SysWow64\images\toolbar\calendar.gif
    c:\windows\SysWow64\images\toolbar\crlogo.gif
    c:\windows\SysWow64\images\toolbar\export.gif
    c:\windows\SysWow64\images\toolbar\export_over.gif
    c:\windows\SysWow64\images\toolbar\exportd.gif
    c:\windows\SysWow64\images\toolbar\First.gif
    c:\windows\SysWow64\images\toolbar\first_over.gif
    c:\windows\SysWow64\images\toolbar\Firstd.gif
    c:\windows\SysWow64\images\toolbar\gotopage.gif
    c:\windows\SysWow64\images\toolbar\gotopage_over.gif
    c:\windows\SysWow64\images\toolbar\gotopaged.gif
    c:\windows\SysWow64\images\toolbar\grouptree.gif
    c:\windows\SysWow64\images\toolbar\grouptree_over.gif
    c:\windows\SysWow64\images\toolbar\grouptreed.gif
    c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
    c:\windows\SysWow64\images\toolbar\Last.gif
    c:\windows\SysWow64\images\toolbar\last_over.gif
    c:\windows\SysWow64\images\toolbar\Lastd.gif
    c:\windows\SysWow64\images\toolbar\Next.gif
    c:\windows\SysWow64\images\toolbar\next_over.gif
    c:\windows\SysWow64\images\toolbar\Nextd.gif
    c:\windows\SysWow64\images\toolbar\Prev.gif
    c:\windows\SysWow64\images\toolbar\prev_over.gif
    c:\windows\SysWow64\images\toolbar\Prevd.gif
    c:\windows\SysWow64\images\toolbar\print.gif
    c:\windows\SysWow64\images\toolbar\print_over.gif
    c:\windows\SysWow64\images\toolbar\printd.gif
    c:\windows\SysWow64\images\toolbar\Refresh.gif
    c:\windows\SysWow64\images\toolbar\refresh_over.gif
    c:\windows\SysWow64\images\toolbar\refreshd.gif
    c:\windows\SysWow64\images\toolbar\Search.gif
    c:\windows\SysWow64\images\toolbar\search_over.gif
    c:\windows\SysWow64\images\toolbar\searchd.gif
    c:\windows\SysWow64\images\toolbar\up.gif
    c:\windows\SysWow64\images\toolbar\up_over.gif
    c:\windows\SysWow64\images\toolbar\upd.gif
    c:\windows\SysWow64\images\tree\begindots.gif
    c:\windows\SysWow64\images\tree\beginminus.gif
    c:\windows\SysWow64\images\tree\beginplus.gif
    c:\windows\SysWow64\images\tree\blank.gif
    c:\windows\SysWow64\images\tree\blankdots.gif
    c:\windows\SysWow64\images\tree\dots.gif
    c:\windows\SysWow64\images\tree\lastdots.gif
    c:\windows\SysWow64\images\tree\lastminus.gif
    c:\windows\SysWow64\images\tree\lastplus.gif
    c:\windows\SysWow64\images\tree\Magnify.gif
    c:\windows\SysWow64\images\tree\minus.gif
    c:\windows\SysWow64\images\tree\minusbox.gif
    c:\windows\SysWow64\images\tree\plus.gif
    c:\windows\SysWow64\images\tree\plusbox.gif
    c:\windows\SysWow64\images\tree\singleminus.gif
    c:\windows\SysWow64\images\tree\singleplus.gif

    .
    ((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
    .

    2011-03-02 14:33 . 2011-03-02 14:33 -------- d-----w- c:\users\SiteKiosk\AppData\Local\temp
    2011-03-02 14:33 . 2011-03-02 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-02 14:33 . 2011-03-02 14:33 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2011-03-02 14:33 . 2011-03-02 14:33 -------- d-----w- c:\users\beckyd.000\AppData\Local\temp
    2011-03-02 14:33 . 2011-03-02 14:33 -------- d-----w- c:\users\Becky\AppData\Local\temp
    2011-03-02 13:52 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-03-02 13:52 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-02 13:52 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-03-02 13:52 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-03-02 13:52 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-02 13:52 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-03-02 13:52 . 2011-02-23 15:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
    2011-03-02 13:52 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-02 13:52 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-03-02 13:52 . 2011-03-02 13:52 -------- d-----w- c:\programdata\AVAST Software
    2011-03-02 13:52 . 2011-03-02 13:52 -------- d-----w- c:\program files\AVAST Software
    2011-03-01 18:40 . 2011-03-01 18:40 -------- d-----w- c:\users\beckyd\AppData\Roaming\Malwarebytes
    2011-03-01 18:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-01 18:40 . 2011-03-01 18:40 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-01 18:40 . 2011-03-01 18:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-01 18:40 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-01 18:26 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C20DB860-D861-481C-AD88-D34A674974F3}\mpengine.dll
    2011-03-01 14:14 . 2011-03-01 14:14 -------- d-----w- c:\program files (x86)\ESET
    2011-02-16 21:10 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2011-02-16 21:09 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-02-16 14:08 . 2011-03-01 14:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-02-16 14:08 . 2011-03-01 14:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-02-10 14:50 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
    2011-02-10 05:05 . 2011-02-07 21:10 66552 ----a-w- c:\windows\system32\drivers\mozypro.sys
    2011-02-10 05:03 . 2011-02-10 05:05 10852008 ----a-w- c:\programdata\Tempmozypro-update-2608b8ce618371968079f4bf2fb6cf20.exe
    2011-02-07 17:26 . 2011-02-07 17:26 -------- d-----w- C:\OptiPNG-UI_TEMP
    2011-02-07 14:49 . 2011-02-07 15:03 -------- d-----w- C:\optipng
    2011-02-04 15:49 . 2011-02-04 15:49 -------- d-----w- C:\jpegtran
    2011-02-01 16:24 . 2011-02-15 13:34 0 ----a-w- c:\users\beckyd\AppData\Local\Xqifohaqite.bin
    2011-01-31 15:20 . 2011-01-31 15:20 -------- d-----w- c:\users\beckyd\net
    2011-01-31 15:18 . 2011-01-31 15:18 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-02 22:11 . 2010-02-17 15:17 270720 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\beckyd\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-22 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-07-12 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
    "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

    c:\users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    c:\users\beckyd.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    c:\users\SiteKiosk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    MozyPro Status.lnk - c:\program files\MozyPro\mozyprostat.exe [2011-2-7 4874040]
    Touch Monitor.lnk - c:\program files (x86)\MicroTouch\MT 7\TwMonitor.exe [2010-10-20 98304]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-07-12 288112]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-17 1038088]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R3 TwTouch;3M MicroTouch Sensor;c:\windows\system32\DRIVERS\TwTouch.sys [2010-02-25 113576]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-12-01 43792]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS1;SQL Server Agent (SQLEXPRESS1);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS1\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 mozyproFilter;mozyproFilter;c:\windows\system32\DRIVERS\mozypro.sys [2011-02-07 66552]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-01 203152]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-01 53968]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 mozyprobackup;MozyPro Backup Service;c:\program files\MozyPro\mozyprobackup.exe [2010-01-04 79672]
    S2 MSSQL$SQLEXPRESS1;SQL Server (SQLEXPRESS1);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS1\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    S2 TwDrvService;MT7 Serial Search Service;c:\program files (x86)\MICROTOUCH\MT 7\TwService.exe [2009-11-18 196096]
    S2 TwRegSvc;MT7 Registry Service;c:\program files (x86)\MICROTOUCH\MT 7\TwRegSvc.exe [2009-11-12 44544]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
    S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544]
    S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864]
    S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560]
    S3 TwBus;3M MicroTouch Serial Bus Enumerator;c:\windows\system32\DRIVERS\TwBus.sys [2010-03-01 18856]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 144784]
    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-01 164304]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 10:53]

    2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 10:53]

    2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2578461694-1140123720-1961196336-1364Core.job
    - c:\users\beckyd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-17 01:28]

    2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2578461694-1140123720-1961196336-1364UA.job
    - c:\users\beckyd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-17 01:28]

    2011-03-02 c:\windows\Tasks\SDMsgUpdate (SD).job
    - c:\program files (x86)\SmartDraw VP\Messages\SDNotify.exe [2010-12-16 17:29]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro]
    @="{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}"
    [HKEY_CLASSES_ROOT\CLSID\{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}]
    2011-02-07 21:10 4368184 ----a-w- c:\program files\MozyPro\mozyproshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro2]
    @="{CBAFE103-79DA-46ca-BD9A-63CBF6282882}"
    [HKEY_CLASSES_ROOT\CLSID\{CBAFE103-79DA-46ca-BD9A-63CBF6282882}]
    2011-02-07 21:10 4368184 ----a-w- c:\program files\MozyPro\mozyproshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro3]
    @="{8B99EA55-1AFF-4539-80A0-A71C6011CD84}"
    [HKEY_CLASSES_ROOT\CLSID\{8B99EA55-1AFF-4539-80A0-A71C6011CD84}]
    2011-02-07 21:10 4368184 ----a-w- c:\program files\MozyPro\mozyproshell.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    DPF: {4862BE6C-15BD-422A-9933-819AD7C17D8A} - hxxp://callawayupdate.bitshuttle.com/activex/bitshuttle.cab
    DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} - hxxp://corecamptz.realityi.local/activex/decoder/h264_dec.cab
    DPF: {A5C3ACE4-EAEB-49EE-8529-1DA287A86C00} - file:///C:/Users/beckyd/Documents/Behr/POD/BehrPOD-Demo-02-12-10/PODdemoL/app/scannerx.ocx
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://corecamptz.realityi.local/activex/AMC.cab
    FF - ProfilePath - c:\users\beckyd\AppData\Roaming\Mozilla\Firefox\Profiles\p1mn7cge.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Firefox Throttle: {ca8b7b3d-b6e6-438f-b935-601b3de48d66} - %profile%\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
    FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
    FF - Ext: Flashbug: flashbug@coursevector.com - %profile%\extensions\flashbug@coursevector.com
    FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-SpybotSD TeaTimer - c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    Toolbar-Locked - (no file)
    AddRemove-{7E84C38A-25FF-42C8-AD63-09A9CB3F9D17} - c:\programdata\{E7F50710-63B1-452F-92D2-30091589139C}\Avigilon Control Center Client.exe
    AddRemove-{FDF6F4D6-AED7-4B38-8439-34BABBCDA527} - c:\programdata\{A95728F9-E409-4DF7-AABA-8BBA8F687189}\Avigilon Control Center Server.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\wamp2\bin\apache\apache2.2.11\bin\httpd.exe
    c:\wamp2\bin\mysql\mysql5.1.36\bin\mysqld.exe
    c:\wamp2\bin\apache\apache2.2.11\bin\httpd.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-02 09:41:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-02 14:41

    Pre-Run: 812,870,647,808 bytes free
    Post-Run: 812,697,116,672 bytes free

    - - End Of File - - 8CC0907FD7D04CB7FC3823B026C53957

    ----------------
    EST Log:
    --------------------------
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=cd4b986501a69747829d619ab9253ce9
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-02 04:20:14
    # local_time=2011-03-02 11:20:14 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=9
    # osver=6.1.7600 NT
    # compatibility_mode=5893 16776574 100 94 0 50620583 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=542566
    # found=0
    # cleaned=0
    # scan_time=5681
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    When did you run Combofix previously?
     
  5. ravyn23259

    ravyn23259 TS Rookie Topic Starter

    I ran it once, then it locked and I couldn't get the logs, so I ran it again right after and it worked.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Was that during the time of my help? If you have any problems with a program, please let me know before doing anything. I see quite a lot of images have been deleted.

    Questions:
    1. c:\program files\Common Files\TortoiseOverlays> there are 9 Registry entries for this. Are you using this for work and do you need them all?
    2. c:\program files\MozyPro> there are 3 Registry entries for this online backup. Are you using the process and do you need them all?

    All Tortoise and Mozy entries have shell iconoverlayidentifiers Is it possible that the images that were removed in Combofix were for either or both of these programs?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...