TechSpot

Need help removing Google redirect virus

Inactive
By LUDACLIPS
Aug 27, 2011
  1. Hi, I seem to be having the same problem as others where no matter the browser - anytime I type a search into Google the results pop up but their corresponding links take me to different ad websites. Also random pop-ups occur. I ran the 3 scans as advised in the 6-step post. GMER didn't log any results - but here are the other two.

    I appreciate the help in advance!

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7584

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    8/26/2011 6:04:47 PM
    mbam-log-2011-08-26 (18-04-47).txt

    Scan type: Quick scan
    Objects scanned: 194702
    Time elapsed: 4 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ---------------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Leiland at 21:37:28 on 2011-08-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1525 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\System32\vds.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Freecorder\FLVSrvc.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{65BDD671-9E93-44D3-A692-F75F872E1E24} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{65BDD671-9E93-44D3-A692-F75F872E1E24}\E4544574541425 : DhcpNameServer = 192.168.1.1
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    BHO-X64: Freecorder - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO-X64: Conduit Engine - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO-X64: AIM Toolbar Loader - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
    R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-6-25 89600]
    R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-10 308136]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-21 705856]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
    S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;C:\Windows\system32\drivers\psabusbm.sys --> C:\Windows\system32\drivers\psabusbm.sys [?]
    S3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;C:\Windows\system32\Drivers\psabusbu.sys --> C:\Windows\system32\Drivers\psabusbu.sys [?]
    S3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;C:\Windows\system32\drivers\psabusba.sys --> C:\Windows\system32\drivers\psabusba.sys [?]
    S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynUSB64.sys --> C:\Windows\system32\drivers\SynUSB64.sys [?]
    S3 synusb64;eLicenser;C:\Windows\system32\DRIVERS\synusb64.sys --> C:\Windows\system32\DRIVERS\synusb64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-27 00:59:25 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-27 00:59:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-08-26 23:20:19 -------- d-----w- C:\Users\Leiland\AppData\Roaming\Sammsoft
    2011-08-26 20:45:15 -------- d-----w- C:\Users\Leiland\AppData\Roaming\Malwarebytes
    2011-08-26 20:45:03 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-08-26 08:20:49 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
    2011-08-23 23:40:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-08-23 23:40:42 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-08-17 01:15:25 730712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\ProducerX1QuickFix.exe
    2011-08-17 01:15:25 18417296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\x64\App\SONARPDR.exe
    2011-08-17 01:15:25 12563600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\x86\App\SONARPDR.exe
    2011-08-17 01:14:19 18413712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\SONAR X1 Setup Files\x64\App\SONARPDR.exe
    2011-08-17 01:14:18 730712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\SONAR X1 Setup Files\ProducerX1QuickFix.exe
    2011-08-17 01:14:18 12562064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\SONAR X1 Setup Files\x86\App\SONARPDR.exe
    2011-08-11 06:47:24 0 ----a-w- C:\Windows\SysWow64\sho9923.tmp
    2011-08-11 06:41:59 -------- d-----w- C:\961010c7895e22442c52d82f4555ca
    2011-08-10 21:07:58 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-08-10 21:07:58 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-08-10 21:07:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-08-10 09:36:40 -------- d-----w- C:\My Works
    2011-08-09 00:45:28 -------- d-----w- C:\ProgramData\SmartSound Software Inc
    2011-08-09 00:45:11 -------- d-----w- C:\ProgramData\eSellerate
    2011-08-09 00:45:11 -------- d-----w- C:\Program Files (x86)\SmartSound Software
    2011-08-09 00:42:52 -------- d-----w- C:\Users\Leiland\AppData\Local\Apple
    2011-08-03 03:39:06 -------- d-----w- C:\ProgramData\Uniblue
    2011-08-03 03:28:06 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2011-08-03 03:28:05 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
    2011-08-03 03:27:07 -------- d-----w- C:\Program Files (x86)\Winamp Detect
    2011-08-03 03:26:58 -------- d-----w- C:\Users\Leiland\AppData\Local\OpenCandy
    2011-08-03 03:26:56 -------- d-----w- C:\Users\Leiland\AppData\Roaming\OpenCandy
    2011-08-03 00:33:16 -------- d-----w- C:\Users\Leiland\TruePianos Settings
    2011-08-03 00:30:05 -------- dc-h--w- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
    2011-08-03 00:29:23 -------- d-----w- C:\ProgramData\Native Instruments
    2011-08-03 00:29:22 -------- dc-h--w- C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
    2011-08-03 00:29:09 -------- dc-h--w- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    2011-08-03 00:29:06 -------- d-----w- C:\Program Files\Native Instruments
    2011-08-03 00:29:06 -------- d-----w- C:\Program Files\Common Files\Native Instruments
    2011-08-03 00:16:01 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
    2011-08-03 00:16:01 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
    2011-08-03 00:16:01 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll
    2011-08-03 00:16:00 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
    2011-08-03 00:07:38 -------- d-----w- C:\Cakewalk Content
    2011-08-03 00:04:14 -------- d-----w- C:\Program Files (x86)\Cakewalk
    2011-07-29 01:47:13 -------- d-----w- C:\ProgramData\Cakewalk
    .
    ==================== Find3M ====================
    .
    2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-15 03:26:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-07-15 03:26:12 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-16 02:04:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-31 04:13:35 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
    .
    ============= FINISH: 21:46:58.70 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/27/2010 10:48:49 PM
    System Uptime: 8/26/2011 9:34:15 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0G848F
    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 112.576 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {5c69eefe-3c1e-44ef-8501-f475f902fca7}
    Description: eLicenser
    Device ID: ROOT\SYNCROSOFT_PROTECTION_DEVICE\0000
    Manufacturer: Steinberg Media Technologies GmbH
    Name: eLicenser
    PNP Device ID: ROOT\SYNCROSOFT_PROTECTION_DEVICE\0000
    Service: synusb64
    .
    ==== System Restore Points ===================
    .
    RP101: 8/18/2011 2:48:18 AM - Windows Update
    RP102: 8/24/2011 2:55:57 AM - Windows Update
    RP103: 8/26/2011 4:19:06 PM - ARO 2011 - Before Installation
    RP104: 8/26/2011 4:20:24 PM - ARO 2011 - FIRST RUN
    RP105: 8/26/2011 4:37:32 PM - ARO 2011 Fri, Aug 26, 11 16:37
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.2
    AIM 7
    AIM Toolbar
    Antares Autotune VST RTAS TDM v5.08
    AppInventor Extras
    Apple Application Support
    Apple Software Update
    ArcSoft TotalMedia Extreme
    Audacity 1.3.12 (Unicode)
    AVG Free 9.0
    Beatscape 1.0.2
    Camtasia Studio 7
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Consumer In-Home Service Agreement
    Cozi
    CyberLink PhotoNow
    CyberLink PowerDirector
    CyberLink WaveEditor
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dimension Pro 1.5
    Download Updater (AOL LLC)
    eLicenser Control
    Free RAR Extract Frog
    Freecorder 4.02B Application
    Freecorder Toolbar
    Google Chrome
    Google Update Helper
    GoToAssist 8.0.0.514
    Hauppauge HDPVR Scheduler
    Hauppauge WinTV IR Blaster
    Hauppauge WinTV Scheduler
    HxD Hex Editor version 1.7.7.0
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    Kindle Auto eBook Converter 0.4.50
    LAME v3.98.3 for Audacity
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MeldaProduction MDrummer 4 Small
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSVCRT_amd64
    Native Instruments Controller Editor
    Native Instruments Guitar Rig 4
    Native Instruments Service Center
    Octoshape add-in for Adobe Flash Player
    PitchWorks remove
    QuickTime
    Roxio Burn
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.0
    SmartSound Quicktracks 5
    SmartSound Quicktracks Plugin
    SONAR 6.2.1 Studio Edition
    SONAR X1 Producer x64
    Sport Cars Show II Screensaver 1.0
    Steinberg Cubase LE 4
    SX1_Disc4
    TurboTax 2010
    TurboTax 2010 waziper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TweetDeck
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    Visual C++ 8.0 Runtime Setup Package (x64)
    Waves Diamond Bundle v5.2
    WildTangent Games
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/26/2011 9:34:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa800a10c930, 0x00000000000007d1, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082611-30903-01.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Good Morning and Welcome to TechSpot! Decided to join the 'redirect crowd'? Funny thing is that there is actually no "Google Direct Virus"! But most people use the Google Search engine and almost any malware can cause a direct, Google has been given the rap!

    But I'll help you sort it out>> please read first:
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Your use of the Freecorder Toolbar which is a Conduit/EffectiveBrand "Free Community" toolbar - modifies the default IE SearchHook. Some Conduit toolbars are reputed to have a certain adware/trackware functionality, and the 'co-use' of the Conduit Engine may be partly responsible, so I will be removing them after Combofix:
    =======================================
    You should not be downloading new programs when you already have a problem. And regarding the ARO program, Advanced Registry Optimizer[/u, I recommend that you uninstall it. We don't recommend that anyone use a registry cleaning program.
    ======================================
    Please note that download from OpenCandy frequently come with bundled malware
    ======================================
    AVG has left no way to fully disable it to run Combofix and Combofix won't run with AVG. so we will need to remove it temporarily as follows:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ===========================================
    Then do this online virus scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Please paste logs into your next reply.
     
  3. LUDACLIPS

    LUDACLIPS TS Rookie Topic Starter

    Reply 1 of 2

    Thanks for helping me out - Here's what I did following your reply.

    -Uninstalled AVG
    -Installed Free Avira Antivir
    -Ran Avira - *Log below
    -Downloaded Combofix - NOTE: my computer crashed during the first attempt to run the Combofix exe. 2nd attempt was fine
    -Disabled Avira
    -Ran Combofix - *Log below
    -Ran Eset Online Scan - No log produced
    -Uninstalled Freecorder app

    *I couldn't find the ARO Program you mentioned I should uninstall. I looked under control panel > uninstall programs - and it wasn't listed. Is there a different way to find it?

    Thanks - Logs follow.


    Avira AntiVir Personal
    Report file date: Saturday, August 27, 2011 16:22

    Scanning for 3302184 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows 7 x64
    Windows version : (Service Pack 1) [6.1.7601]
    Boot mode : Normally booted
    Username : Leiland
    Computer name : LEILAND-PC

    Version information:
    BUILD.DAT : 10.0.0.652 31824 Bytes 7/20/2011 16:49:00
    AVSCAN.EXE : 10.0.4.2 442024 Bytes 7/20/2011 18:30:06
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 7/20/2011 18:30:45
    LUKE.DLL : 10.0.3.2 104296 Bytes 7/20/2011 18:30:32
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 14:53:55
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 14:53:56
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 18:30:38
    VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 18:30:40
    VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 18:30:41
    VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 23:21:32
    VBASE007.VDF : 7.11.13.61 2048 Bytes 8/16/2011 23:21:32
    VBASE008.VDF : 7.11.13.62 2048 Bytes 8/16/2011 23:21:32
    VBASE009.VDF : 7.11.13.63 2048 Bytes 8/16/2011 23:21:32
    VBASE010.VDF : 7.11.13.64 2048 Bytes 8/16/2011 23:21:32
    VBASE011.VDF : 7.11.13.65 2048 Bytes 8/16/2011 23:21:33
    VBASE012.VDF : 7.11.13.66 2048 Bytes 8/16/2011 23:21:33
    VBASE013.VDF : 7.11.13.95 166400 Bytes 8/17/2011 23:21:34
    VBASE014.VDF : 7.11.13.125 209920 Bytes 8/18/2011 23:21:36
    VBASE015.VDF : 7.11.13.157 184832 Bytes 8/22/2011 23:21:37
    VBASE016.VDF : 7.11.13.201 128000 Bytes 8/24/2011 23:21:39
    VBASE017.VDF : 7.11.13.234 160768 Bytes 8/25/2011 23:21:39
    VBASE018.VDF : 7.11.13.235 2048 Bytes 8/25/2011 23:21:40
    VBASE019.VDF : 7.11.13.236 2048 Bytes 8/25/2011 23:21:40
    VBASE020.VDF : 7.11.13.237 2048 Bytes 8/25/2011 23:21:40
    VBASE021.VDF : 7.11.13.238 2048 Bytes 8/25/2011 23:21:40
    VBASE022.VDF : 7.11.13.239 2048 Bytes 8/25/2011 23:21:40
    VBASE023.VDF : 7.11.13.240 2048 Bytes 8/25/2011 23:21:41
    VBASE024.VDF : 7.11.13.241 2048 Bytes 8/25/2011 23:21:41
    VBASE025.VDF : 7.11.13.242 2048 Bytes 8/25/2011 23:21:41
    VBASE026.VDF : 7.11.13.243 2048 Bytes 8/25/2011 23:21:41
    VBASE027.VDF : 7.11.13.244 2048 Bytes 8/25/2011 23:21:41
    VBASE028.VDF : 7.11.13.245 2048 Bytes 8/25/2011 23:21:41
    VBASE029.VDF : 7.11.13.246 2048 Bytes 8/25/2011 23:21:42
    VBASE030.VDF : 7.11.13.247 2048 Bytes 8/25/2011 23:21:42
    VBASE031.VDF : 7.11.14.0 22528 Bytes 8/26/2011 23:21:42
    Engineversion : 8.2.6.48
    AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 14:53:28
    AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 8/27/2011 23:21:58
    AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 14:53:27
    AESBX.DLL : 8.2.1.34 323957 Bytes 7/20/2011 18:29:54
    AERDL.DLL : 8.1.9.13 639349 Bytes 7/20/2011 18:29:53
    AEPACK.DLL : 8.2.10.8 684407 Bytes 8/27/2011 23:21:56
    AEOFFICE.DLL : 8.1.2.13 201083 Bytes 8/27/2011 23:21:53
    AEHEUR.DLL : 8.1.2.161 3641720 Bytes 8/27/2011 23:21:53
    AEHELP.DLL : 8.1.17.7 254327 Bytes 8/27/2011 23:21:47
    AEGEN.DLL : 8.1.5.9 401780 Bytes 8/27/2011 23:21:45
    AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 14:53:14
    AECORE.DLL : 8.1.23.0 196983 Bytes 8/27/2011 23:21:44
    AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 14:53:14
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 14:53:36
    AVPREF.DLL : 10.0.0.0 44904 Bytes 7/20/2011 18:30:04
    AVREP.DLL : 10.0.0.8 62209 Bytes 7/20/2011 18:30:04
    AVREG.DLL : 10.0.3.2 53096 Bytes 7/20/2011 18:30:04
    AVSCPLR.DLL : 10.0.4.2 84840 Bytes 7/20/2011 18:30:06
    AVARKT.DLL : 10.0.22.6 231784 Bytes 7/20/2011 18:29:58
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 7/20/2011 18:30:03
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 7/20/2011 23:40:24
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 14:53:36
    NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 14:53:46
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 7/20/2011 18:30:48
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 7/20/2011 18:30:48

    Configuration settings for the scan:
    Jobname.............................: Short system scan after installation
    Configuration file..................: c:\program files (x86)\avira\antivir desktop\setupprf.dat
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Saturday, August 27, 2011 16:22

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avconfig.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'setup.exe' - '1' Module(s) have been scanned
    Scan process 'presetup.exe' - '1' Module(s) have been scanned
    Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
    Scan process 'chrome.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'chrome.exe' - '1' Module(s) have been scanned
    Scan process 'chrome.exe' - '1' Module(s) have been scanned
    Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
    Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
    Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
    Scan process 'winampa.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'RoxioBurnLauncher.exe' - '1' Module(s) have been scanned
    Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
    Scan process 'FLVSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'LWS.exe' - '1' Module(s) have been scanned
    Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
    Scan process 'DataSafeOnline.exe' - '1' Module(s) have been scanned
    Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
    Scan process 'CVHSVC.EXE' - '1' Module(s) have been scanned
    Scan process 'Toaster.exe' - '1' Module(s) have been scanned
    Scan process 'sftlist.exe' - '1' Module(s) have been scanned
    Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
    Scan process 'DSUpd.exe' - '1' Module(s) have been scanned
    Scan process 'STSERVICE.EXE' - '1' Module(s) have been scanned
    Scan process 'sftvsa.exe' - '1' Module(s) have been scanned
    Scan process 'sftservice.EXE' - '1' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
    Scan process 'LVPrS64H.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'ACService.exe' - '1' Module(s) have been scanned
    Scan process 'DockLogin.exe' - '1' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [DETECTION] Contains code of the BOO/TDss.D boot sector virus
    [NOTE] The boot sector was not written!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:

    Starting to scan executable files (registry).

    The registry was scanned ( '876' files ).



    End of the scan: Saturday, August 27, 2011 16:23
    Used time: 00:41 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    1475 Files were scanned
    1 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    1475 Files not concerned
    6 Archives were scanned
    0 Warnings
    1 Notes

    Combofix log to follow
     
  4. LUDACLIPS

    LUDACLIPS TS Rookie Topic Starter

    Reply 2 of 2

    ComboFix 11-08-27.01 - Leiland 08/27/2011 16:57:12.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1680 [GMT -7:00]
    Running from: c:\users\Leiland\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\comct332.ocx
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-28 00:29 . 2011-08-28 00:29 -------- d-----w- c:\users\Mcx1-LEILAND-PC\AppData\Local\temp
    2011-08-28 00:29 . 2011-08-28 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-27 23:36 . 2011-08-27 23:36 -------- d-----w- c:\users\Leiland\AppData\Roaming\Avira
    2011-08-27 23:19 . 2011-07-20 18:30 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-27 23:19 . 2011-07-20 18:30 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-08-27 23:19 . 2011-08-27 23:19 -------- d-----w- c:\programdata\Avira
    2011-08-27 23:19 . 2011-08-27 23:19 -------- d-----w- c:\program files (x86)\Avira
    2011-08-27 10:30 . 2011-08-27 10:30 0 ----a-w- c:\windows\SysWow64\sho85B9.tmp
    2011-08-27 00:59 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-27 00:59 . 2011-08-27 00:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-26 23:20 . 2011-08-26 23:47 -------- d-----w- c:\users\Leiland\AppData\Roaming\Sammsoft
    2011-08-26 20:45 . 2011-08-26 20:45 -------- d-----w- c:\users\Leiland\AppData\Roaming\Malwarebytes
    2011-08-26 20:45 . 2011-08-26 20:45 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-26 08:20 . 2011-08-26 23:46 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
    2011-08-23 23:40 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-23 23:40 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-17 01:15 . 2011-05-18 18:43 18417296 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\x64\App\SONARPDR.exe
    2011-08-17 01:15 . 2011-05-18 18:43 12563600 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\x86\App\SONARPDR.exe
    2011-08-17 01:15 . 2011-04-01 18:16 730712 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\ProducerX1QuickFix.exe
    2011-08-17 01:14 . 2011-03-31 21:48 18413712 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\x64\App\SONARPDR.exe
    2011-08-17 01:14 . 2011-04-01 18:16 730712 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\ProducerX1QuickFix.exe
    2011-08-17 01:14 . 2011-03-31 21:48 12562064 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\x86\App\SONARPDR.exe
    2011-08-11 06:47 . 2011-08-11 06:47 0 ----a-w- c:\windows\SysWow64\sho9923.tmp
    2011-08-11 06:41 . 2011-08-11 06:45 -------- d-----w- C:\961010c7895e22442c52d82f4555ca
    2011-08-10 21:07 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-10 21:07 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-08-10 21:07 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-08-10 09:36 . 2011-08-13 01:22 -------- d-----w- C:\My Works
    2011-08-09 00:51 . 2011-08-09 01:24 -------- d-----w- c:\users\Public\CyberLink
    2011-08-09 00:51 . 2011-08-10 09:36 -------- d-----w- c:\users\Leiland\AppData\Roaming\CyberLink
    2011-08-09 00:49 . 2011-08-09 01:28 -------- d-----w- c:\programdata\CyberLink
    2011-08-09 00:45 . 2011-08-09 00:46 -------- d-----w- c:\programdata\SmartSound Software Inc
    2011-08-09 00:45 . 2011-08-09 00:45 -------- d-----w- c:\program files (x86)\SmartSound Software
    2011-08-09 00:45 . 2011-08-09 00:45 -------- d-----w- c:\programdata\eSellerate
    2011-08-09 00:42 . 2011-08-09 00:42 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2011-08-09 00:42 . 2011-08-09 00:42 -------- d-----w- c:\users\Leiland\AppData\Local\Apple
    2011-08-09 00:42 . 2011-08-09 00:42 -------- d-----w- c:\programdata\Apple
    2011-08-09 00:42 . 2011-08-09 00:42 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-08-09 00:37 . 2011-08-09 00:47 -------- d-----w- c:\program files (x86)\CyberLink
    2011-08-03 03:39 . 2011-08-03 03:39 -------- d-----w- c:\programdata\Uniblue
    2011-08-03 03:28 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
    2011-08-03 03:28 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
    2011-08-03 03:27 . 2011-08-03 03:27 -------- d-----w- c:\program files (x86)\Winamp Detect
    2011-08-03 03:26 . 2011-08-03 03:44 -------- d-----w- c:\users\Leiland\AppData\Local\OpenCandy
    2011-08-03 03:26 . 2011-08-03 03:33 -------- d-----w- c:\users\Leiland\AppData\Roaming\Winamp
    2011-08-03 03:26 . 2011-08-03 03:30 -------- d-----w- c:\program files (x86)\Winamp
    2011-08-03 03:26 . 2011-08-03 03:26 -------- d-----w- c:\users\Leiland\AppData\Roaming\OpenCandy
    2011-08-03 00:33 . 2011-08-03 00:33 -------- d-----w- c:\users\Leiland\TruePianos Settings
    2011-08-03 00:30 . 2011-08-03 00:30 -------- dc-h--w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}
    2011-08-03 00:29 . 2011-08-03 00:29 -------- d-----w- c:\programdata\Native Instruments
    2011-08-03 00:29 . 2011-08-03 00:29 -------- dc-h--w- c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
    2011-08-03 00:29 . 2011-08-03 00:29 -------- dc-h--w- c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    2011-08-03 00:29 . 2011-08-03 00:29 -------- d-----w- c:\program files\Common Files\Native Instruments
    2011-08-03 00:29 . 2011-08-03 00:29 -------- d-----w- c:\program files\Native Instruments
    2011-08-03 00:16 . 2006-02-24 16:00 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
    2011-08-03 00:16 . 2006-02-24 16:00 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
    2011-08-03 00:16 . 2006-02-24 16:00 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
    2011-08-03 00:16 . 2006-02-24 16:00 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2011-08-03 00:07 . 2011-08-03 00:11 -------- d-----w- C:\Cakewalk Content
    2011-08-03 00:04 . 2011-08-03 00:39 -------- d-----w- c:\program files (x86)\Cakewalk
    2011-07-29 01:47 . 2011-08-03 00:57 -------- d-----w- c:\programdata\Cakewalk
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-16 04:26 . 2011-08-10 21:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-15 03:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-07-15 03:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-16 09:04 . 2011-06-16 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-06-16 09:04 . 2011-06-16 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-06-16 09:04 . 2011-06-16 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-06-16 09:04 . 2011-06-16 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-06-16 09:04 . 2011-06-16 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-06-16 09:04 . 2011-06-16 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-06-16 09:04 . 2011-06-16 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-06-16 09:04 . 2011-06-16 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-06-16 09:04 . 2011-06-16 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-06-16 09:04 . 2011-06-16 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-06-16 09:04 . 2011-06-16 09:04 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-06-16 09:04 . 2011-06-16 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-06-16 09:04 . 2011-06-16 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-16 09:04 . 2011-06-16 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-06-16 09:04 . 2011-06-16 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-06-16 09:04 . 2011-06-16 09:04 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-06-16 09:04 . 2011-06-16 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-06-16 09:04 . 2011-06-16 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-06-16 09:04 . 2011-06-16 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-06-16 09:04 . 2011-06-16 09:04 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-06-16 09:04 . 2011-06-16 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-06-16 09:04 . 2011-06-16 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-06-16 09:04 . 2011-06-16 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-16 09:04 . 2011-06-16 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-16 09:04 . 2011-06-16 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-16 09:04 . 2011-06-16 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-16 09:04 . 2011-06-16 09:04 448512 ----a-w- c:\windows\system32\html.iec
    2011-06-16 09:04 . 2011-06-16 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-16 09:04 . 2011-06-16 09:04 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-06-16 09:04 . 2011-06-16 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-16 09:04 . 2011-06-16 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-16 09:04 . 2011-06-16 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-16 09:04 . 2011-06-16 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-16 09:04 . 2011-06-16 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-16 09:04 . 2011-06-16 09:04 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-06-16 09:04 . 2011-06-16 09:04 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-16 02:04 . 2011-05-26 04:25 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-11 08:15 . 2011-06-11 08:15 93008 ----a-w- c:\windows\system32\mfcm100u.dll
    2011-06-11 08:15 . 2011-06-11 08:15 93008 ----a-w- c:\windows\system32\mfcm100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 64336 ----a-w- c:\windows\system32\mfc100fra.dll
    2011-06-11 08:15 . 2011-06-11 08:15 64336 ----a-w- c:\windows\system32\mfc100deu.dll
    2011-06-11 08:15 . 2011-06-11 08:15 63824 ----a-w- c:\windows\system32\mfc100esn.dll
    2011-06-11 08:15 . 2011-06-11 08:15 62288 ----a-w- c:\windows\system32\mfc100ita.dll
    2011-06-11 08:15 . 2011-06-11 08:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 60752 ----a-w- c:\windows\system32\mfc100rus.dll
    2011-06-11 08:15 . 2011-06-11 08:15 57168 ----a-w- c:\windows\system32\vcomp100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 5601616 ----a-w- c:\windows\system32\mfc100u.dll
    2011-06-11 08:15 . 2011-06-11 08:15 5574984 ----a-w- c:\windows\system32\mfc100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 55120 ----a-w- c:\windows\system32\mfc100enu.dll
    2011-06-11 08:15 . 2011-06-11 08:15 43856 ----a-w- c:\windows\system32\mfc100jpn.dll
    2011-06-11 08:15 . 2011-06-11 08:15 43344 ----a-w- c:\windows\system32\mfc100kor.dll
    2011-06-11 08:15 . 2011-06-11 08:15 36176 ----a-w- c:\windows\system32\mfc100cht.dll
    2011-06-11 08:15 . 2011-06-11 08:15 36176 ----a-w- c:\windows\system32\mfc100chs.dll
    2011-06-11 08:15 . 2011-06-11 08:15 158536 ----a-w- c:\windows\system32\atl100.dll
    2011-06-11 03:07 . 2011-07-14 01:08 3137536 ----a-w- c:\windows\system32\win32k.sys
    2011-05-31 04:13 . 2011-05-31 04:13 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
    .
    .
     
  5. LUDACLIPS

    LUDACLIPS TS Rookie Topic Starter

    Just kidding its going to take another couple posts - 3 of 4

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Freecorder\prxtbFre2.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-02-07 170496]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-28 560128]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux9"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
    R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [x]
    R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [x]
    R3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\Drivers\psabusbu.sys [x]
    R3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [x]
    R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]
    R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
     
  6. LUDACLIPS

    LUDACLIPS TS Rookie Topic Starter

    4 of 4

    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 15:10]
    .
    2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 15:10]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
    c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-27 17:55:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-28 00:55
    .
    Pre-Run: 130,296,922,112 bytes free
    Post-Run: 130,480,926,720 bytes free
    .
    - - End Of File - - 843913E1D45F77DB23A4BEBCA198A208
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry for delay- got bit behind!
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    c:\windows\SysWow64\sho85B9.tmp
    c:\windows\SysWow64\sho9923.tmp
    c:\windows\SysWow64\ConduitEngine.tmp
    DirLook::
    C:\961010c7895e22442c52d82f4555ca
    DDS::
    mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    BHO-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    BHO-X64: Freecorder - No File
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO-X64: Conduit Engine - No File
    BHO-X64: Search Helper - No File
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: AIM Toolbar Loader - No File
    TB-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll
    mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    Folder::
    c:\users\Mcx1-LEILAND-PC\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\programdata\Uniblue
    c:\users\Leiland\AppData\Local\OpenCandy
    c:\users\Leiland\AppData\Roaming\OpenCandy
    C:\Users\Leiland\AppData\Roaming\Sammsoft
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-.
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
    "Freecorder FLV Service"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    The ARO entries show in these restore points:
    RP103: 8/26/2011 4:19:06 PM - ARO 2011 - Before Installation
    RP104: 8/26/2011 4:20:24 PM - ARO 2011 - FIRST RUN
    RP105: 8/26/2011 4:37:32 PM - ARO 2011 Fri, Aug 26, 11 16:37>>>
    It may be found under Application Data rather than programs.

    It's running under the company name: 2011-08-26 23:20:19 C:\Users\Leiland\AppData\Roaming\Sammsoft
    I've removed this entry with the script. FYI: Advise you to get a Site Advisor other than the AVG Safe Search. I use WOT> World of Trust. All of the Sammsoft sites are rated red. That means they failed in 4 all categories. Give it a try: Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

    Every time you do a search and the screen comes up with the sites, they will have the rating light:
    Green (2 shades)> Good to go.
    Amber/Yellow> use Caution,
    Red> not advised.

    If you want to link to another site from the page you're on o another, WOT will give you an Alert that the site is known for fraudulent entries, unreliable or other and the site won't load. Don't worry- those Alerts don't happen if you still to the green rating.
    ==========================================
    Let me know how the system is doing when finished.
     
  8. LUDACLIPS

    LUDACLIPS TS Rookie Topic Starter

    1 of ...

    I ran the Combofix script and then checked my search engines - I was still having redirect problems. But after installing the WOT app in both Google Chrome and Internet Explorer I didn't have the redirect problems and my search speed was noticeably back to normal (Fast). I'm not sure what that means - maybe you can explain. Here is the Combofix log -


    ComboFix 11-08-31.05 - Leiland 09/01/2011 0:08.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1722 [GMT -7:00]
    Running from: c:\users\Leiland\Downloads\ComboFix.exe
    Command switches used :: c:\users\Leiland\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\SysWow64\ConduitEngine.tmp"
    "c:\windows\SysWow64\sho85B9.tmp"
    "c:\windows\SysWow64\sho9923.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    c:\program files (x86)\Freecorder\prxtbFre2.dll
    c:\programdata\Uniblue
    c:\users\Default\AppData\Local\temp
    c:\users\Leiland\AppData\Local\OpenCandy
    c:\users\Leiland\AppData\Roaming\OpenCandy
    c:\users\Leiland\AppData\Roaming\OpenCandy\OpenCandy_E41DF1D9BD0948FF80925B6CD3E755BE\2161.ico
    c:\users\Leiland\AppData\Roaming\OpenCandy\OpenCandy_E41DF1D9BD0948FF80925B6CD3E755BE\driverscanner (2).exe
    c:\users\Leiland\AppData\Roaming\OpenCandy\OpenCandy_E41DF1D9BD0948FF80925B6CD3E755BE\LatestDLMgr.exe
    c:\users\Leiland\AppData\Roaming\Sammsoft
    c:\users\Mcx1-LEILAND-PC\AppData\Local\temp
    c:\windows\SysWow64\ConduitEngine.tmp
    c:\windows\SysWow64\sho85B9.tmp
    c:\windows\SysWow64\sho9923.tmp
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-01 to 2011-09-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-27 23:36 . 2011-08-27 23:36 -------- d-----w- c:\users\Leiland\AppData\Roaming\Avira
    2011-08-27 23:19 . 2011-09-01 01:13 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-27 23:19 . 2011-09-01 01:13 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-08-27 23:19 . 2011-08-27 23:19 -------- d-----w- c:\programdata\Avira
    2011-08-27 23:19 . 2011-08-27 23:19 -------- d-----w- c:\program files (x86)\Avira
    2011-08-27 00:59 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-27 00:59 . 2011-08-27 00:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-26 20:45 . 2011-08-26 20:45 -------- d-----w- c:\users\Leiland\AppData\Roaming\Malwarebytes
    2011-08-26 20:45 . 2011-08-26 20:45 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-26 08:20 . 2011-08-26 23:46 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
    2011-08-23 23:40 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-23 23:40 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-17 01:15 . 2011-05-18 18:43 18417296 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\x64\App\SONARPDR.exe
    2011-08-17 01:15 . 2011-05-18 18:43 12563600 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\x86\App\SONARPDR.exe
    2011-08-17 01:15 . 2011-04-01 18:16 730712 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\ProducerX1QuickFix.exe
    2011-08-17 01:14 . 2011-03-31 21:48 18413712 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\x64\App\SONARPDR.exe
    2011-08-17 01:14 . 2011-04-01 18:16 730712 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\ProducerX1QuickFix.exe
    2011-08-17 01:14 . 2011-03-31 21:48 12562064 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\x86\App\SONARPDR.exe
    2011-08-11 06:41 . 2011-08-11 06:45 -------- d-----w- C:\961010c7895e22442c52d82f4555ca
    2011-08-10 21:07 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-10 21:07 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-08-10 21:07 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-08-10 09:36 . 2011-08-13 01:22 -------- d-----w- C:\My Works
    2011-08-09 00:51 . 2011-08-09 01:24 -------- d-----w- c:\users\Public\CyberLink
    2011-08-09 00:51 . 2011-08-10 09:36 -------- d-----w- c:\users\Leiland\AppData\Roaming\CyberLink
    2011-08-09 00:49 . 2011-08-09 01:28 -------- d-----w- c:\programdata\CyberLink
    2011-08-09 00:45 . 2011-08-09 00:46 -------- d-----w- c:\programdata\SmartSound Software Inc
    2011-08-09 00:45 . 2011-08-09 00:45 -------- d-----w- c:\program files (x86)\SmartSound Software
    2011-08-09 00:45 . 2011-08-09 00:45 -------- d-----w- c:\programdata\eSellerate
    2011-08-09 00:42 . 2011-08-09 00:42 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2011-08-09 00:42 . 2011-08-09 00:42 -------- d-----w- c:\users\Leiland\AppData\Local\Apple
    2011-08-09 00:42 . 2011-08-09 00:42 -------- d-----w- c:\programdata\Apple
    2011-08-09 00:42 . 2011-08-09 00:42 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-08-09 00:37 . 2011-08-09 00:47 -------- d-----w- c:\program files (x86)\CyberLink
    2011-08-03 03:28 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
    2011-08-03 03:28 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
    2011-08-03 03:27 . 2011-08-03 03:27 -------- d-----w- c:\program files (x86)\Winamp Detect
    2011-08-03 03:26 . 2011-08-03 03:33 -------- d-----w- c:\users\Leiland\AppData\Roaming\Winamp
    2011-08-03 03:26 . 2011-08-03 03:30 -------- d-----w- c:\program files (x86)\Winamp
    2011-08-03 00:33 . 2011-08-03 00:33 -------- d-----w- c:\users\Leiland\TruePianos Settings
    2011-08-03 00:30 . 2011-08-03 00:30 -------- dc-h--w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}
    2011-08-03 00:29 . 2011-08-03 00:29 -------- d-----w- c:\programdata\Native Instruments
    2011-08-03 00:29 . 2011-08-03 00:29 -------- dc-h--w- c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
    2011-08-03 00:29 . 2011-08-03 00:29 -------- dc-h--w- c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    2011-08-03 00:29 . 2011-08-03 00:29 -------- d-----w- c:\program files\Common Files\Native Instruments
    2011-08-03 00:29 . 2011-08-03 00:29 -------- d-----w- c:\program files\Native Instruments
    2011-08-03 00:16 . 2006-02-24 16:00 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
    2011-08-03 00:16 . 2006-02-24 16:00 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
    2011-08-03 00:16 . 2006-02-24 16:00 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
    2011-08-03 00:16 . 2006-02-24 16:00 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2011-08-03 00:07 . 2011-08-03 00:11 -------- d-----w- C:\Cakewalk Content
    2011-08-03 00:04 . 2011-08-03 00:39 -------- d-----w- c:\program files (x86)\Cakewalk
    .
    .
     
  9. LUDACLIPS

    LUDACLIPS TS Rookie Topic Starter

    2 of ...

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-16 04:26 . 2011-08-10 21:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-15 03:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-07-15 03:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-16 09:04 . 2011-06-16 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-06-16 09:04 . 2011-06-16 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-06-16 09:04 . 2011-06-16 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-06-16 09:04 . 2011-06-16 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-06-16 09:04 . 2011-06-16 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-06-16 09:04 . 2011-06-16 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-06-16 09:04 . 2011-06-16 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-06-16 09:04 . 2011-06-16 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-06-16 09:04 . 2011-06-16 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-06-16 09:04 . 2011-06-16 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-06-16 09:04 . 2011-06-16 09:04 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-06-16 09:04 . 2011-06-16 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-06-16 09:04 . 2011-06-16 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-16 09:04 . 2011-06-16 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-06-16 09:04 . 2011-06-16 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-06-16 09:04 . 2011-06-16 09:04 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-06-16 09:04 . 2011-06-16 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-06-16 09:04 . 2011-06-16 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-06-16 09:04 . 2011-06-16 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-06-16 09:04 . 2011-06-16 09:04 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-06-16 09:04 . 2011-06-16 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-06-16 09:04 . 2011-06-16 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-06-16 09:04 . 2011-06-16 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-16 09:04 . 2011-06-16 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-16 09:04 . 2011-06-16 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-16 09:04 . 2011-06-16 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-16 09:04 . 2011-06-16 09:04 448512 ----a-w- c:\windows\system32\html.iec
    2011-06-16 09:04 . 2011-06-16 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-16 09:04 . 2011-06-16 09:04 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-06-16 09:04 . 2011-06-16 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-16 09:04 . 2011-06-16 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-16 09:04 . 2011-06-16 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-16 09:04 . 2011-06-16 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-16 09:04 . 2011-06-16 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-16 09:04 . 2011-06-16 09:04 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-06-16 09:04 . 2011-06-16 09:04 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-16 02:04 . 2011-05-26 04:25 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-11 08:15 . 2011-06-11 08:15 93008 ----a-w- c:\windows\system32\mfcm100u.dll
    2011-06-11 08:15 . 2011-06-11 08:15 93008 ----a-w- c:\windows\system32\mfcm100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 64336 ----a-w- c:\windows\system32\mfc100fra.dll
    2011-06-11 08:15 . 2011-06-11 08:15 64336 ----a-w- c:\windows\system32\mfc100deu.dll
    2011-06-11 08:15 . 2011-06-11 08:15 63824 ----a-w- c:\windows\system32\mfc100esn.dll
    2011-06-11 08:15 . 2011-06-11 08:15 62288 ----a-w- c:\windows\system32\mfc100ita.dll
    2011-06-11 08:15 . 2011-06-11 08:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 60752 ----a-w- c:\windows\system32\mfc100rus.dll
    2011-06-11 08:15 . 2011-06-11 08:15 57168 ----a-w- c:\windows\system32\vcomp100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 5601616 ----a-w- c:\windows\system32\mfc100u.dll
    2011-06-11 08:15 . 2011-06-11 08:15 5574984 ----a-w- c:\windows\system32\mfc100.dll
    2011-06-11 08:15 . 2011-06-11 08:15 55120 ----a-w- c:\windows\system32\mfc100enu.dll
    2011-06-11 08:15 . 2011-06-11 08:15 43856 ----a-w- c:\windows\system32\mfc100jpn.dll
    2011-06-11 08:15 . 2011-06-11 08:15 43344 ----a-w- c:\windows\system32\mfc100kor.dll
    2011-06-11 08:15 . 2011-06-11 08:15 36176 ----a-w- c:\windows\system32\mfc100cht.dll
    2011-06-11 08:15 . 2011-06-11 08:15 36176 ----a-w- c:\windows\system32\mfc100chs.dll
    2011-06-11 08:15 . 2011-06-11 08:15 158536 ----a-w- c:\windows\system32\atl100.dll
    2011-06-11 03:07 . 2011-07-14 01:08 3137536 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of C:\961010c7895e22442c52d82f4555ca ----
    .
    2011-08-11 06:42 . 2011-08-11 06:42 54065608 ----a-w- c:\961010c7895e22442c52d82f4555ca\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-28_00.34.22 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-08-28 00:31 . 2011-08-28 00:31 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2011-09-01 07:44 . 2011-09-01 07:44 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2009-07-14 04:54 . 2011-08-27 23:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-09-01 01:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-09-01 01:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-27 23:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-27 23:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-09-01 01:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-08-21 21:01 . 2011-08-31 03:25 47786 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-09-01 07:47 40594 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-08-28 13:39 . 2011-09-01 07:47 16182 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-560016889-1321643632-1689185283-1001_UserData.bin
    + 2009-07-14 04:46 . 2011-08-31 03:27 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2011-08-28 00:31 . 2011-08-28 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-09-01 07:44 . 2011-09-01 07:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-09-01 07:44 . 2011-09-01 07:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-08-28 00:31 . 2011-08-28 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-08-28 00:31 . 2009-10-07 08:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
    + 2011-09-01 07:45 . 2009-10-07 08:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
    - 2011-08-28 00:31 . 2009-10-07 08:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2011-09-01 07:45 . 2009-10-07 08:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2009-07-14 05:01 . 2011-09-01 07:44 1173392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-08-28 00:31 1173392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-05-07 10:39 . 2011-09-01 07:44 14454232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-560016889-1321643632-1689185283-1001-8192.dat
    .
     
  10. LUDACLIPS

    LUDACLIPS TS Rookie Topic Starter

    3 of ...

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-02-07 170496]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-28 560128]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux9"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
    R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]
    R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [x]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [x]
    S3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\Drivers\psabusbu.sys [x]
    S3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 15:10]
    .
    2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 15:10]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
     
  11. LUDACLIPS

    LUDACLIPS TS Rookie Topic Starter

    4 of 4

    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
    c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-01 01:06:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-01 08:06
    ComboFix2.txt 2011-08-28 00:55
    .
    Pre-Run: 131,255,713,792 bytes free
    Post-Run: 130,854,301,696 bytes free
    .
    - - End Of File - - F3AE0D6190F1C033A505E54FA9D95E03
     
     
  12. LUDACLIPS

    LUDACLIPS TS Rookie Topic Starter

    Nevermind....

    the redirect is still happening
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I wondered how WOT would have changed a redirect!

    Try to pin it down for me:
    1. The description in your first post matched symptoms for a search redirect.
    2. What happened after installing the site advisor? Did the redirects just stop and searches were normal?
    3. Did it occur to you that you may have other malware now that is causing the same redirect symptoms?
    4. Is the 'redirect' that is happening now the same as what you first describer? Or different?
    5. Redirect began again 9/2
    =========================================
    New in Combofix: did you set?
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    =======================================
    Regarding these entries in Combofix:
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
    These could be the source of the popups because they are running from the temp folder: they are Logitech QuickCam .
    Per Logitech: Download and install from here. The install with then go to the Programs folder. http://majorgeeks.com/Logitech_QuickCam_d4398.html
    =================================
    Why are these setup files still on the system? Have you installed these? The setup files are usually what you download, then save, Double clicking on the setup should run/install the programs. Usually the setup is then removed- or can be deleted after the install.
    2011-05-18 18:43 18417296 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\x64\App\SONARPDR.exe
    2011-05-18 18:43 12563600 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\x86\App\SONARPDR.exe
    2011-04-01 18:16 730712 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\SONAR X1 Setup Files\ProducerX1QuickFix.exe
    2011-03-31 21:48 18413712 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\x64\App\SONARPDR.exe
    2011-04-01 18:16 730712 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\ProducerX1QuickFix.exe
    2011-03-31 21:48 12562064 ----a-w- c:\program files (x86)\Mozilla Firefox\SONAR X1 Setup Files\x86\App\SONARPDR.exe
    =========================================
    Please update and run a new scan with Eset:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.