Solved Search results jumps to other search sites

[mrspookie]

Hello Techspot.com!

I have this problem where, when I click on the result I receive from a search on google, the link jumps to some other random search site.

I used to get popups without even browsing but after I completed the 8 steps, the popups stopped.

here are the logs from the 8 steps.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6199

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/28/2011 1:41:02 PM
mbam-log-2011-03-28 (13-41-02).txt

Scan type: Quick scan
Objects scanned: 176017
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\A9YA3MI1CF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\A9YA3MI1CF (Trojan.FakeAlert) -> Value: A9YA3MI1CF -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-----------------------------------------------------------------------
My GMER.log has nothing in it...
-----------------------------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by psylint at 13:00:37.14 on Mon 03/28/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.1941 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\RAVCpl64.exe
C:\Users\psylint\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\psylint\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Movavi Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Movavi Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [A9YA3MI1CF] C:\Users\psylint\AppData\Local\Temp\Hnb.exe
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [AIMPro] "C:\Program Files (x86)\AIM\AIM Pro\aimpro.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\psylint\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\psylint\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\psylint\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VIIKII~1.LNK - C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
TB-X64: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} -
TB-X64: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RtHDVCpl] RAVCpl64.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\psylint\AppData\Roaming\Mozilla\Firefox\Profiles\wvq8xyjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: C:\Users\psylint\AppData\Roaming\Mozilla\Firefox\Profiles\wvq8xyjf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\psylint\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Users\psylint\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\psylint\AppData\Roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-16 55856]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-15 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-15 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-15 83120]
R2 OKAV Agent Service;OKAV Agent Service;C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe [2008-9-8 70920]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-8-21 84512]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-4 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-16 1038088]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]
.
=============== Created Last 30 ================
.
2011-03-23 20:06:22 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-03-16 00:09:35 -------- d-----w- C:\Users\psylint\AppData\Roaming\Avira
2011-03-16 00:05:47 -------- d-----w- C:\Users\psylint\AppData\Roaming\Malwarebytes
2011-03-16 00:05:40 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 00:05:39 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-16 00:05:35 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-16 00:05:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-15 23:51:49 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-03-15 23:51:49 -------- d-----w- C:\Program Files (x86)\Avira
2011-03-15 23:51:49 -------- d-----w- C:\PROGRA~3\Avira
2011-03-14 22:38:02 94208 --sha-r- C:\Windows\SysWow64\korwbrkr8.dll
2011-03-12 19:28:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-11 09:33:41 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{2383490C-8D5F-4DAC-AA0A-6DA89A4331FA}\mpengine.dll
2011-03-09 21:25:47 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-09 21:25:47 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 21:25:47 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-09 21:25:46 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 21:25:46 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 21:25:46 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 21:25:46 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 21:25:46 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 21:25:42 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 21:25:42 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 21:25:42 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 21:25:42 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-04 08:18:33 -------- d-----w- C:\Users\psylint\AppData\Local\Google
.
==================== Find3M ====================
.
2011-02-03 04:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-03 01:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-10 00:25:46 58736 ----a-w- C:\Program Files (x86)\vcContextPL.dll
2010-12-10 00:25:44 742776 ----a-w- C:\Program Files (x86)\VideoConverterPL.dll
2010-12-10 00:25:42 46448 ----a-w- C:\Program Files (x86)\PkgManagerPL.dll
2010-12-10 00:25:40 4711792 ----a-w- C:\Program Files (x86)\NagScreenPL.dll
2010-12-10 00:25:36 42344 ----a-w- C:\Program Files (x86)\DialogsPL.dll
2010-12-10 00:25:34 296304 ----a-w- C:\Program Files (x86)\PSPUploaderpl.exe
2010-12-10 00:25:12 79200 ----a-w- C:\Program Files (x86)\zlib1.dll
2010-12-10 00:25:04 796024 ----a-w- C:\Program Files (x86)\VideoConverterPT.dll
2010-12-10 00:25:02 796024 ----a-w- C:\Program Files (x86)\VideoConverterNL.dll
2010-12-10 00:25:00 783736 ----a-w- C:\Program Files (x86)\VideoConverterJP.dll
2010-12-10 00:23:56 660840 ----a-w- C:\Program Files (x86)\PkgManager.dll
2010-12-10 00:22:36 284008 ----a-w- C:\Program Files (x86)\vcContext.dll
2010-12-10 00:22:10 5465456 ----a-w- C:\Program Files (x86)\VideoConverter.exe
2010-12-10 00:22:08 271280 ----a-w- C:\Program Files (x86)\pdvcodec.dll
2010-12-03 00:55:51 2445744049 ----a-w- C:\Program Files\IrisClient_20101101.exe
.
============= FINISH: 13:01:06.11 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/4/2009 2:27:12 PM
System Uptime: 3/27/2011 2:12:04 PM (23 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 270 GiB total, 20.753 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP322: 3/24/2011 2:44:17 AM - Windows Update
RP323: 3/26/2011 1:07:17 AM - Windows Update
RP324: 3/26/2011 3:00:11 AM - Windows Update
RP325: 3/26/2011 1:31:29 PM - Windows Update
RP326: 3/28/2011 3:00:11 AM - Windows Update
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.3 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
AIM Toolbar
Aion
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
Bandisoft MPEG-1 Decoder
BitComet 1.25
Business Contact Manager for Outlook 2007
Clover DVR
Connect
Digital DJ Pro 1.7.0
DivX Setup
Download Updater (AOL LLC)
Dropbox
DvrMaster
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Earth Plug-in
Google Update Helper
IPCamera
IrisOnline
Java Auto Updater
Java(TM) 6 Update 24
kuler
League of Legends
Lenovo Power2Go
Linux ext2 file system driver
Malwarebytes' Anti-Malware
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Movavi Video Converter 10
Move Media Player
Mozilla Firefox (3.6.15)
NCsoft Launcher
Norton Security Scan
NVIDIA PhysX
OKAVAgent
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PriceGong 2.1.0
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Skype Toolbars
Skype™ 4.2
StarCraft II
Suite Shared Configuration CS4
System Requirements Lab
System Requirements Lab CYRI
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VC80CRTRedist - 8.0.50727.4053
ViiKii Desktop Plug-in
VLC media player 1.1.7
Windows 7 Upgrade Advisor
Windows Live Toolbar
WinRAR archiver
XSplit
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/28/2011 3:04:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 (KB951550).
3/28/2011 3:03:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2508979).
3/28/2011 3:03:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for the 2007 Microsoft Office System (KB951944).
3/28/2011 3:02:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for the 2007 Microsoft Office System (KB967642).
3/28/2011 3:02:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Business Contact Manager for Outlook 2007 Service Pack 2 (KB957324).
3/28/2011 3:01:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2).
3/27/2011 2:12:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Ext2Fsd
3/27/2011 2:12:10 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\Ext2Fsd.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/26/2011 1:35:31 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
3/26/2011 1:19:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
3/26/2011 1:19:17 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/23/2011 1:02:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 (KB951550).
3/23/2011 1:02:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2508979).
3/23/2011 1:02:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB951944).
3/23/2011 1:02:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for the 2007 Microsoft Office System (KB967642).
3/23/2011 1:02:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Business Contact Manager for Outlook 2007 Service Pack 2 (KB957324).
3/23/2011 1:02:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: The 2007 Microsoft Office Suite Service Pack 2 (SP2).
.
==== End Of File ===========================

 

[Bobbye]

Hi back at you and Welcome to TechSpot! Decided to join the many others with the 'Google Redirect'! I'll help you sort it out.

Mbam removed a Trojan.FakeAlert, so be sure you don't act on any alerts you get now. You have some bad toolbars and BHOs I can see now that I'll be removing, so please don't get any more while I'm helping you.

P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe.
BitComemt is a file sharing program. Please don't use it while I'm helping you and I would encourage you to uninstall it and any other file sharing program you're using:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• File sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
==========================================
Please run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

========================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

EDIT: You have both Norton Security Scan and Avast on the system. Please remove one of them.

 

[mrspookie]

hey thanks for the response.

about the eset... it says that I cannot get the update and asked if proxy is configured.
did I miss something?

 

[Bobbye]

Eset Server/Proxy Problem:

1. Make sure an Internet connection is already established before you perform the update.
2. Make sure a correct server is selected from the drop-down menu in the Update setup (if you update ESET NOD32 from the Internet, it should be set to Choose automatically).
3. If you are using a firewall, make sure the NOD32krn service has access to the Internet enabled.
4. If you are using a proxy server, be sure the connection parameters are set properly in the Advanced Update setup - LAN setup (if the proxy server requires authentication, make sure a correct login name and password are specified).
5. If you are not using a proxy server, make sure the use of a proxy server is disabled (NOD32 Control Center Update Setup Advanced Setup - Proxy Server section).
6. Restart your computer.

 

[mrspookie]

here is the log from ESET:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=e758cbc29685b44b9688c238d3b515e5
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-30 08:38:58
# local_time=2011-03-30 01:38:58 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 41423927 41423927 0 0
# compatibility_mode=1797 16775165 100 94 0 37891970 0 0
# compatibility_mode=5893 16776574 100 94 716600 53014071 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=216273
# found=0
# cleaned=0
# scan_time=3717
---------------------------------------------------------------------------------------------
and from Combofix

ComboFix 11-03-29.06 - psylint 03/30/2011 14:24:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2690 [GMT -7:00]
Running from: c:\users\psylint\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-30 21:26 . 2011-03-30 21:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-30 21:26 . 2011-03-30 21:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-30 21:26 . 2011-03-30 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 07:35 . 2011-03-29 07:35 -------- d-----w- c:\program files (x86)\ESET
2011-03-23 20:06 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-16 00:09 . 2011-03-16 00:09 -------- d-----w- c:\users\psylint\AppData\Roaming\Avira
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\users\psylint\AppData\Roaming\Malwarebytes
2011-03-16 00:05 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\programdata\Malwarebytes
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-16 00:05 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\programdata\Avira
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\program files (x86)\Avira
2011-03-15 23:51 . 2011-01-10 21:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 23:51 . 2011-01-10 21:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 00:33 . 2011-03-15 00:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-15 00:32 . 2011-03-15 00:32 -------- d-----w- c:\programdata\McAfee
2011-03-14 22:38 . 2011-03-14 22:38 94208 --sha-r- c:\windows\SysWow64\korwbrkr8.dll
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-11 09:33 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2383490C-8D5F-4DAC-AA0A-6DA89A4331FA}\mpengine.dll
2011-03-09 21:25 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 21:25 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 21:25 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-09 21:25 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 21:25 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 21:25 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 21:25 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 21:25 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-09 21:25 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 21:25 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 21:25 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 21:25 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-04 08:18 . 2011-03-04 08:20 -------- d-----w- c:\program files (x86)\Google
2011-03-04 08:18 . 2011-03-04 08:18 -------- d-----w- c:\users\psylint\AppData\Local\Google
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 04:40 . 2010-05-10 05:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-03 01:11 . 2009-10-21 07:07 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 08:06 . 2011-02-10 08:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-10 08:11 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-10 08:11 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-10 08:11 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-10 08:11 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-10 08:11 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-10 08:11 3127808 ----a-w- c:\windows\system32\win32k.sys
2010-12-10 00:25 . 2010-12-10 00:25 58736 ----a-w- c:\program files (x86)\vcContextPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 742776 ----a-w- c:\program files (x86)\VideoConverterPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 46448 ----a-w- c:\program files (x86)\PkgManagerPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 4711792 ----a-w- c:\program files (x86)\NagScreenPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 42344 ----a-w- c:\program files (x86)\DialogsPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 296304 ----a-w- c:\program files (x86)\PSPUploaderpl.exe
2010-12-10 00:25 . 2010-12-10 00:25 79200 ----a-w- c:\program files (x86)\zlib1.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterPT.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterNL.dll
2010-12-10 00:25 . 2010-12-10 00:25 783736 ----a-w- c:\program files (x86)\VideoConverterJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 791928 ----a-w- c:\program files (x86)\VideoConverterit.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverterFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverteres.dll
2010-12-10 00:24 . 2010-12-10 00:24 804216 ----a-w- c:\program files (x86)\VideoConverterde.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextIT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextES.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextDE.dll
2010-12-10 00:24 . 2010-12-10 00:24 304488 ----a-w- c:\program files (x86)\Statistic.dll
2010-12-10 00:24 . 2010-12-10 00:24 206184 ----a-w- c:\program files (x86)\ssleay32.dll
2010-12-10 00:24 . 2010-12-10 00:24 1820008 ----a-w- c:\program files (x86)\Register.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderpt.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploadernl.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderjp.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderit.exe
2010-12-10 00:24 . 2010-12-10 00:24 382320 ----a-w- c:\program files (x86)\PSPUploaderfr.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderes.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderde.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploader.exe
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 42352 ----a-w- c:\program files (x86)\PkgManagerJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerit.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerfr.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManageres.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerde.dll
2010-12-10 00:23 . 2010-12-10 00:23 660840 ----a-w- c:\program files (x86)\PkgManager.dll
2010-12-10 00:23 . 2010-12-10 00:23 4842864 ----a-w- c:\program files (x86)\NagScreenPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4834672 ----a-w- c:\program files (x86)\NagScreenNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 4867440 ----a-w- c:\program files (x86)\NagScreenJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 4724080 ----a-w- c:\program files (x86)\NagScreenIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4826480 ----a-w- c:\program files (x86)\NagScreenFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 4830576 ----a-w- c:\program files (x86)\NagScreenES.dll
2010-12-10 00:23 . 2010-12-10 00:23 4470128 ----a-w- c:\program files (x86)\NagScreenDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 6464872 ----a-w- c:\program files (x86)\NagScreen.dll
2010-12-10 00:23 . 2010-12-10 00:23 353640 ----a-w- c:\program files (x86)\msvcr71.dll
2010-12-10 00:23 . 2010-12-10 00:23 505192 ----a-w- c:\program files (x86)\msvcp71.dll
2010-12-10 00:23 . 2010-12-10 00:23 1070440 ----a-w- c:\program files (x86)\libeay32.dll
2010-12-10 00:23 . 2010-12-10 00:23 181608 ----a-w- c:\program files (x86)\libcurl.dll
2010-12-10 00:23 . 2010-12-10 00:23 4228464 ----a-w- c:\program files (x86)\ExtConverter.exe
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 38248 ----a-w- c:\program files (x86)\DialogsJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsES.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 1037672 ----a-w- c:\program files (x86)\Dialogs.dll
2010-12-10 00:23 . 2010-12-10 00:23 1044328 ----a-w- c:\program files (x86)\DbgHelp.Dll
2010-12-10 00:22 . 2010-12-10 00:22 284008 ----a-w- c:\program files (x86)\vcContext.dll
2010-12-10 00:22 . 2010-12-10 00:22 5465456 ----a-w- c:\program files (x86)\VideoConverter.exe
2010-12-10 00:22 . 2010-12-10 00:22 271280 ----a-w- c:\program files (x86)\pdvcodec.dll
2010-12-03 00:55 . 2010-12-02 11:10 2445744049 ----a-w- c:\program files\IrisClient_20101101.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-03-28 19:53 353656 ----a-w- c:\program files (x86)\PriceGong\2.1.0\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
c:\users\psylint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\psylint\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2010-9-1 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-17 1038088]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\psylint\AppData\Local\Temp\001301.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 OKAV Agent Service;OKAV Agent Service;c:\program files\Trend Micro\OKAVAgent\OKAVAgent.exe [2008-09-08 70920]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-09 6477344]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\psylint\AppData\Roaming\Mozilla\Firefox\Profiles\wvq8xyjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\psylint\AppData\Roaming\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\psylint\AppData\Local\Temp\001301.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-30 14:28:25
ComboFix-quarantined-files.txt 2011-03-30 21:28
ComboFix2.txt 2011-03-30 21:18
.
Pre-Run: 22,073,257,984 bytes free
Post-Run: 22,020,169,728 bytes free
.
- - End Of File - - A4883409D58C95AD22FDAC29F962B631
-------------------------------------------------------------------------------------------------

I don't want to piss you off or anything but FYI the directions for ESET was a little off. There was no option for "Copy to Clipboard" and the check box option for "Scan for unwanted applications" was in the advanced settings. But then again it could just be me doing something wrong again :/

Also, the problem seems to be fixed now but it would be nice to clean out my system of any other things I shouldn't have. Thanks for the help

 

[Bobbye]

No problem.
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\gpotato\IrisOnline\GameGuard\dump_wmimmc.sys
c:\users\psylint\AppData\Local\Temp\001301.tmp
c:\windows\System32\Drivers\PxHlpa64.sys
Folder::
c:\programdata\McAfee
Registry::
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}].
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}].
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}].
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
Driver::
dump_wmimmc
X6va001
PxHlpa64

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
======================================
Please uninstall the following:
BitComet 1.25
Norton Security Scan> Norton Removal Tool
OKAVAgent> Part of Trend Micro but I wasn't able to find what it does.
PriceGong 2.1.0
----------------------
When uninstalls have been done, use Windows Explorer to delete the program folders.
---------------------
Please update the following:
Mozilla Firefox (3.6.15)
=======================================
There are several indications that you have not looked for prechecked items on download screens. As a result, you have gotten adware and foistware that are bundled with them. Check all download screens carefully and uncheck all items that are pre-checked.
Examples: Simpull Toolbar by W3i, LLC, bundled with various third party applications
and there are numerous entries for the AskToolbar.
=======================================
Download Security Check by screen317 from HERE or HERE .

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[mrspookie]

combofix.txt

ComboFix 11-03-31.01 - psylint 03/31/2011 12:06:50.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2700 [GMT -7:00]
Running from: c:\users\psylint\Downloads\ComboFix.exe
Command switches used :: c:\users\psylint\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\gpotato\IrisOnline\GameGuard\dump_wmimmc.sys"
"c:\users\psylint\AppData\Local\Temp\001301.tmp"
"c:\windows\System32\Drivers\PxHlpa64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\Common\MsiExec\MsiExec000.log
c:\windows\System32\Drivers\PxHlpa64.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA001
-------\Service_dump_wmimmc
-------\Service_PxHlpa64
-------\Service_X6va001
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 19:09 . 2011-03-31 19:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-31 19:09 . 2011-03-31 19:09 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-29 07:35 . 2011-03-29 07:35 -------- d-----w- c:\program files (x86)\ESET
2011-03-23 20:06 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-16 00:09 . 2011-03-16 00:09 -------- d-----w- c:\users\psylint\AppData\Roaming\Avira
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\users\psylint\AppData\Roaming\Malwarebytes
2011-03-16 00:05 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\programdata\Malwarebytes
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-16 00:05 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\programdata\Avira
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\program files (x86)\Avira
2011-03-15 23:51 . 2011-01-10 21:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 23:51 . 2011-01-10 21:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 00:33 . 2011-03-15 00:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-14 22:38 . 2011-03-14 22:38 94208 --sha-r- c:\windows\SysWow64\korwbrkr8.dll
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-11 09:33 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2383490C-8D5F-4DAC-AA0A-6DA89A4331FA}\mpengine.dll
2011-03-09 21:25 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 21:25 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 21:25 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-09 21:25 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 21:25 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 21:25 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 21:25 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 21:25 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-09 21:25 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 21:25 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 21:25 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 21:25 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-04 08:18 . 2011-03-04 08:20 -------- d-----w- c:\program files (x86)\Google
2011-03-04 08:18 . 2011-03-04 08:18 -------- d-----w- c:\users\psylint\AppData\Local\Google
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 04:40 . 2010-05-10 05:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-03 01:11 . 2009-10-21 07:07 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 08:06 . 2011-02-10 08:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-10 08:11 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-10 08:11 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-10 08:11 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-10 08:11 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-10 08:11 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-10 08:11 3127808 ----a-w- c:\windows\system32\win32k.sys
2010-12-10 00:25 . 2010-12-10 00:25 58736 ----a-w- c:\program files (x86)\vcContextPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 742776 ----a-w- c:\program files (x86)\VideoConverterPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 46448 ----a-w- c:\program files (x86)\PkgManagerPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 4711792 ----a-w- c:\program files (x86)\NagScreenPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 42344 ----a-w- c:\program files (x86)\DialogsPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 296304 ----a-w- c:\program files (x86)\PSPUploaderpl.exe
2010-12-10 00:25 . 2010-12-10 00:25 79200 ----a-w- c:\program files (x86)\zlib1.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterPT.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterNL.dll
2010-12-10 00:25 . 2010-12-10 00:25 783736 ----a-w- c:\program files (x86)\VideoConverterJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 791928 ----a-w- c:\program files (x86)\VideoConverterit.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverterFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverteres.dll
2010-12-10 00:24 . 2010-12-10 00:24 804216 ----a-w- c:\program files (x86)\VideoConverterde.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextIT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextES.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextDE.dll
2010-12-10 00:24 . 2010-12-10 00:24 304488 ----a-w- c:\program files (x86)\Statistic.dll
2010-12-10 00:24 . 2010-12-10 00:24 206184 ----a-w- c:\program files (x86)\ssleay32.dll
2010-12-10 00:24 . 2010-12-10 00:24 1820008 ----a-w- c:\program files (x86)\Register.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderpt.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploadernl.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderjp.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderit.exe
2010-12-10 00:24 . 2010-12-10 00:24 382320 ----a-w- c:\program files (x86)\PSPUploaderfr.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderes.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderde.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploader.exe
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 42352 ----a-w- c:\program files (x86)\PkgManagerJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerit.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerfr.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManageres.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerde.dll
2010-12-10 00:23 . 2010-12-10 00:23 660840 ----a-w- c:\program files (x86)\PkgManager.dll
2010-12-10 00:23 . 2010-12-10 00:23 4842864 ----a-w- c:\program files (x86)\NagScreenPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4834672 ----a-w- c:\program files (x86)\NagScreenNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 4867440 ----a-w- c:\program files (x86)\NagScreenJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 4724080 ----a-w- c:\program files (x86)\NagScreenIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4826480 ----a-w- c:\program files (x86)\NagScreenFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 4830576 ----a-w- c:\program files (x86)\NagScreenES.dll
2010-12-10 00:23 . 2010-12-10 00:23 4470128 ----a-w- c:\program files (x86)\NagScreenDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 6464872 ----a-w- c:\program files (x86)\NagScreen.dll
2010-12-10 00:23 . 2010-12-10 00:23 353640 ----a-w- c:\program files (x86)\msvcr71.dll
2010-12-10 00:23 . 2010-12-10 00:23 505192 ----a-w- c:\program files (x86)\msvcp71.dll
2010-12-10 00:23 . 2010-12-10 00:23 1070440 ----a-w- c:\program files (x86)\libeay32.dll
2010-12-10 00:23 . 2010-12-10 00:23 181608 ----a-w- c:\program files (x86)\libcurl.dll
2010-12-10 00:23 . 2010-12-10 00:23 4228464 ----a-w- c:\program files (x86)\ExtConverter.exe
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 38248 ----a-w- c:\program files (x86)\DialogsJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsES.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 1037672 ----a-w- c:\program files (x86)\Dialogs.dll
2010-12-10 00:23 . 2010-12-10 00:23 1044328 ----a-w- c:\program files (x86)\DbgHelp.Dll
2010-12-10 00:22 . 2010-12-10 00:22 284008 ----a-w- c:\program files (x86)\vcContext.dll
2010-12-10 00:22 . 2010-12-10 00:22 5465456 ----a-w- c:\program files (x86)\VideoConverter.exe
2010-12-10 00:22 . 2010-12-10 00:22 271280 ----a-w- c:\program files (x86)\pdvcodec.dll
2010-12-03 00:55 . 2010-12-02 11:10 2445744049 ----a-w- c:\program files\IrisClient_20101101.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-30_21.17.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-03-30 07:20 40732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-31 19:13 40732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-05 21:03 . 2011-03-31 19:13 19434 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346043747-1998143513-3687065911-1004_UserData.bin
- 2009-12-05 08:14 . 2011-03-30 07:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 08:14 . 2011-03-31 19:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 08:14 . 2011-03-31 19:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-05 08:14 . 2011-03-30 07:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-05 08:14 . 2011-03-31 19:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-05 08:14 . 2011-03-30 07:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-05 07:13 . 2011-03-31 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-05 07:13 . 2011-03-30 07:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 07:13 . 2011-03-31 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-05 07:13 . 2011-03-30 07:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-30 07:17 . 2011-03-30 07:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-31 19:11 . 2011-03-31 19:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-30 07:17 . 2011-03-30 07:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-31 19:11 . 2011-03-31 19:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:34 . 2011-03-31 10:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-03-30 14:32 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-03-28 19:53 353656 ----a-w- c:\program files (x86)\PriceGong\2.1.0\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
c:\users\psylint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\psylint\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2010-9-1 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-17 1038088]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 OKAV Agent Service;OKAV Agent Service;c:\program files\Trend Micro\OKAVAgent\OKAVAgent.exe [2008-09-08 70920]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF4183.cfxxe" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-09 6477344]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\psylint\AppData\Roaming\Mozilla\Firefox\Profiles\wvq8xyjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\psylint\AppData\Roaming\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2011-03-31 12:17:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-31 19:17
ComboFix2.txt 2011-03-30 21:28
ComboFix3.txt 2011-03-30 21:18
.
Pre-Run: 21,764,829,184 bytes free
Post-Run: 21,520,551,936 bytes free
.
- - End Of File - - F75A33AF2EA8226C0632105D649C71D7
----------------------------------------------------------------------------------

checkup.txt

Results of screen317's Security Check version 0.99.10
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Adobe Flash Player 10.0.2.54
Mozilla Firefox (3.6.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

 

[Bobbye]

Please send this file for identification:

Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

• 
  [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
  
  

  c:\windows\SysWow64\korwbrkr8.dll

  [2]. At the upload site, click once inside the window next to Browse.
  [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
  [4]. Click on the Upload button.
  This will perform a scan across multiple different virus scanning engines.
  Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  Important: Wait for all of the scanning engines to complete.
  [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
  [6]. Paste the contents of the Clipboard in your next reply.

 

[mrspookie]

I tried to put the file in to scan but it wouldn't let me.
it says that I do not have permission to open the file and to contact the file owner or administrator for permission

 

[Bobbye]

Did you logon to the Administrative account? I also gave you three different links for online scanners. Did you try all 3 of them?

 

[mrspookie]

Yea, I'm logged on as administrator and it says the same thing for all three.

 

[Bobbye]

Please run this Custom CFScript: Please be sure to copy all the entries in the codebox

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\windows\SysWow64\korwbrkr8.dll
c:\windows\system32\drivers\nvhda64v.sys 
c:\windows\system32\Wat\WatAdminSvc.exe
Registry::
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
Driver::
WatAdminSvc
NVHDA

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please open Firefox Extensions and remove all of these outdated Java entries, including the current v6u24:
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

You don't need to put a separate extension for Java in Firefox.

 

[mrspookie]

ComboFix 11-04-06.03 - psylint 04/07/2011 1:15.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.1429 [GMT -7:00]
Running from: c:\users\psylint\Downloads\ComboFix.exe
Command switches used :: c:\users\psylint\Downloads\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\nvhda64v.sys"
"c:\windows\system32\Wat\WatAdminSvc.exe"
"c:\windows\SysWow64\korwbrkr8.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\nvhda64v.sys
c:\windows\SysWow64\korwbrkr8.dll
c:\windows\system32\Wat\WatAdminSvc.exe . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NVHDA
-------\Service_WatAdminSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 08:18 . 2011-04-07 08:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-04-07 08:18 . 2011-04-07 08:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-29 07:35 . 2011-03-29 07:35 -------- d-----w- c:\program files (x86)\ESET
2011-03-23 20:06 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-16 00:09 . 2011-03-16 00:09 -------- d-----w- c:\users\psylint\AppData\Roaming\Avira
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\users\psylint\AppData\Roaming\Malwarebytes
2011-03-16 00:05 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\programdata\Malwarebytes
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-16 00:05 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\programdata\Avira
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\program files (x86)\Avira
2011-03-15 23:51 . 2011-01-10 21:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 23:51 . 2011-01-10 21:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 00:33 . 2011-03-15 00:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-11 09:33 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2383490C-8D5F-4DAC-AA0A-6DA89A4331FA}\mpengine.dll
2011-03-09 21:25 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 21:25 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 21:25 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-09 21:25 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 21:25 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 21:25 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 21:25 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 21:25 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-09 21:25 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 21:25 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 21:25 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 21:25 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 04:40 . 2010-05-10 05:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-03 01:11 . 2009-10-21 07:07 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-10 00:25 . 2010-12-10 00:25 58736 ----a-w- c:\program files (x86)\vcContextPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 742776 ----a-w- c:\program files (x86)\VideoConverterPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 46448 ----a-w- c:\program files (x86)\PkgManagerPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 4711792 ----a-w- c:\program files (x86)\NagScreenPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 42344 ----a-w- c:\program files (x86)\DialogsPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 296304 ----a-w- c:\program files (x86)\PSPUploaderpl.exe
2010-12-10 00:25 . 2010-12-10 00:25 79200 ----a-w- c:\program files (x86)\zlib1.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterPT.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterNL.dll
2010-12-10 00:25 . 2010-12-10 00:25 783736 ----a-w- c:\program files (x86)\VideoConverterJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 791928 ----a-w- c:\program files (x86)\VideoConverterit.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverterFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverteres.dll
2010-12-10 00:24 . 2010-12-10 00:24 804216 ----a-w- c:\program files (x86)\VideoConverterde.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextIT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextES.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextDE.dll
2010-12-10 00:24 . 2010-12-10 00:24 304488 ----a-w- c:\program files (x86)\Statistic.dll
2010-12-10 00:24 . 2010-12-10 00:24 206184 ----a-w- c:\program files (x86)\ssleay32.dll
2010-12-10 00:24 . 2010-12-10 00:24 1820008 ----a-w- c:\program files (x86)\Register.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderpt.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploadernl.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderjp.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderit.exe
2010-12-10 00:24 . 2010-12-10 00:24 382320 ----a-w- c:\program files (x86)\PSPUploaderfr.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderes.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderde.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploader.exe
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 42352 ----a-w- c:\program files (x86)\PkgManagerJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerit.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerfr.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManageres.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerde.dll
2010-12-10 00:23 . 2010-12-10 00:23 660840 ----a-w- c:\program files (x86)\PkgManager.dll
2010-12-10 00:23 . 2010-12-10 00:23 4842864 ----a-w- c:\program files (x86)\NagScreenPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4834672 ----a-w- c:\program files (x86)\NagScreenNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 4867440 ----a-w- c:\program files (x86)\NagScreenJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 4724080 ----a-w- c:\program files (x86)\NagScreenIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4826480 ----a-w- c:\program files (x86)\NagScreenFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 4830576 ----a-w- c:\program files (x86)\NagScreenES.dll
2010-12-10 00:23 . 2010-12-10 00:23 4470128 ----a-w- c:\program files (x86)\NagScreenDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 6464872 ----a-w- c:\program files (x86)\NagScreen.dll
2010-12-10 00:23 . 2010-12-10 00:23 353640 ----a-w- c:\program files (x86)\msvcr71.dll
2010-12-10 00:23 . 2010-12-10 00:23 505192 ----a-w- c:\program files (x86)\msvcp71.dll
2010-12-10 00:23 . 2010-12-10 00:23 1070440 ----a-w- c:\program files (x86)\libeay32.dll
2010-12-10 00:23 . 2010-12-10 00:23 181608 ----a-w- c:\program files (x86)\libcurl.dll
2010-12-10 00:23 . 2010-12-10 00:23 4228464 ----a-w- c:\program files (x86)\ExtConverter.exe
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 38248 ----a-w- c:\program files (x86)\DialogsJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsES.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 1037672 ----a-w- c:\program files (x86)\Dialogs.dll
2010-12-10 00:23 . 2010-12-10 00:23 1044328 ----a-w- c:\program files (x86)\DbgHelp.Dll
2010-12-10 00:22 . 2010-12-10 00:22 284008 ----a-w- c:\program files (x86)\vcContext.dll
2010-12-10 00:22 . 2010-12-10 00:22 5465456 ----a-w- c:\program files (x86)\VideoConverter.exe
2010-12-10 00:22 . 2010-12-10 00:22 271280 ----a-w- c:\program files (x86)\pdvcodec.dll
2010-12-03 00:55 . 2010-12-02 11:10 2445744049 ----a-w- c:\program files\IrisClient_20101101.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-30_21.17.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-11 01:29 . 2010-12-11 01:29 64864 c:\windows\SysWOW64\sqlctr90.dll
+ 2009-12-06 19:11 . 2011-04-04 04:38 36702 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-03-30 07:20 40732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-04 04:38 40732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-05 21:03 . 2011-04-04 04:38 19498 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346043747-1998143513-3687065911-1004_UserData.bin
+ 2009-12-05 08:14 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-05 08:14 . 2011-03-30 07:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-05 08:14 . 2011-03-30 07:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-05 08:14 . 2011-04-07 08:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-05 08:14 . 2011-03-30 07:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-05 08:14 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-05 07:13 . 2011-03-30 07:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 07:13 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 07:13 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-05 07:13 . 2011-03-30 07:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-06 10:06 . 2011-04-06 10:06 42848 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 38752 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 67424 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
+ 2011-04-06 10:05 . 2011-04-06 10:05 42848 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 34656 c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
+ 2011-04-06 10:06 . 2011-04-06 10:06 74592 c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
- 2011-03-30 07:17 . 2011-03-30 07:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-07 08:19 . 2011-04-07 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-07 08:19 . 2011-04-07 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-30 07:17 . 2011-03-30 07:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-03-15 23:32 661830 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-07 06:10 661830 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-03-15 23:32 121018 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-04-07 06:10 121018 c:\windows\system32\perfc009.dat
+ 2011-04-06 10:05 . 2011-04-06 10:05 591712 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 919392 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 218976 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 554848 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
+ 2011-04-06 10:05 . 2011-04-06 10:05 198496 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 153440 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
+ 2011-04-06 10:05 . 2011-04-06 10:05 132960 c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 137056 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 542560 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 359776 c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
+ 2010-12-11 01:29 . 2010-12-11 01:29 2248032 c:\windows\SysWOW64\sqlncli.dll
+ 2010-12-11 00:34 . 2010-12-11 00:34 2882400 c:\windows\system32\sqlncli.dll
+ 2010-12-11 09:24 . 2010-12-11 09:24 5180928 c:\windows\Installer\b786f43.msi
+ 2010-12-11 09:06 . 2010-12-11 09:06 9260032 c:\windows\Installer\b786ed1.msi
+ 2010-12-11 09:23 . 2010-12-11 09:23 6642688 c:\windows\Installer\b786ec1.msi
+ 2010-12-11 07:19 . 2010-12-11 07:19 3281920 c:\windows\Installer\b786e5e.msi
+ 2010-12-11 07:19 . 2010-12-11 07:19 6577152 c:\windows\Installer\b786e0b.msi
+ 2011-04-06 10:06 . 2011-04-06 10:06 1603424 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
+ 2011-04-06 10:06 . 2011-04-06 10:06 1214304 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
- 2009-07-14 02:34 . 2011-03-30 14:32 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-04-07 02:14 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
c:\users\psylint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\psylint\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2010-9-1 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-17 1038088]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF16454.cfxxe" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-09 6477344]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\psylint\AppData\Roaming\Mozilla\Firefox\Profiles\wvq8xyjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\psylint\AppData\Roaming\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2011-04-07 01:28:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-07 08:28
ComboFix2.txt 2011-03-31 19:17
ComboFix3.txt 2011-03-30 21:28
ComboFix4.txt 2011-03-30 21:18
.
Pre-Run: 20,144,459,776 bytes free
Post-Run: 20,107,444,224 bytes free
.
- - End Of File - - FA090BD87CC791ECC76B5B3825195C85

 

[Bobbye]

/Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

KillAll::
File::
c:\program files\IrisClient_20101101.exe
Registry::
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Click on the Start icon> Control Panel>> Programs section> Choose Uninstall a Program> From the list that is displayed, do this for each of the programs listed: Click on the program> Select UninstallIf asked 'are you sure' click on Yes:

Ask......('Ask' anything!- as in AskToolbar, Ask.com)

Simppull toolbar (or 'simppull' anything!- as in SimppulltoolbarAu1)

Close when finished.

Then use Windows Explorer (Windows Key + E)> Computer> Programs> Find the program folder for each of the programs you uninstalled and do a right click> Delete on the program folder.
Exit Windows Explorer.

Are you search redirects gone? Are there any other related problems?

 

[mrspookie]

after i finished the Combofix.exe part, my computer restarted at a lower resolution and i couldnt open firefox or connect to the internet on IE. so i did a system restore to before the combofix. I uninstalled a "ask" toolbar (i could only find one) and i couldnt find any "simppull" programs. I will now try the combofix again.

The search redirects are gone but i now have this message popping up on my taskbar. It only stays on for a milisecond so it doesnt give me enough time to read it. I'm not sure what it is but i just got it recently.

 

[mrspookie]

ComboFix 11-04-06.03 - psylint 04/07/2011 14:43:03.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2876 [GMT -7:00]
Running from: c:\users\psylint\Downloads\ComboFix.exe
Command switches used :: c:\users\psylint\Downloads\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\IrisClient_20101101.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\IrisClient_20101101.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 21:47 . 2011-04-07 21:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-04-07 21:47 . 2011-04-07 21:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-07 21:47 . 2011-04-07 21:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 07:35 . 2011-03-29 07:35 -------- d-----w- c:\program files (x86)\ESET
2011-03-23 20:06 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-16 00:09 . 2011-03-16 00:09 -------- d-----w- c:\users\psylint\AppData\Roaming\Avira
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\users\psylint\AppData\Roaming\Malwarebytes
2011-03-16 00:05 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\programdata\Malwarebytes
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-16 00:05 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\programdata\Avira
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\program files (x86)\Avira
2011-03-15 23:51 . 2011-01-10 21:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 23:51 . 2011-01-10 21:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 00:33 . 2011-03-15 00:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-11 09:33 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2383490C-8D5F-4DAC-AA0A-6DA89A4331FA}\mpengine.dll
2011-03-09 21:25 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 21:25 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 21:25 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-09 21:25 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 21:25 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 21:25 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 21:25 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 21:25 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-09 21:25 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 21:25 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 21:25 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 21:25 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 04:40 . 2010-05-10 05:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-03 01:11 . 2009-10-21 07:07 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-10 00:25 . 2010-12-10 00:25 58736 ----a-w- c:\program files (x86)\vcContextPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 742776 ----a-w- c:\program files (x86)\VideoConverterPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 46448 ----a-w- c:\program files (x86)\PkgManagerPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 4711792 ----a-w- c:\program files (x86)\NagScreenPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 42344 ----a-w- c:\program files (x86)\DialogsPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 296304 ----a-w- c:\program files (x86)\PSPUploaderpl.exe
2010-12-10 00:25 . 2010-12-10 00:25 79200 ----a-w- c:\program files (x86)\zlib1.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterPT.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterNL.dll
2010-12-10 00:25 . 2010-12-10 00:25 783736 ----a-w- c:\program files (x86)\VideoConverterJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 791928 ----a-w- c:\program files (x86)\VideoConverterit.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverterFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverteres.dll
2010-12-10 00:24 . 2010-12-10 00:24 804216 ----a-w- c:\program files (x86)\VideoConverterde.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextIT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextES.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextDE.dll
2010-12-10 00:24 . 2010-12-10 00:24 304488 ----a-w- c:\program files (x86)\Statistic.dll
2010-12-10 00:24 . 2010-12-10 00:24 206184 ----a-w- c:\program files (x86)\ssleay32.dll
2010-12-10 00:24 . 2010-12-10 00:24 1820008 ----a-w- c:\program files (x86)\Register.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderpt.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploadernl.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderjp.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderit.exe
2010-12-10 00:24 . 2010-12-10 00:24 382320 ----a-w- c:\program files (x86)\PSPUploaderfr.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderes.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderde.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploader.exe
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 42352 ----a-w- c:\program files (x86)\PkgManagerJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerit.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerfr.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManageres.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerde.dll
2010-12-10 00:23 . 2010-12-10 00:23 660840 ----a-w- c:\program files (x86)\PkgManager.dll
2010-12-10 00:23 . 2010-12-10 00:23 4842864 ----a-w- c:\program files (x86)\NagScreenPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4834672 ----a-w- c:\program files (x86)\NagScreenNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 4867440 ----a-w- c:\program files (x86)\NagScreenJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 4724080 ----a-w- c:\program files (x86)\NagScreenIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4826480 ----a-w- c:\program files (x86)\NagScreenFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 4830576 ----a-w- c:\program files (x86)\NagScreenES.dll
2010-12-10 00:23 . 2010-12-10 00:23 4470128 ----a-w- c:\program files (x86)\NagScreenDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 6464872 ----a-w- c:\program files (x86)\NagScreen.dll
2010-12-10 00:23 . 2010-12-10 00:23 353640 ----a-w- c:\program files (x86)\msvcr71.dll
2010-12-10 00:23 . 2010-12-10 00:23 505192 ----a-w- c:\program files (x86)\msvcp71.dll
2010-12-10 00:23 . 2010-12-10 00:23 1070440 ----a-w- c:\program files (x86)\libeay32.dll
2010-12-10 00:23 . 2010-12-10 00:23 181608 ----a-w- c:\program files (x86)\libcurl.dll
2010-12-10 00:23 . 2010-12-10 00:23 4228464 ----a-w- c:\program files (x86)\ExtConverter.exe
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 38248 ----a-w- c:\program files (x86)\DialogsJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsES.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 1037672 ----a-w- c:\program files (x86)\Dialogs.dll
2010-12-10 00:23 . 2010-12-10 00:23 1044328 ----a-w- c:\program files (x86)\DbgHelp.Dll
2010-12-10 00:22 . 2010-12-10 00:22 284008 ----a-w- c:\program files (x86)\vcContext.dll
2010-12-10 00:22 . 2010-12-10 00:22 5465456 ----a-w- c:\program files (x86)\VideoConverter.exe
2010-12-10 00:22 . 2010-12-10 00:22 271280 ----a-w- c:\program files (x86)\pdvcodec.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-07_08.24.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-05 08:14 . 2011-04-07 21:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-05 08:14 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-05 08:14 . 2011-04-07 08:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-05 08:14 . 2011-04-07 21:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-05 08:14 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-05 08:14 . 2011-04-07 21:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-05 07:13 . 2011-04-07 21:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-05 07:13 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 07:13 . 2011-04-07 21:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-05 07:13 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-07 21:48 . 2011-04-07 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-07 08:19 . 2011-04-07 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-07 08:19 . 2011-04-07 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-07 21:48 . 2011-04-07 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:38 . 2011-04-07 21:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2009-12-04 21:50 262144 c:\windows\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
c:\users\psylint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\psylint\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2010-9-1 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-17 1038088]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-09 6477344]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\psylint\AppData\Roaming\Mozilla\Firefox\Profiles\wvq8xyjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\psylint\AppData\Roaming\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2011-04-07 14:55:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-07 21:55
ComboFix2.txt 2011-04-07 20:57
ComboFix3.txt 2011-04-07 08:28
ComboFix4.txt 2011-03-31 19:17
ComboFix5.txt 2011-04-07 21:41
.
Pre-Run: 18,010,001,408 bytes free
Post-Run: 20,418,740,224 bytes free
.
- - End Of File - - BB188FEEA0489174BCA541D634C64C27

 

[Bobbye]

after i finished the Combofix.exe part, my computer restarted at a lower resolution and i couldnt open firefox or connect to the internet on IE. so i did a system restore to before the combofix. I uninstalled a "ask" toolbar (i could only find one) and i couldnt find any "simppull" programs. I will now try the combofix again.

It sound like it booted into Safe Mode. But you should never do a System Restore when cleaning is in progress. It has undone what was done previously. There would have been a reason for that and you should have let me know.

Run the script I set up in my Reply #6 again.

Update and rescan with Malwarebytes again.

Update and run the Eset online virus scan again.

Do not do a System Restore. If you have a problem, come tell me about it. Mbam removed the (Trojan.FakeAlert) It's possible that you have reinfected the system with it again and that may be the popups you're getting. But I can't do anything about the popup because I don't know what it is.

Always ask before taking any action that you were not instructed to do.

 

[mrspookie]

ComboFix 11-04-08.03 - psylint 04/09/2011 11:21:56.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.3058 [GMT -7:00]
Running from: c:\users\psylint\Downloads\ComboFix.exe
Command switches used :: c:\users\psylint\Downloads\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\gpotato\IrisOnline\GameGuard\dump_wmimmc.sys"
"c:\users\psylint\AppData\Local\Temp\001301.tmp"
"c:\windows\System32\Drivers\PxHlpa64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_X6va001
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 18:26 . 2011-04-09 18:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-04-09 18:26 . 2011-04-09 18:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-29 07:35 . 2011-03-29 07:35 -------- d-----w- c:\program files (x86)\ESET
2011-03-23 20:06 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-16 00:09 . 2011-03-16 00:09 -------- d-----w- c:\users\psylint\AppData\Roaming\Avira
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\users\psylint\AppData\Roaming\Malwarebytes
2011-03-16 00:05 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\programdata\Malwarebytes
2011-03-16 00:05 . 2011-03-16 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-16 00:05 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\programdata\Avira
2011-03-15 23:51 . 2011-03-15 23:51 -------- d-----w- c:\program files (x86)\Avira
2011-03-15 23:51 . 2011-01-10 21:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 23:51 . 2011-01-10 21:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 00:33 . 2011-03-15 00:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-11 09:33 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2383490C-8D5F-4DAC-AA0A-6DA89A4331FA}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 04:40 . 2010-05-10 05:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-03 01:11 . 2009-10-21 07:07 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-10 00:25 . 2010-12-10 00:25 58736 ----a-w- c:\program files (x86)\vcContextPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 742776 ----a-w- c:\program files (x86)\VideoConverterPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 46448 ----a-w- c:\program files (x86)\PkgManagerPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 4711792 ----a-w- c:\program files (x86)\NagScreenPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 42344 ----a-w- c:\program files (x86)\DialogsPL.dll
2010-12-10 00:25 . 2010-12-10 00:25 296304 ----a-w- c:\program files (x86)\PSPUploaderpl.exe
2010-12-10 00:25 . 2010-12-10 00:25 79200 ----a-w- c:\program files (x86)\zlib1.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterPT.dll
2010-12-10 00:25 . 2010-12-10 00:25 796024 ----a-w- c:\program files (x86)\VideoConverterNL.dll
2010-12-10 00:25 . 2010-12-10 00:25 783736 ----a-w- c:\program files (x86)\VideoConverterJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 791928 ----a-w- c:\program files (x86)\VideoConverterit.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverterFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 808312 ----a-w- c:\program files (x86)\VideoConverteres.dll
2010-12-10 00:24 . 2010-12-10 00:24 804216 ----a-w- c:\program files (x86)\VideoConverterde.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextIT.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextFR.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextES.dll
2010-12-10 00:24 . 2010-12-10 00:24 58736 ----a-w- c:\program files (x86)\vcContextDE.dll
2010-12-10 00:24 . 2010-12-10 00:24 304488 ----a-w- c:\program files (x86)\Statistic.dll
2010-12-10 00:24 . 2010-12-10 00:24 206184 ----a-w- c:\program files (x86)\ssleay32.dll
2010-12-10 00:24 . 2010-12-10 00:24 1820008 ----a-w- c:\program files (x86)\Register.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderpt.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploadernl.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderjp.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderit.exe
2010-12-10 00:24 . 2010-12-10 00:24 382320 ----a-w- c:\program files (x86)\PSPUploaderfr.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderes.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploaderde.exe
2010-12-10 00:24 . 2010-12-10 00:24 296304 ----a-w- c:\program files (x86)\PSPUploader.exe
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerPT.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerNL.dll
2010-12-10 00:24 . 2010-12-10 00:24 42352 ----a-w- c:\program files (x86)\PkgManagerJP.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManagerit.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerfr.dll
2010-12-10 00:24 . 2010-12-10 00:24 46448 ----a-w- c:\program files (x86)\PkgManageres.dll
2010-12-10 00:24 . 2010-12-10 00:24 39792 ----a-w- c:\program files (x86)\PkgManagerde.dll
2010-12-10 00:23 . 2010-12-10 00:23 660840 ----a-w- c:\program files (x86)\PkgManager.dll
2010-12-10 00:23 . 2010-12-10 00:23 4842864 ----a-w- c:\program files (x86)\NagScreenPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4834672 ----a-w- c:\program files (x86)\NagScreenNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 4867440 ----a-w- c:\program files (x86)\NagScreenJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 4724080 ----a-w- c:\program files (x86)\NagScreenIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 4826480 ----a-w- c:\program files (x86)\NagScreenFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 4830576 ----a-w- c:\program files (x86)\NagScreenES.dll
2010-12-10 00:23 . 2010-12-10 00:23 4470128 ----a-w- c:\program files (x86)\NagScreenDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 6464872 ----a-w- c:\program files (x86)\NagScreen.dll
2010-12-10 00:23 . 2010-12-10 00:23 353640 ----a-w- c:\program files (x86)\msvcr71.dll
2010-12-10 00:23 . 2010-12-10 00:23 505192 ----a-w- c:\program files (x86)\msvcp71.dll
2010-12-10 00:23 . 2010-12-10 00:23 1070440 ----a-w- c:\program files (x86)\libeay32.dll
2010-12-10 00:23 . 2010-12-10 00:23 181608 ----a-w- c:\program files (x86)\libcurl.dll
2010-12-10 00:23 . 2010-12-10 00:23 4228464 ----a-w- c:\program files (x86)\ExtConverter.exe
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsPT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsNL.dll
2010-12-10 00:23 . 2010-12-10 00:23 38248 ----a-w- c:\program files (x86)\DialogsJP.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsIT.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsFR.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsES.dll
2010-12-10 00:23 . 2010-12-10 00:23 42344 ----a-w- c:\program files (x86)\DialogsDE.dll
2010-12-10 00:23 . 2010-12-10 00:23 1037672 ----a-w- c:\program files (x86)\Dialogs.dll
2010-12-10 00:23 . 2010-12-10 00:23 1044328 ----a-w- c:\program files (x86)\DbgHelp.Dll
2010-12-10 00:22 . 2010-12-10 00:22 284008 ----a-w- c:\program files (x86)\vcContext.dll
2010-12-10 00:22 . 2010-12-10 00:22 5465456 ----a-w- c:\program files (x86)\VideoConverter.exe
2010-12-10 00:22 . 2010-12-10 00:22 271280 ----a-w- c:\program files (x86)\pdvcodec.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-07_08.24.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-06 19:11 . 2011-04-09 16:16 37414 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-04 04:38 40732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-09 18:31 40732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-05 21:03 . 2011-04-09 18:31 19754 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346043747-1998143513-3687065911-1004_UserData.bin
+ 2011-04-07 21:49 . 2011-04-07 21:13 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-12-05 08:14 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 08:14 . 2011-04-09 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 08:14 . 2011-04-09 18:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-05 08:14 . 2011-04-07 08:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-05 08:14 . 2011-04-09 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-05 08:14 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-05 07:13 . 2011-04-09 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-05 07:13 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 07:13 . 2011-04-09 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-05 07:13 . 2011-04-07 08:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-28 11:07 . 2011-04-07 21:12 4010 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-04-07 08:19 . 2011-04-07 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-09 18:27 . 2011-04-09 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-07 08:19 . 2011-04-07 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-09 18:27 . 2011-04-09 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:38 . 2009-12-04 21:50 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2011-04-07 21:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 02:34 . 2011-04-07 02:14 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-04-09 16:51 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
c:\users\psylint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\psylint\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2010-9-1 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-17 1038088]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 08:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\psylint\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF10107.cfxxe" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-09 6477344]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\psylint\AppData\Roaming\Mozilla\Firefox\Profiles\wvq8xyjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\psylint\AppData\Roaming\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2011-04-09 11:35:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-09 18:35
ComboFix2.txt 2011-04-07 21:55
ComboFix3.txt 2011-04-07 20:57
ComboFix4.txt 2011-04-07 08:28
ComboFix5.txt 2011-04-09 18:20
.
Pre-Run: 20,178,481,152 bytes free
Post-Run: 19,992,879,104 bytes free
.
- - End Of File - - 0A61F185190604264CFC348AE9E30AAE


ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=e758cbc29685b44b9688c238d3b515e5
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-30 08:38:58
# local_time=2011-03-30 01:38:58 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 41423927 41423927 0 0
# compatibility_mode=1797 16775165 100 94 0 37891970 0 0
# compatibility_mode=5893 16776574 100 94 716600 53014071 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=216273
# found=0
# cleaned=0
# scan_time=3717


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6320

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/9/2011 11:47:46 AM
mbam-log-2011-04-09 (11-47-46).txt

Scan type: Quick scan
Objects scanned: 179057
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Bobbye]

Okay- how about the redirects? Have they stopped?

Just 2 entries to remove- I'd like you to run HijackThis. It won't scan the Services well as you have a 64bti OS, but it will show the toolbars, browser helper objects and a few other entries I can have you remove:

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

When you open Notepad, please be sure to go to Format and [uncheck Word Wrap

 

[mrspookie]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:29:26 PM, on 4/10/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Users\psylint\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: Dropbox.lnk = psylint\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: ViiKiiDesktopPlugin.lnk = C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10991 bytes

The redirects have stopped awhile ago when i posted reply #5 sorry if I didn't make it clear I hope this did not waste your time or anything. Also another thing I am having a problem with is my windows update but I think I can fix it with my product key when I find it. Again I'm sorry I didn't mention that sooner in case it would have made things easier. Thank you for your patience

 

[Bobbye]

Got it!

Please reopen HijackThis to 'do system scan only.'. Check each of the followling if present.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll (file missing)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)

Close all Windows except HijackThis and click on "Fix Checked"
=========================================
Please update the Adobe Reader: Visit this Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
========================================
Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  
  Creating a Restore Point in Windows 7:
  • Click on Start> right click on Computer> Properties
  • Select System Protection
  • Click on the Create button (near bottom)
  • Type a name for the Restore Point
  • Click on Create again to save the restore point.
  
  Deleting all but the most recent System Protection point in Windows 7
  1. Click Start> Computer> right click the C Drive and choose Properties> enter.
  2. Click Disk Cleanup from there.
     
     
  3. Click Clean up system files
     This restarts Disk Cleanup to run in elevated mode.
  4. Click the More Options tab
     
     
  5. Click the Clean up under System Restore and Shadow Copies.
  6. Click OK.
  7. You will get a confirmation screen> Just click Delete.
  8. Click OK on the Disk Cleanup Screen.
  9. Click Delete Files on the Confirmation screen.
  
  
  It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
  Images courtesy lytebyte.
  
  Empty the Recycle Bin
  
  Your system is clean. Check settings in the Security Center related to Windows Updates. Also, try at different time of the day.

 

[mrspookie]

alright man! thanks alot! thanks again for your patience it seems like everything is fixed now. except for the message popping up on my taskbar. I timed it and i found out that i comes up every 10 mins. Also, the windows updated somehow. I didnt change anything in the security center so it must have been the time of day. So thank you very much, you've been great help.

 

[Bobbye]

You're welcome. Glad to help. I went back over the logs to see if I could find anything that might be coming up at 10 minute intervals. Did I miss you mentioning this previously?

I would like to make a couple of suggestions:
1. You have 71 Adobe processes showing as installed. I suggest you check them out and see if some are outdated or redundant. You do need to update the Adobe Reader: Visit this Adobe Reader site and update to current v10(X). Uninstall any earlier updates as they are vulnerabilities.
2. Also, check the Microsoft Office installs. It looks like a few entries may be outdated.
3. You have several auto-updates running. When programs are set his way, they connect the internet looking for updates that might only come months apart- but they may access the internet several times each day: Examples:
Adobe Update Manager CS4
Download Updater (AOL LLC)
Java Auto Updater
If you would rather have everything updating by itself, it's your call. My personal preference is to only let the AV program auto-update. And some updates don't overwrite the older versions and they are vulnerabilities to the system. For instance, you can auto-update Adobe and Java, but you won't have a reminder to uninstall the outdated versions that don't get removed.
4. Always check a download screen for pre checked toolbars and BHO. You got the AskBar when you downloaded the Movavi Video Converter- it has the AskToolbar checked. You don't want to get these "extras."
5. Check the Scheduled Tasks and make sure you don't have any set for the time you would usually be on the system.

If you can refresh me on that taskbar popup, maybe I can stop it for you. Looking for "Information" Events in the Event Viewer may show you what is causing this every 10 minutes. The Events are time coded so can be compared to what is happening at that time

 

[mrspookie]

i looked at the scheduler and i only found things that are scheduled every hour, nothing for every 10 minutes. I couldnt find anything in the event viewer also.

for the adobe reader i dled the v10(X) and deleted the old updates. still working on the other updates though.

 

[Bobbye]

I still don't have any information about the popup. Did you tell me what it was?

What do you have scheduled for every hour?