Inactive Google redirection

[crunchie]

Are you still being redirected?

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan​

• Trend Micro HouseCall​

• F-Secure Online Virus Scanner​

 

[Darbon]

I'm not able to open any of those in internet explorer. It brings up an error about WerFault.exe blah blah blah Click OK to terminate.

I'm also not able to do windows updates and i get error messages up every 5 or so minutes informing me that WerFault has encountered a problem.

 

[crunchie]

Are you still being redirected?

If so, Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

[Darbon]

I am still being re-directed whenever i now search on google.

I will follow your instructions and get back to you.

Thanks for your replies.

 

[Darbon]

ComboFix doesn't work for me.

I opened it and it got to the Terms and Agreement, i pressed 'YES' to accept to them and nothing happened, i re-opened it and it didn't even make it to the Terms and Agreements screen?

Thanks.

 

[crunchie]

Can you have a go in safe mode please.

 

[Darbon]

I will do, thanks will let you know how it goes.

 

[crunchie]

Also (thanks to Bobbye) try the solution here http://forum.notebookreview.com/windows-os-software/265458-werfault-exe-how-disable.html for the werfault messages

 

[Darbon]

Thanks for the link, but i think ComboFix has fixed that problem. Please note that although it says SUPERAntiSpyware.exe was enabled but i uninstalled it before it ComboFix was run, i'm about to re-install it.

Thanks.

The log will be in the next post.

 

[Darbon]

ComboFix 10-08-18.04 - Alex 20/08/2010 0:00.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2814.1784 [GMT 1:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Alex\AppData\Local\Windows Server
c:\users\Alex\AppData\Local\Windows Server\server.dat
c:\users\Alex\AppData\Roaming\IconPackager.exe

Infected copy of c:\windows\system32\drivers\ksecpkg.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-19 22:51 . 2010-08-19 22:54 -------- d-----w- C:\32788R22FWJFW
2010-08-19 20:04 . 2010-08-19 20:04 -------- d-----w- c:\users\Alex\AppData\Roaming\Avira
2010-08-19 19:56 . 2010-03-01 09:04 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-19 19:56 . 2010-02-18 09:51 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-08-19 19:56 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-19 19:56 . 2010-02-15 14:23 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-08-19 19:56 . 2009-05-11 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-19 19:56 . 2009-05-11 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-19 19:56 . 2010-08-19 19:56 -------- d-----w- c:\programdata\Avira
2010-08-19 19:56 . 2010-08-19 19:56 -------- d-----w- c:\program files\Avira
2010-08-18 18:28 . 2010-08-18 18:28 -------- d-----w- C:\_OTL
2010-08-17 09:09 . 2010-08-17 09:11 -------- d-----w- c:\programdata\COMODO
2010-08-17 09:06 . 2010-08-17 09:06 -------- d-----w- c:\program files\iPod
2010-08-17 09:02 . 2010-08-17 09:02 -------- d-----w- c:\program files\QuickTime
2010-08-17 09:01 . 2010-08-17 09:01 -------- d-----w- c:\program files\Apple Software Update
2010-08-17 08:58 . 2010-08-17 08:58 -------- d-----w- c:\program files\COMODO
2010-08-17 08:57 . 2010-08-17 08:57 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-17 08:53 . 2010-08-17 08:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-17 08:49 . 2010-08-17 08:49 -------- d-----w- c:\program files\Common Files\Java
2010-08-17 08:49 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-16 00:49 . 2010-08-16 00:50 -------- d-----w- c:\windows\W7SBC
2010-08-16 00:49 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2010-08-16 00:49 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2010-08-16 00:49 . 2009-10-31 05:45 2131456 ----a-w- c:\windows\explorer.exe
2010-08-16 00:37 . 2010-08-16 00:38 -------- dc-h--w- c:\programdata\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
2010-08-16 00:12 . 2009-07-14 01:15 1495040 ----a-w- c:\windows\system32\ExplorerFrame - Copy.dll
2010-08-15 23:51 . 2010-07-21 22:04 1495552 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-08-15 21:09 . 2010-08-15 21:09 0 ----a-w- c:\users\Alex\jagex__preferences3.dat
2010-08-15 21:09 . 2010-08-15 21:40 99 ----a-w- c:\users\Alex\jagex_runescape_preferences2.dat
2010-08-15 20:59 . 2010-08-15 20:59 -------- d-----w- C:\.jagex_cache_32
2010-08-15 20:33 . 2010-08-15 20:37 -------- d-----w- C:\ProjectGamma1
2010-08-15 19:51 . 2010-08-15 19:51 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2010-08-15 19:51 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 19:51 . 2010-08-15 19:51 -------- d-----w- c:\programdata\Malwarebytes
2010-08-15 19:51 . 2010-08-15 19:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 19:51 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 18:45 . 2010-08-15 19:44 -------- d-----w- c:\programdata\Alwil Software
2010-08-15 18:45 . 2010-08-15 18:45 -------- d-----w- c:\program files\Alwil Software
2010-08-15 15:53 . 2010-08-15 15:57 -------- d-----w- C:\.Menacescape_file_store_32
2010-08-15 12:34 . 2010-08-15 12:34 -------- d-----w- c:\program files\VirtualDJ
2010-08-15 03:21 . 2010-08-15 03:21 -------- d-----w- c:\windows\Sound
2010-08-14 21:45 . 2010-08-14 21:50 -------- d-----w- c:\users\Alex\AppData\Roaming\Screenshot Sender
2010-08-14 19:22 . 2010-08-14 19:22 -------- d-----w- c:\users\Alex\AppData\Local\WMTools Downloaded Files
2010-08-14 14:16 . 2010-08-14 14:16 -------- d-----w- C:\ijji
2010-08-14 14:13 . 2010-08-14 14:13 -------- d-----w- c:\program files\ijji
2010-08-12 22:51 . 2010-08-15 21:11 46 ----a-w- c:\users\Alex\jagex_runescape_preferences.dat
2010-08-12 03:35 . 2010-08-12 21:38 -------- d-----w- c:\program files\CLE
2010-08-11 23:27 . 2010-08-12 21:45 -------- d-----w- c:\users\Alex\AppData\Roaming\Tor
2010-08-11 21:45 . 2010-08-11 21:45 -------- d-----w- c:\programdata\Uniblue
2010-08-11 21:43 . 2010-08-11 21:44 8258496 ----a-w- c:\users\Alex\AppData\Roaming\uniblue\DriverScanner\LatestUpdate.exe
2010-08-11 21:29 . 2008-10-26 04:55 2567159 -c--a-w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
2010-08-11 21:29 . 2008-08-26 16:48 99624 -c--a-w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2010-08-11 21:29 . 2008-08-26 16:48 757760 -c--a-w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2010-08-11 21:29 . 2008-08-26 16:48 6676480 -c--a-w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2010-08-11 21:29 . 2008-08-26 16:48 497496 -c--a-w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2010-08-11 21:29 . 2008-08-26 16:48 413696 -c--a-w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\52CD59C9\6383BC9B\update.dll
2010-08-11 21:29 . 2008-08-26 16:48 2019624 -c--a-w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2010-08-11 21:29 . 2008-08-26 16:48 111912 -c--a-w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2010-08-11 21:29 . 2010-08-17 20:48 -------- dc-h--w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2010-08-10 19:30 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-09 15:54 . 2010-08-12 21:50 -------- d-----w- c:\program files\AC Tool
2010-08-09 14:59 . 2010-08-12 21:40 -------- d-----w- c:\program files\UltraVPN
2010-08-09 14:52 . 2010-08-11 20:52 -------- d-----w- C:\Nsi.pending
2010-08-09 14:52 . 2010-06-08 10:28 52224 ----a-w- c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wfnmfo78.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-08-09 14:52 . 2010-06-08 10:28 101376 ----a-w- c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wfnmfo78.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-08-09 14:10 . 2010-08-09 14:10 -------- d-----w- c:\program files\S.A.D
2010-08-09 13:31 . 2010-08-11 23:27 -------- d-----w- c:\program files\Vidalia Bundle
2010-08-07 19:36 . 2010-08-07 19:36 -------- d-----w- c:\users\Alex\AppData\Local\Netrex_Foundation
2010-08-07 19:36 . 2010-08-07 19:36 -------- d-----w- c:\users\Alex\AppData\Local\Geckofx
2010-08-07 15:27 . 2010-08-07 15:27 -------- d-----w- C:\.562_cache_32
2010-08-07 14:16 . 2010-08-07 14:16 -------- d-----w- c:\programdata\Media Center Programs
2010-08-07 14:16 . 2010-08-07 14:31 -------- d-----w- c:\program files\Guild Wars
2010-08-07 12:00 . 2010-08-07 12:00 -------- d-----w- c:\users\Alex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-04 20:28 . 2010-08-15 10:56 -------- d-----w- c:\users\Alex\AppData\Roaming\vlc
2010-08-04 20:26 . 2010-08-04 20:26 -------- d-----w- c:\program files\VideoLAN
2010-08-04 20:21 . 2010-08-04 20:21 -------- d-----w- c:\programdata\Blizzard
2010-08-02 23:57 . 2010-08-02 23:57 -------- d-----w- c:\program files\Microsoft SQL Server
2010-08-02 23:57 . 2010-08-05 21:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-02 23:56 . 2010-08-02 23:56 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-08-02 23:56 . 2010-08-02 23:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-02 23:56 . 2010-08-02 23:57 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2010-08-02 23:54 . 2010-08-02 23:54 -------- d-----w- c:\program files\Microsoft SDKs
2010-08-02 23:54 . 2010-08-02 23:54 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-08-02 23:54 . 2010-08-02 23:57 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-08-02 15:34 . 2010-08-16 00:53 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-02 15:24 . 2010-08-02 15:24 -------- d-----w- c:\program files\Adobe Media Player
2010-08-01 08:14 . 2010-08-01 08:14 -------- d-----w- c:\program files\Bigasoft
2010-08-01 01:39 . 2008-03-29 16:36 106768 ----a-w- c:\windows\system32\dneinobj.dll
2010-08-01 01:39 . 2008-03-29 16:36 125328 ----a-w- c:\windows\system32\drivers\dne2000.sys
2010-08-01 01:38 . 2010-08-01 01:38 -------- d-----w- c:\program files\Cisco Systems
2010-08-01 01:30 . 2010-08-01 01:30 -------- d-----w- c:\users\Alex\AppData\Roaming\Steganos VPN
2010-08-01 01:29 . 2010-08-11 20:52 -------- d-----w- c:\program files\Steganos Internet Anonym VPN
2010-07-31 22:37 . 2010-07-31 22:37 59392 ----a-w- c:\users\Alex\AppData\Roaming\Thinstall\Adobe Dreamweaver CS3\4000008500002i\chrome.exe
2010-07-31 22:37 . 2010-07-31 22:37 59392 ----a-w- c:\users\Alex\AppData\Roaming\Thinstall\Adobe Dreamweaver CS3\10000006a00002i\SearchIndexer.exe
2010-07-21 15:30 . 2010-07-21 15:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 22:08 . 2010-02-24 19:19 -------- d-----w- c:\users\Alex\AppData\Roaming\uTorrent
2010-08-17 23:48 . 2010-07-15 18:51 -------- d-----w- c:\users\Alex\AppData\Roaming\Skype
2010-08-17 23:08 . 2010-07-15 18:52 -------- d-----w- c:\users\Alex\AppData\Roaming\skypePM
2010-08-17 20:16 . 2010-07-11 13:30 -------- d-----w- c:\program files\MP3 WAV WMA Converter
2010-08-17 09:06 . 2010-05-29 13:51 -------- d-----w- c:\program files\iTunes
2010-08-17 09:06 . 2009-12-25 11:47 -------- d-----w- c:\program files\Common Files\Apple
2010-08-17 08:49 . 2009-09-04 09:19 -------- d-----w- c:\program files\Java
2010-08-16 00:45 . 2010-06-17 21:12 20571136 ----a-w- c:\windows\system32\imageres.dll
2010-08-15 23:48 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-08-15 23:47 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-08-15 23:47 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-08-15 20:18 . 2010-07-11 10:54 -------- d-----w- c:\program files\EvilGunZ C8
2010-08-15 18:42 . 2009-12-25 08:51 -------- d-----w- c:\programdata\avg9
2010-08-15 16:38 . 2010-06-05 22:14 -------- d-----w- c:\users\Alex\AppData\Roaming\InstallShield
2010-08-15 16:38 . 2009-09-04 09:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-14 15:41 . 2009-12-25 08:06 98160 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-14 15:14 . 2010-03-02 14:34 220926964 ----a-w- c:\users\Alex\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2010-08-11 21:48 . 2010-08-11 21:28 -------- d-----w- c:\program files\Uniblue
2010-08-11 21:30 . 2010-08-11 21:28 -------- d-----w- c:\users\Alex\AppData\Roaming\uniblue
2010-08-11 21:28 . 2010-08-11 21:28 -------- dc-h--w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-08-10 23:12 . 2009-09-04 09:39 -------- d-----w- c:\program files\Microsoft Works
2010-08-10 23:09 . 2009-09-04 09:41 -------- d-----w- c:\programdata\Microsoft Help
2010-08-02 15:25 . 2009-09-04 09:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-02 15:22 . 2009-09-04 09:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-02 12:40 . 2010-05-19 08:53 -------- d-----w- c:\programdata\FLEXnet
2010-08-02 10:15 . 2009-09-04 09:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-02 10:13 . 2010-07-15 18:50 -------- d-----r- c:\program files\Skype
2010-08-02 10:09 . 2010-02-18 15:45 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-02 10:09 . 2010-02-18 15:45 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-31 23:52 . 2009-12-25 11:09 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-29 06:30 . 2010-08-10 19:29 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-10 19:29 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-16 12:09 . 2010-05-17 08:13 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-16 12:09 . 2010-05-17 08:13 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-15 18:52 . 2010-07-15 18:52 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-15 18:50 . 2010-07-15 18:50 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 18:50 . 2010-07-15 18:50 -------- d-----w- c:\programdata\Skype
2010-07-15 11:55 . 2010-07-15 11:55 -------- d-----w- c:\users\Alex\AppData\Roaming\SharePod
2010-07-15 11:34 . 2010-07-15 11:34 -------- d-----w- c:\users\Alex\AppData\Roaming\Songbird2
2010-07-15 11:29 . 2010-07-15 11:22 -------- d-----w- c:\program files\MediaMonkey
2010-07-14 21:28 . 2010-07-14 21:28 -------- d-----w- c:\program files\Bonjour
2010-07-14 21:16 . 2010-07-14 21:16 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-14 16:44 . 2010-07-14 16:40 -------- d-----w- c:\program files\Freecorder
2010-07-14 16:40 . 2010-07-14 16:40 -------- d-----w- c:\program files\Conduit
2010-07-11 23:34 . 2010-07-11 23:34 -------- d-----w- c:\users\Alex\AppData\Roaming\Creative Software
2010-07-11 23:14 . 2010-07-11 23:14 -------- d-----w- c:\users\Alex\AppData\Roaming\WNR
2010-07-09 16:28 . 2010-07-07 17:38 -------- d-----w- c:\users\Alex\AppData\Roaming\BitComet
2010-07-07 17:35 . 2010-07-07 17:13 -------- d-----w- c:\users\Alex\AppData\Roaming\PCF-VLC
2010-07-07 17:25 . 2009-09-04 09:16 -------- d-----w- c:\program files\Realtek
2010-07-07 17:10 . 2009-09-04 09:16 -------- d--h--w- c:\program files\Temp
2010-07-07 16:49 . 2010-07-07 16:49 -------- d-----w- c:\users\Alex\AppData\Roaming\Participatory Culture Foundation
2010-07-07 16:21 . 2010-07-07 16:21 -------- d-----w- c:\programdata\ATI
2010-07-07 16:20 . 2009-11-19 16:47 -------- d-----w- c:\program files\ATI Technologies
2010-07-07 15:52 . 2010-07-07 15:52 -------- d-----w- c:\program files\Driver-Soft
2010-07-03 19:57 . 2010-07-03 19:57 53248 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe
2010-06-30 06:25 . 2010-08-10 19:29 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-27 07:59 . 2009-09-04 09:42 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 18:45 . 2009-12-25 11:37 -------- d-----w- c:\program files\CCleaner
2010-06-24 20:30 . 2010-01-01 20:01 -------- d-----w- c:\program files\DIFX
2010-06-24 20:30 . 2010-06-24 20:30 -------- d-----w- c:\program files\AMD
2010-06-24 20:07 . 2010-06-24 20:07 -------- d-----w- c:\program files\Intel
2010-06-24 19:18 . 2010-06-24 19:18 -------- d-----w- c:\users\Alex\AppData\Roaming\Blitware
2010-06-24 19:18 . 2010-06-24 19:18 -------- d-----w- c:\program files\Driver Robot
2010-06-22 02:47 . 2010-08-10 19:29 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-10 19:29 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-10 19:29 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-20 09:11 . 2010-05-17 08:13 138056 ----a-w- c:\users\Alex\AppData\Roaming\PnkBstrK.sys
2010-06-20 09:11 . 2010-05-17 08:13 138056 ----a-w- c:\users\Alex\AppData\Roaming\PnkBstrK.sys
2010-06-20 09:11 . 2010-06-20 09:11 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-06-19 06:33 . 2010-08-10 19:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-10 19:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-10 19:29 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-10 19:29 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-10 19:29 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-09 14:55 . 2010-06-09 14:55 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-09 14:55 . 2010-05-17 08:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-09 00:30 . 2009-12-30 16:34 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-09 00:30 . 2009-12-30 16:34 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-08 16:39 . 2010-07-15 11:36 704512 ----a-w- c:\users\Alex\AppData\Roaming\Songbird2\Profiles\e0vv0r7w.default\extensions\msc@songbirdnest.com\platform\WINNT_x86-msvc\components\sbMSCDevice.dll
2010-06-08 10:30 . 2010-07-14 16:44 52224 ----a-w- c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wfnmfo78.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
2010-06-08 10:30 . 2010-07-14 16:44 101376 ----a-w- c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wfnmfo78.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
2010-06-08 06:02 . 2010-08-10 19:29 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 10:55 . 2010-06-04 10:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-03 21:40 . 2010-06-03 21:40 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-03 21:32 . 2010-06-03 21:32 56765 ----a-w- c:\programdata

 

[Darbon]

\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-03 21:32 . 2010-06-03 21:32 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-03 21:32 . 2010-06-03 21:32 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-03 21:32 . 2010-06-03 21:32 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-06-03 21:27 . 2010-06-03 21:32 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-03 21:27 . 2010-06-03 21:32 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-02 20:08 . 2010-06-02 20:08 152868 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-01 18:00 . 2010-06-01 18:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 18:00 . 2010-06-01 18:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 18:00 . 2010-06-01 18:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 18:00 . 2010-06-01 18:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-31 10:46 . 2010-07-07 17:25 267880 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-05-29 13:36 . 2010-05-29 13:36 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-05-27 17:38 . 2010-05-27 17:38 5586432 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-05-27 17:05 . 2010-05-27 17:05 15180800 ----a-w- c:\windows\system32\atioglxx.dll
2010-05-27 17:02 . 2010-05-27 17:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2009-10-31 . 6269A467E49E8792B75AC4B900F8D42D . 2131456 . . [6.1.7600.16385] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"uTorrent"="c:\users\Alex\Downloads\utorrent.exe" [2010-08-19 327472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3506124]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver; [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-03-27 23552]
R3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\DRIVERS\tapavpn.sys [2007-10-19 24320]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-02-18 102856]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-02-15 79432]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-06-24 08:06]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {04E4F3CA-C6BA-40CE-87DD-7071AB8096F7} = 156.154.70.22,156.154.71.22
TCP: {165B2137-4092-417D-8A68-D09FD368AC06} = 212.19.48.14
TCP: {493E3794-C65F-432C-986A-A3957EC14FE4} = 156.154.70.22,156.154.71.22
TCP: {CED900B2-02C3-4D9A-B71B-4F9301E0B0E5} = 212.19.48.14
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wfnmfo78.default\
FF - prefs.js: network.proxy.ftp - 87.248.226.210
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 87.248.226.210
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 87.248.226.210
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 87.248.226.210
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 87.248.226.210
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wfnmfo78.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wfnmfo78.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wfnmfo78.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wfnmfo78.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\System32\guard32.dll

- - - - - - - > 'lsass.exe'(564)
c:\windows\system32\guard32.dll
.
Completion time: 2010-08-20 00:18:28
ComboFix-quarantined-files.txt 2010-08-19 23:18

Pre-Run: 19,075,575,808 bytes free
Post-Run: 18,980,978,688 bytes free

- - End Of File - - 4790427720F5133FE6125EF1B84858DB

 

[crunchie]

How are things running at the moment

 

[Darbon]

So far so good, i think ComboFix did the trick.

So far i've had no errors, no re-directions and my computer seems to be much faster so fingers crossed that's removed it. CF did say something about finding a rootkit.

Thanks alot for your help i wouldn't have stood a chance!

--Alex.

 

[crunchie]

Please download Rootkit Revealer
Unzip it to your desktop.
Open the RootkitRevealer folder and double-click RootkitRevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go to File > Save. Choose to save the log to your desktop.
Open rootkitrevealer.txt
on your desktop and copy the entire contents and paste them here
Please don't surf or do anything else during the scan with RootkitRevealer, or it may interfere with the results and show legitimate entries.