Solved Google redirect virus - ran Spybot, MWB and Hitman; all found nothing

Status
Not open for further replies.
A

acidburn2448

Posts: 7   +0
I have had the virus for a few months now and learned to live with it but recently, its been worse. Redirecting me almost everytime I do something on google instead of the once every 15 when i first began to notice it. I have run MWB and Spybot Search and Destroy and Hitman (Free Trial Version), I can rerun and provide logs if that is where you wish for me to start. None of these found anything besides cookies.

Thanks
Austin
 
Welcome to TechSpot! I'll help with the redirect problem.

We have an organized start, so please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

I strongly recommend that you uninstall Hitman Pro. It is nothing more than a bundle of programs that can all be found free on the internet. and those programs are fully functional in that they remove bad entries. The scam from Hitman is that removal is only free while in the trial period- after that you have to pay.
========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Hard to believe you've gone on for months knowing you have some kind of malwarwe!
 
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Austin at 15:25:59 on 2011-07-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2311 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\msvcp7132.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Austin\Desktop\Youtube Videos\06jnne7k.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
uInternet Settings,ProxyOverride = *.local
BHO: {140d1708-3d25-46bc-8aca-b35f2b6b2cb3} - C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
dRun: [Safe Run Start] C:\Windows\SysWOW64\saferun.exe
StartupFolder: C:\Users\Austin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Austin\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{01157349-93C7-4E7A-9ADF-F602D26B2D5A} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF}\071677071677 : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF}\140707C65647F677E6 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF}\34F627E656272416B656279775966696 : DhcpNameServer = 8.8.8.8 8.8.4.4 10.12.1.12
TCP: Interfaces\{2525DCA4-2586-4872-861D-1691840DD0FF}\35861646F677 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Users\Austin\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: XULRunner: {A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3} - C:\Windows\system32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}
FF - Ext: XULRunner: {0B84D067-4F89-45D3-9EF7-205454709767} - C:\Users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
FF - Ext: XUL Cache: {d1f25624-e58f-4811-a96c-0c89d0436750} - %profile%\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Dhcp32;DHCP Client ;C:\Windows\System32\msvcp7132.exe [2011-7-16 554496]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-3-8 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-15 135664]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-16 1153368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-15 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-29 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-07-26 17:44:41 -------- d-----w- C:\Program Files (x86)\Citrix
2011-07-26 17:42:11 72080 ----a-w- C:\Users\Austin\g2mdlhlpx.exe
2011-07-26 15:56:33 -------- d-----w- C:\Program Files\CCleaner
2011-07-16 06:42:57 554496 ----a-w- C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.exe
2011-07-16 06:42:55 554496 ----a-w- C:\Windows\SysWow64\msvcp7132.exe
2011-07-16 06:42:51 348672 ----a-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
2011-07-15 18:19:02 -------- d-----r- C:\Users\Austin\Dropbox
2011-07-15 18:17:03 -------- d-----w- C:\Users\Austin\AppData\Roaming\Dropbox
2011-07-01 16:10:32 -------- d-----w- C:\Users\Austin\AppData\Local\FeedDemon
2011-07-01 16:10:26 -------- d-----w- C:\Program Files (x86)\FeedDemon
.
==================== Find3M ====================
.
2011-07-17 09:06:57 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-06-22 18:42:16 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-05-29 14:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:26:43.96 ===============

**** I am waiting until we are done to uninstall Hitman so nothing gets changed *****
EDIT:
**** While I'm running MalwareBytes its finding things that it didn't previously. Not quite sure why, I have removed them*****
 

Attachments

  • Attach.zip
    2.6 KB · Views: 1
  • gmer.log
    298 bytes · Views: 1
  • mbam-log-2011-07-26 (15-45-59).txt
    1.8 KB · Views: 1
1. I don't see an antivirus program on the system. Please put one of these on the system now:
Avira-AntiVir-Personal-Free-Antivirus
Avast-Free Antivirus

2. Did you miss this?
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.


Don't let the log named Attach.txt from DDS fool you. It must be pasted in and not zipped.
========================================
3. Please remove Hitman Pro now.
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/16/2010 11:10:59 AM
System Uptime: 7/23/2011 11:48:58 PM (64 hours ago)
.
Motherboard: Gateway | | SJV50TR
Processor: AMD Athlon(tm) II Dual-Core M300 | Socket S1G3 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 335.169 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP46: 7/7/2011 5:42:58 AM - Scheduled Checkpoint
RP47: 7/15/2011 4:23:49 PM - Scheduled Checkpoint
RP48: 7/23/2011 4:01:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
AirPort
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Ares 2.1.0
Backup Manager Basic
Business Plan Pro 15th Anniversary Edition
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.0.12.327
Dropbox
FeedDemon
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.8.0.723
Identity Card
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.18)
MSVCRT
NetTools 5.0
NeuLion Adaptive Plugin
QuickTime
Realtek USB 2.0 Card Reader
Skype™ 4.2
Spybot - Search & Destroy
TeamSpeak 3 Client
TeamViewer 5
TeamViewer 6
UltraISO Premium V9.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Word 2007 (KB974631)
Video Web Camera
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinPcap 3.0
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
7/26/2011 1:45:55 PM, Error: atikmdag [43029] - Display is not active
7/24/2011 6:14:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
7/24/2011 3:14:55 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
7/23/2011 11:25:30 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/23/2011 11:23:03 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/23/2011 11:22:53 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2011 4:06:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
7/19/2011 4:05:06 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2011 4:04:54 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/19/2011 4:04:25 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/19/2011 4:04:25 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
7/19/2011 4:04:25 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/19/2011 4:04:25 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/19/2011 4:03:09 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2011 4:02:59 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2011 4:02:54 PM, Error: Service Control Manager [7034] - The Updater Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2011 4:02:48 PM, Error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s).
7/19/2011 4:02:45 PM, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================




MalwareBytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4447

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/18/2010 9:31:24 PM
mbam-log-2010-08-18 (21-31-24).txt

Scan type: Quick scan
Objects scanned: 131134
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xemrapxhhury (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hpeqtkgiwfp (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\procohidimenip (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\levcbgol (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\$NtUninstallWTF1012$ (Adware.EZLife) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\SysWOW64\ovxopfahmysnez.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\xmypncox.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\cihvetptt\kmosocytssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\cmaii.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Windows\System32\cmaii.dll (Adware.AdShot) -> Quarantined and deleted successfully.
C:\Windows\System32\ovxopfahmysnez.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Windows\System32\umaii.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\xemrapxhhury.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Austin\AppData\Local\Temp\dssknt.exe (Virus.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\$NtUninstallWTF1012$\elUninstall.exe (Adware.EZLife) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\ProgramData\Update\seupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-26 15:40:41
Windows 6.1.7600
Running: 06jnne7k.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Austin\AppData\Local\Mozilla\Firefox\Profiles\02gy5ajk.default\Cache\3082967Bd01 9338880 bytes

---- EOF - GMER 1.0.15 ----


***Uninstalled Hitman Pro and installed Avira****
***I didn't see your private message saying 2 days, and I had thought it was a day, not 2. Sorry for the message.****
 
Repeating FYI:
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
If would be appreciated if you read all instructions carefully> including this in Malwarebytes:
* When the scan is complete, click OK, then Show Results to view the results.
[*] Be sure that everything is checked, and click Remove Selected.[/QUOTE

The entries found in Mbam all say No Action Taken. Please update Mbam, run the scan again and follow the above.

It take time to go over these points. You sent me a PM because you were anxious for me to check the logs. "Re-instructing" someone takes time away from helping others.
======================================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=================================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
Logs in next repy please. It is not necessary to send PM to notify me that your logs are up. I am subscribed to the thread.
Click to expand...
 
ComboFix 11-07-29.03 - Austin 07/30/2011 1:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2196 [GMT -5:00]
Running from: c:\users\Austin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dns_lookup.tmp
C:\Install.exe
c:\programdata\5162qny2ob203v1p2ryg257h14
c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}
c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome.manifest
c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome\content\_cfg.js
c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome\content\overlay.xul
c:\users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\install.rdf
c:\users\Austin\AppData\Local\5162qny2ob203v1p2ryg257h14
c:\users\Austin\AppData\Roaming\inst.exe
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Templates\5162qny2ob203v1p2ryg257h14
c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}
c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome.manifest
c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome\xulcache.jar
c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\defaults\preferences\xulcache.js
c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\install.rdf
c:\users\Austin\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 06:30 . 2011-07-30 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-28 07:54 . 2011-07-28 07:54 -------- d-----w- c:\programdata\AVS4YOU
2011-07-28 07:54 . 2011-07-28 07:54 -------- d-----w- c:\users\Austin\AppData\Roaming\AVS4YOU
2011-07-28 07:48 . 2011-07-28 08:01 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2011-07-28 07:47 . 2011-06-23 18:26 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-07-27 22:55 . 2011-07-27 22:55 -------- d-----w- c:\users\Austin\AppData\Roaming\Avira
2011-07-27 22:50 . 2011-07-28 22:54 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-27 22:50 . 2011-07-28 22:54 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-27 22:50 . 2011-07-27 22:50 -------- d-----w- c:\programdata\Avira
2011-07-27 22:50 . 2011-07-27 22:50 -------- d-----w- c:\program files (x86)\Avira
2011-07-26 17:44 . 2011-07-28 08:05 -------- d-----w- c:\program files (x86)\Citrix
2011-07-26 15:56 . 2011-07-26 15:56 -------- d-----w- c:\program files\CCleaner
2011-07-15 18:19 . 2011-07-24 04:25 -------- d-----r- c:\users\Austin\Dropbox
2011-07-15 18:17 . 2011-07-24 04:26 -------- d-----w- c:\users\Austin\AppData\Roaming\Dropbox
2011-07-01 16:10 . 2011-07-01 16:10 -------- d-----w- c:\users\Austin\AppData\Local\FeedDemon
2011-07-01 16:10 . 2011-07-01 16:10 -------- d-----w- c:\program files (x86)\FeedDemon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 09:06 . 2010-09-27 04:42 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-07 00:52 . 2010-08-19 02:23 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-08-19 02:23 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 18:25 . 2010-03-08 16:36 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-06-22 18:43 . 2011-06-22 18:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-22 18:43 . 2011-06-22 18:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-22 18:43 . 2011-06-22 18:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-22 18:43 . 2011-06-22 18:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-22 18:43 . 2011-06-22 18:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-22 18:43 . 2011-06-22 18:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-22 18:43 . 2011-06-22 18:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-22 18:43 . 2011-06-22 18:43 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-22 18:43 . 2011-06-22 18:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-22 18:43 . 2011-06-22 18:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-22 18:43 . 2011-06-22 18:43 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-06-22 18:43 . 2011-06-22 18:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-22 18:43 . 2011-06-22 18:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-22 18:43 . 2011-06-22 18:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-22 18:43 . 2011-06-22 18:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-22 18:43 . 2011-06-22 18:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-22 18:43 . 2011-06-22 18:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-22 18:43 . 2011-06-22 18:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-22 18:43 . 2011-06-22 18:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-22 18:43 . 2011-06-22 18:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-22 18:43 . 2011-06-22 18:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-22 18:43 . 2011-06-22 18:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-22 18:43 . 2011-06-22 18:43 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-22 18:43 . 2011-06-22 18:43 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-22 18:43 . 2011-06-22 18:43 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-22 18:43 . 2011-06-22 18:43 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-22 18:43 . 2011-06-22 18:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-22 18:43 . 2011-06-22 18:43 448512 ----a-w- c:\windows\system32\html.iec
2011-06-22 18:43 . 2011-06-22 18:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-22 18:43 . 2011-06-22 18:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-22 18:43 . 2011-06-22 18:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-22 18:43 . 2011-06-22 18:43 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-06-22 18:43 . 2011-06-22 18:43 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-22 18:43 . 2011-06-22 18:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-22 18:43 . 2011-06-22 18:43 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-22 18:43 . 2011-06-22 18:43 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-22 18:43 . 2011-06-22 18:43 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-22 18:43 . 2011-06-22 18:43 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-22 18:43 . 2011-06-22 18:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-22 18:43 . 2011-06-22 18:43 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-22 18:43 . 2011-06-22 18:43 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-22 18:43 . 2011-06-22 18:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-22 18:42 . 2011-06-22 18:42 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-06-22 18:42 . 2011-06-22 18:42 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-06-22 18:42 . 2011-06-22 18:42 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-06-22 18:42 . 2011-06-22 18:42 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-22 18:42 . 2011-06-22 18:42 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-06-22 18:42 . 2011-06-22 18:42 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-06-22 18:42 . 2011-06-22 18:42 4068864 ----a-w- c:\windows\system32\mf.dll
2011-06-22 18:42 . 2011-06-22 18:42 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-22 18:42 . 2011-06-22 18:42 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-06-22 18:42 . 2011-06-22 18:42 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-06-22 18:42 . 2011-06-22 18:42 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-06-22 18:42 . 2011-06-22 18:42 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-06-22 18:42 . 2011-06-22 18:42 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-06-22 18:42 . 2011-06-22 18:42 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-06-22 18:42 . 2011-06-22 18:42 206848 ----a-w- c:\windows\system32\mfps.dll
2011-06-22 18:42 . 2011-06-22 18:42 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-22 18:42 . 2011-06-22 18:42 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-06-22 18:42 . 2011-06-22 18:42 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-06-22 18:42 . 2011-06-22 18:42 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-06-22 18:42 . 2011-06-22 18:42 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-22 18:42 . 2011-06-22 18:42 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-06-22 18:42 . 2011-06-22 18:42 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-22 18:42 . 2011-06-22 18:42 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-06-22 18:42 . 2011-06-22 18:42 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-06-22 18:42 . 2011-06-22 18:42 144384 ----a-w- c:\windows\system32\cdd.dll
2011-06-22 18:42 . 2011-06-22 18:42 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-06-22 18:42 . 2011-06-22 18:42 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-06-22 18:42 . 2011-06-22 18:42 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-06-22 18:42 . 2011-06-22 18:42 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Austin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
.
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 72196045
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - RMCAST
*Deregistered* - 72196045
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 02:27]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 02:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-16 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-Safe Run Start - c:\windows\SysWOW64\saferun.exe
Toolbar-Locked - (no file)
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a9,f2,32,33,14,38,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-30 01:33:25
ComboFix-quarantined-files.txt 2011-07-30 06:33
.
Pre-Run: 355,777,380,352 bytes free
Post-Run: 355,650,691,072 bytes free
.
- - End Of File - - DD2E37DB882796E1C3D55537D3C6C735





====================================================
ESET
C:\ProgramData\Spybot - Search & Destroy\Recovery\AdRotator8.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan
C:\Qoobox\Quarantine\C\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\AdRotator8.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm
C:\Users\Austin\Dragon Naturally Speaking V10 Preferred.rar a variant of Win32/Keygen.AG application
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\3a9c5000-4474acaf a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-14262a4e Java/Exploit.CVE-2010-4452.A trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6add3540-1078a65a multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-3063e418 multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-4cf06321 multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\25b8b8f-15cd60df multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3084712-79d03a0f multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\455b1452-1df4e952 a variant of Win32/Kryptik.LAE trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\49e473d2-441964e8 a variant of Win32/Injector.GIB trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-32f1e3f2 multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\50c80b59-7f38132b multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\f4dfdd-30e8ddbd multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-6fdb229d multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-15cdc859 a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-50c319ea a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3630b029-17726db1 multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\752509ab-5a615bec a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\32e44eaf-52bee64b probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\37cf23b0-51fbdb5d a variant of Win32/Kryptik.LAE trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5461bbba-21276d1e Java/TrojanDownloader.Agent.NCM trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\686c0d7c-7ad57c57 multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-44e00e17 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-51655cd9 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2f19163f-2a72b692 multiple threats
C:\Users\Austin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\bfacb09-6e1834fc multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\ggbrzx[1].htm Win32/Adware.SpywareProtect2009 application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\id2[1].htm multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\iss22[1].exe Win32/TrojanDownloader.Small.OVG trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\jwrlgbvd[1].htm a variant of Win32/Kryptik.GXW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\spsf12[1].exe a variant of Win32/Injector.CDG trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT8WHFS0\ggbrzx[1].htm Win32/Adware.SpywareProtect2009 application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT8WHFS0\gkbjdlwqlt[1].htm a variant of Win32/Cimag.CQ trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\kksahc[1].htm Win32/TrojanDownloader.Small.OTT trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\nss32[1].exe Win32/TrojanDownloader.FakeAlert.AQI trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\wzdytaicxe[1].htm probably a variant of Win32/Agent.CPURUFH trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\dms419[1].exe a variant of Win32/Injector.CDG trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\dst213[1].exe a variant of Win32/Olmarik.AFR trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\gkbjdlwqlt[1].htm a variant of Win32/Cimag.CQ trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\jjaiqxsq[1].htm a variant of Win32/Kryptik.EZZ trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\kksaupwr[1].htm a variant of Win32/Kryptik.FAT trojan
C:\Windows\System32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\ggbrzx[1].htm Win32/Adware.SpywareProtect2009 application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\id2[1].htm multiple threats
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\iss22[1].exe Win32/TrojanDownloader.Small.OVG trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\jwrlgbvd[1].htm a variant of Win32/Kryptik.GXW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFI6OWG\spsf12[1].exe a variant of Win32/Injector.CDG trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT8WHFS0\ggbrzx[1].htm Win32/Adware.SpywareProtect2009 application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT8WHFS0\gkbjdlwqlt[1].htm a variant of Win32/Cimag.CQ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\kksahc[1].htm Win32/TrojanDownloader.Small.OTT trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\nss32[1].exe Win32/TrojanDownloader.FakeAlert.AQI trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTF1F5ZG\wzdytaicxe[1].htm probably a variant of Win32/Agent.CPURUFH trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\dms419[1].exe a variant of Win32/Injector.CDG trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\dst213[1].exe a variant of Win32/Olmarik.AFR trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\gkbjdlwqlt[1].htm a variant of Win32/Cimag.CQ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\jjaiqxsq[1].htm a variant of Win32/Kryptik.EZZ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL8CZ26P\kksaupwr[1].htm a variant of Win32/Kryptik.FAT trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan
 
Okay then- let's work on the Eset entries. Many are in the Java cache. I am seeing this frequently now and all systems with these multiple Java cache entries have outdated Java on their systems. You have Java(TM) 6 Update 20. The current is v6u26. This is a vulnerability. So we'll clean the cache, then you will update Java:
  1. . Click Start > Control Panel.
  2. . Double-click the Java icon
    java.png
    in the cControl Panel.
  3. . Click Settings under Temporary Internet Files.
    http://www.java.com/en/img/download/5000020303.jpg[/b]
    There are three options on this window to clear the cache.(Version dependent)
    [o]. Delete Files
    [o]. View Applications
    [o]. View Applets
    [*]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [*]. Click OK on Temporary Files Settings window. [/list]
    ==========================================
    [B]Please update Java[/B]: [url=https://www.techspot.com/downloads/6463-java-se.html][b][color=blue]Java Updates[/b][/color][/url] [B]Uninstall any earlier versions in Add/Remove Programs [/B]
    [b]Note: Uncheck 'Install Yahoo Toolbar' on the download screen [u]before[/u] you do the update.[/b]
    =========================================

    Please download [url=http://oldtimer.geekstogo.com/OTM.exe][b][color=blue]OTMovit by Old Timer[/b][/color][/url] and save to your desktop.
    [list]
    [*] Double-click [b]OTMoveIt3.exe[/b] to run it. (Vista users, please right click on [b]OTMoveit3.exe[/b] and select "Run as an [b]Administrator[/b]")
    [*][b]Copy the file paths below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):
    [CODE]
    :Files
    C:\Users\Austin\Dragon Naturally Speaking V10 Preferred.rar
    C:\ProgramData\Spybot - Search & Destroy\Recovery\AdRotator8.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\AdRotator8.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot][/CODE]
    [*] Return to OTMoveIt3, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window and choose [b]Paste[/b].
    [*]Click the red [b]Moveit![/b] button.
    [*]A log of files and folders moved will be created in the [b]c:\_OTMoveIt\MovedFiles[/b] folder in the form of Date and Time ([b]mmddyyyy_hhmmss.log[/b]). Please open this log in Notepad and post its contents in your next reply.
    [*]Close [b]OTMoveIt3[/b]
    [/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b]
    ===================================================
    [B]The following was pirated. Please remove it from your system.[/B]
    C:\Users\Austin\Dragon Naturally Speaking V10 Preferred.rar a variant of Win32/[B]Keygen.[/B]AG application
    ===================================================
    [b]When you have finished with all of the above, please reboot, then rescan with Eset to make sure the quarantined Spybot entrie and all of the infeted temporary internet files are removed.[/b]

    [B]You will leave 2 logs:[/B]
    1. OTM log
    2. New Eset scan log.

    [B][U][COLOR="Red"]A comment: All those program you ran found nothing![/COLOR][/U][/B]
    ===============================================
    Please reset the Cookies on each account as follows:
    [b]Reset Cookies[/b]

    [b]For Internet Explorer:[/b] Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'>[b] CHECK 'accept[/b] first party Cookies'>[b] CHECK 'Block[/b] third party Cookies'> [b]CHECK 'allow[/b] per session Cookies'> Apply> OK.

    [b]For Firefox:[/b] Tools> Options> Privacy> Cookies> [b]CHECK ‘accept[/b] Cookies from Sites’> [b]UNCHECK 'accept[/b] third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    [B]I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:[/B]
    [url=https://addons.mozilla.org/en-US/firefox/addon/1865][b][color=blue]AdBlock Plus[/b][/color][/url]
    [url=http://easylist.adblockplus.org/][b][color=blue]Easy List[/b][/color][/url]

    [b]For Chrome:[/b] Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
 
OTM

All processes killed
========== FILES ==========
File/Folder C:\Users\Austin\Dragon Naturally Speaking V10 Preferred.rar not found.
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\AdRotator8.zip not found.
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\AdRotator8.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Austin
->Temp folder emptied: 327976 bytes
->Temporary Internet Files folder emptied: 2818182 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 68514355 bytes
->Flash cache emptied: 2920 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50601 bytes
RecycleBin emptied: 5076831 bytes

Total Files Cleaned = 73.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 08012011_000443

Files moved on Reboot...
C:\Users\Austin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



ESET

C:\Qoobox\Quarantine\C\Users\Austin\AppData\Local\{0B84D067-4F89-45D3-9EF7-205454709767}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan
C:\Qoobox\Quarantine\C\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Windows\System32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan
C:\_OTM\MovedFiles\07312011_235613\C_Users\Austin\Dragon Naturally Speaking V10 Preferred.rar a variant of Win32/Keygen.AG application



===============
I removed the Dragon Naturally Speaking, since OTM moved it, I thought it was deleted but saw it still wasn't after running ESET so I went and found it and deleted it completely.
 
There is still have a security leak somewhere. Most of the Eset entries are in the Qoobox. That's where Combofix puts the quarantined files. They are not active in the system and will be removed when I have you uninstall Combofix:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files  
C:\Windows\System32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
------------------------------
Please have a look HERE about the overlay.xul addon. I've never used this addon and am not familiat with it's settings.
This appears to be the addon in Firefox: FF - Ext: XUL Cache: {d1f25624-e58f-4811-a96c-0c89d0436750} - %profile%\extensions\{d1f25624-e58f-4811-a96c-0c89d0436750}
=========================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\system32\drivers\hitmanpro35.sys
DDS::
BHO: {140d1708-3d25-46bc-8aca-b35f2b6b2cb3} - C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please update Java if you haven't done it already: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.

You also need to remove Java v6u20 from Firefox.
=================================================
Have the redirects been resolved?
 
All processes killed
========== FILES ==========
C:\Windows\System32\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul moved successfully.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{A4DC2456-3039-49BE-B5B3-33C4D2FCBAA3}\chrome\content\overlay.xul not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Austin
->Temp folder emptied: 439870 bytes
->Temporary Internet Files folder emptied: 239306 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92913698 bytes
->Flash cache emptied: 1019 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 89.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 08052011_133601

Files moved on Reboot...
C:\Users\Austin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


COMBOFIX

ComboFix 11-08-05.01 - Austin 08/05/2011 13:55:47.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2746 [GMT -5:00]
Running from: c:\users\Austin\Desktop\ComboFix.exe
Command switches used :: c:\users\Austin\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\hitmanpro35.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\hitmanpro35.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 19:02 . 2011-08-05 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-01 04:56 . 2011-08-01 04:56 -------- d-----w- C:\_OTM
2011-08-01 04:54 . 2011-08-01 04:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-30 06:37 . 2011-07-30 06:37 -------- d-----w- c:\program files (x86)\ESET
2011-07-28 07:54 . 2011-07-28 07:54 -------- d-----w- c:\programdata\AVS4YOU
2011-07-28 07:54 . 2011-07-28 07:54 -------- d-----w- c:\users\Austin\AppData\Roaming\AVS4YOU
2011-07-28 07:48 . 2011-07-28 08:01 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2011-07-28 07:47 . 2011-06-23 18:26 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-07-27 22:55 . 2011-07-27 22:55 -------- d-----w- c:\users\Austin\AppData\Roaming\Avira
2011-07-27 22:50 . 2011-07-28 22:54 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-27 22:50 . 2011-07-28 22:54 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-27 22:50 . 2011-07-27 22:50 -------- d-----w- c:\programdata\Avira
2011-07-27 22:50 . 2011-07-27 22:50 -------- d-----w- c:\program files (x86)\Avira
2011-07-26 17:44 . 2011-07-28 08:05 -------- d-----w- c:\program files (x86)\Citrix
2011-07-26 15:56 . 2011-07-26 15:56 -------- d-----w- c:\program files\CCleaner
2011-07-15 18:19 . 2011-08-05 18:38 -------- d-----r- c:\users\Austin\Dropbox
2011-07-15 18:17 . 2011-08-05 18:38 -------- d-----w- c:\users\Austin\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:52 . 2010-08-19 02:23 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-08-19 02:23 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 18:25 . 2010-03-08 16:36 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-06-22 18:43 . 2011-06-22 18:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-22 18:43 . 2011-06-22 18:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-22 18:43 . 2011-06-22 18:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-22 18:43 . 2011-06-22 18:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-22 18:43 . 2011-06-22 18:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-22 18:43 . 2011-06-22 18:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-22 18:43 . 2011-06-22 18:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-22 18:43 . 2011-06-22 18:43 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-22 18:43 . 2011-06-22 18:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-22 18:43 . 2011-06-22 18:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-22 18:43 . 2011-06-22 18:43 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-06-22 18:43 . 2011-06-22 18:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-22 18:43 . 2011-06-22 18:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-22 18:43 . 2011-06-22 18:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-22 18:43 . 2011-06-22 18:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-22 18:43 . 2011-06-22 18:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-22 18:43 . 2011-06-22 18:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-22 18:43 . 2011-06-22 18:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-22 18:43 . 2011-06-22 18:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-22 18:43 . 2011-06-22 18:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-22 18:43 . 2011-06-22 18:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-22 18:43 . 2011-06-22 18:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-22 18:43 . 2011-06-22 18:43 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-22 18:43 . 2011-06-22 18:43 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-22 18:43 . 2011-06-22 18:43 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-22 18:43 . 2011-06-22 18:43 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-22 18:43 . 2011-06-22 18:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-22 18:43 . 2011-06-22 18:43 448512 ----a-w- c:\windows\system32\html.iec
2011-06-22 18:43 . 2011-06-22 18:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-22 18:43 . 2011-06-22 18:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-22 18:43 . 2011-06-22 18:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-22 18:43 . 2011-06-22 18:43 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-06-22 18:43 . 2011-06-22 18:43 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-22 18:43 . 2011-06-22 18:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-22 18:43 . 2011-06-22 18:43 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-22 18:43 . 2011-06-22 18:43 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-22 18:43 . 2011-06-22 18:43 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-22 18:43 . 2011-06-22 18:43 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-22 18:43 . 2011-06-22 18:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-22 18:43 . 2011-06-22 18:43 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-22 18:43 . 2011-06-22 18:43 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-22 18:43 . 2011-06-22 18:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-22 18:42 . 2011-06-22 18:42 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-06-22 18:42 . 2011-06-22 18:42 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-06-22 18:42 . 2011-06-22 18:42 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-06-22 18:42 . 2011-06-22 18:42 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-22 18:42 . 2011-06-22 18:42 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-06-22 18:42 . 2011-06-22 18:42 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-06-22 18:42 . 2011-06-22 18:42 4068864 ----a-w- c:\windows\system32\mf.dll
2011-06-22 18:42 . 2011-06-22 18:42 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-22 18:42 . 2011-06-22 18:42 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-06-22 18:42 . 2011-06-22 18:42 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-06-22 18:42 . 2011-06-22 18:42 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-06-22 18:42 . 2011-06-22 18:42 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-06-22 18:42 . 2011-06-22 18:42 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-06-22 18:42 . 2011-06-22 18:42 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-06-22 18:42 . 2011-06-22 18:42 206848 ----a-w- c:\windows\system32\mfps.dll
2011-06-22 18:42 . 2011-06-22 18:42 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-22 18:42 . 2011-06-22 18:42 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-06-22 18:42 . 2011-06-22 18:42 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-06-22 18:42 . 2011-06-22 18:42 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-06-22 18:42 . 2011-06-22 18:42 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-22 18:42 . 2011-06-22 18:42 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-06-22 18:42 . 2011-06-22 18:42 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-22 18:42 . 2011-06-22 18:42 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-06-22 18:42 . 2011-06-22 18:42 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-06-22 18:42 . 2011-06-22 18:42 144384 ----a-w- c:\windows\system32\cdd.dll
2011-06-22 18:42 . 2011-06-22 18:42 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-06-22 18:42 . 2011-06-22 18:42 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-06-22 18:42 . 2011-06-22 18:42 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-06-22 18:42 . 2011-06-22 18:42 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-30_06.30.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-27 04:33 . 2011-07-29 22:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-09-27 04:33 . 2011-08-04 18:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2011-08-04 18:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-29 22:54 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-29 22:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-04 18:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-29 20:15 . 2011-08-01 05:08 24838 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-05 18:39 39058 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-08 16:28 . 2011-07-27 08:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-08 16:28 . 2011-08-03 06:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-03 06:33 . 2011-08-03 06:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-08 16:28 . 2011-07-27 08:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-27 08:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-03 06:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-23 01:48 . 2011-07-01 17:27 27796 c:\windows\system32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin
+ 2011-05-23 01:48 . 2011-08-03 06:34 27796 c:\windows\system32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin
- 2009-07-14 04:46 . 2011-07-14 17:40 80736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-08-01 05:14 80736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-08-01 07:55 . 2011-08-01 07:55 25088 c:\windows\Installer\9ba108.msi
+ 2010-06-16 02:13 . 2011-08-05 18:39 7910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-399312784-4078098850-4138850989-1000_UserData.bin
+ 2011-08-05 18:37 . 2011-08-05 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-22 18:54 . 2011-07-24 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-05 18:37 . 2011-08-05 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-22 18:54 . 2011-07-24 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-01 04:54 . 2011-05-04 09:52 157472 c:\windows\SysWOW64\javaws.exe
- 2010-07-02 20:08 . 2010-07-02 20:08 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-08-01 04:54 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\javaw.exe
- 2010-07-02 20:08 . 2010-07-02 20:08 145184 c:\windows\SysWOW64\java.exe
+ 2011-08-01 04:54 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\java.exe
+ 2010-07-02 20:08 . 2011-05-04 09:52 472808 c:\windows\SysWOW64\deployJava1.dll
+ 2009-07-14 04:54 . 2011-08-04 18:58 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-29 22:54 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-16 14:44 . 2011-08-04 23:07 285730 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-08-05 18:41 618264 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-28 15:51 618264 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-28 15:51 104546 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-08-05 18:41 104546 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2011-08-01 04:58 426200 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:12 . 2011-08-03 06:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-07-26 13:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-05-23 01:48 . 2011-08-03 06:34 111240 c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2009-07-14 05:01 . 2011-08-05 18:36 391916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-05 18:36 . 2011-08-05 18:36 391916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-399312784-4078098850-4138850989-1000-12288.dat
+ 2011-08-01 04:54 . 2011-08-01 04:54 207360 c:\windows\Installer\294ceeff.msi
+ 2009-07-14 02:34 . 2011-08-01 08:15 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-07-28 07:47 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 04:45 . 2011-08-01 05:02 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-06-22 18:56 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Austin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 02:27]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 02:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Austin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-16 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6c6l0420z105a44k1x518
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\02gy5ajk.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a9,f2,32,33,14,38,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-05 14:04:35
ComboFix-quarantined-files.txt 2011-08-05 19:04
ComboFix2.txt 2011-07-30 06:33
.
Pre-Run: 353,627,152,384 bytes free
Post-Run: 353,564,430,336 bytes free
.
- - End Of File - - 4D5D8ED9D9AE39BF42A2BA5F397DC459





====================================
I got 2 errors and screenshotted them both, would you like me to upload them?
 
Please give me an update on how the system is running now. Has the redirect been resolved?

What were you trying to do when you got the errors? Don't need screen shot if you can tell me simply what they said.
 
You're welcome! Since the problem has been resolved>>

Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
 
Status
Not open for further replies.

Similar threads

R
Inactive MWB blocking 2 Outbound IPs--88.214.193.212 and 185.48.58.8
Replies
9
Views
3K
Broni
Broni
H
Solved Virus and Malwarebytes access denied
2
Replies
28
Views
27K
Broni
Broni
T
Solved Google redirect virus - Mozilla Firefox
2
Replies
30
Views
8K
Broni
Broni

Latest posts

Back