Solved I am having trouble with redirect virus and need help

ajax213 · Nov 28, 2011

I've completed the preliminary 5 steps for malware. Here are my logs.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8255

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/28/2011 12:32:38 AM
mbam-log-2011-11-28 (00-32-38).txt

Scan type: Quick scan
Objects scanned: 171466
Time elapsed: 11 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\mousebackupmanager.dll (Trojan.Tracur) -> Delete on reboot.
c:\Users\chasity kay\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{156433F8-FCCB-40BF-8F73-613F94691D93} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{156433F8-FCCB-40BF-8F73-613F94691D93} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{156433F8-FCCB-40BF-8F73-613F94691D93} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{156433F8-FCCB-40BF-8F73-613F94691D93} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MouseBackupManager (Trojan.Tracur) -> Value: MouseBackupManager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Softonic Update (Trojan.Tracur) -> Value: Softonic Update -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\mousebackupmanager.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\Users\chasity kay\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\Users\chasity kay\AppData\Local\serviceuser.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\Windows\System32\srrstr.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\srrstr.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\Users\chasity kay\AppData\Local\Temp\1E00.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\Users\chasity kay\local settings\serviceuser.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\Users\chasity kay\local settings\application data\serviceuser.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\Users\chasity kay\local settings\application data\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Quarantined and deleted successfully.

The gmer log is blank and said nothing was found. I ran it twice and both time same results. If I need to do something different please let me know.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Chasity Kay at 2:00:00 on 2011-11-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1692 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360610d525l0424z145t44j2x237
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360610d525l0424z145t44j2x237
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360610d525l0424z145t44j2x237
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360610d525l0424z145t44j2x237
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111110203304.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3FC3F169-F213-459E-B76A-9FFF5741A5CD} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3FC3F169-F213-459E-B76A-9FFF5741A5CD}\245737974596765627D27657563747 : DhcpNameServer = 156.154.70.11 156.154.71.11
TCP: Interfaces\{3FC3F169-F213-459E-B76A-9FFF5741A5CD}\353494E636055726 : DhcpNameServer = 65.175.128.46 65.175.128.47 8.8.8.8
TCP: Interfaces\{3FC3F169-F213-459E-B76A-9FFF5741A5CD}\36C6169786F6573756 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{3FC3F169-F213-459E-B76A-9FFF5741A5CD}\C696E6B6379737 : DhcpNameServer = 65.83.241.181 67.32.118.46
TCP: Interfaces\{3FC3F169-F213-459E-B76A-9FFF5741A5CD}\D6373747164756E2564657 : DhcpNameServer = 130.18.80.13 10.1.0.3
TCP: Interfaces\{3FC3F169-F213-459E-B76A-9FFF5741A5CD}\D637577657563747 : DhcpNameServer = 10.11.0.3 130.18.80.134
TCP: Interfaces\{856ED3C4-B8B5-470E-B3C2-641E5FDB459F} : DhcpNameServer = 192.168.1.254 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111110203304.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-5 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-28 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]
R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-10-26 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-10-26 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-11 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-11 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-28 06:17:57 -------- d-----w- C:\Users\Chasity Kay\AppData\Roaming\Malwarebytes
2011-11-28 06:17:42 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-28 06:17:37 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-28 06:17:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-09 04:54:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 04:54:55 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 04:54:52 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 04:54:47 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-10-18 20:32:28 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-10-15 19:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 19:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 19:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 19:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 19:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 19:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 19:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 19:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 19:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-10-14 04:46:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 2:02:16.56 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/8/2010 8:35:13 PM
System Uptime: 11/28/2011 12:36:18 AM (2 hours ago)
.
Motherboard: Acer | | Aspire 5532
Processor: AMD Athlon(tm) Processor TF-20 | Socket S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 95.719 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP77: 10/21/2011 11:25:20 PM - Scheduled Checkpoint
RP79: 10/27/2011 9:36:41 AM - Windows Modules Installer
RP80: 10/27/2011 9:38:17 AM - Windows Modules Installer
RP81: 11/8/2011 11:51:13 PM - Removed BlackBerry Device Software Updater.
RP82: 11/9/2011 2:14:55 PM - Windows Update
RP83: 11/11/2011 10:14:48 AM - Windows Update
RP84: 11/19/2011 4:35:08 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acer Arcade Deluxe
Acer Assist
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.3 MUI
AMD USB Filter Driver
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
eSobi v2
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Internet Security Suite
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Veetle TV 0.9.18
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
.
==== Event Viewer Messages From Past Week ========
.
11/28/2011 12:36:37 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
11/28/2011 12:36:37 AM, Error: atikmdag [43029] - Display is not active
11/28/2011 12:35:10 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
11/27/2011 9:12:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/27/2011 10:08:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
11/27/2011 1:46:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/25/2011 8:41:27 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

I think this is all you needed. Hope you can help me resolve my problems. Thanks

Bobbye · Nov 28, 2011

Welcome to TechSpot! I will help with the redirect, but need more information.
==============================================
My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
Read my instructions carefully. If you don't understand or have a problem, ask me.
If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
Follow the order of the tasks I give you. Order is crucial in cleaning process.
File sharing programs should be uninstalled or disabled during the cleaning process..
Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.
Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please run the following

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button
Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

Please paste the logs into your next reply.

ajax213 · Nov 29, 2011

Here are the two new logs.

ESET Online Scan logs
C:\Users\Chasity Kay\AppData\Local\Google\Chrome\User Data\Default\Default\hjkcakmpchlhhchlbdccdmpjcekjbomg\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Chasity Kay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1526f290-623f46ca Java/Agent.Y trojan

ComboFix logs
ComboFix 11-11-29.01 - Chasity Kay 11/28/2011 23:22:04.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1731 [GMT -6:00]
Running from: c:\users\Chasity Kay\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Chasity Kay\Documents\~WRL0001.tmp
c:\users\Chasity Kay\Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 05:32 . 2011-11-29 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 01:57 . 2011-11-29 01:57 -------- d-----w- c:\program files (x86)\ESET
2011-11-28 06:17 . 2011-11-28 06:17 -------- d-----w- c:\users\Chasity Kay\AppData\Roaming\Malwarebytes
2011-11-28 06:17 . 2011-11-28 06:17 -------- d-----w- c:\programdata\Malwarebytes
2011-11-28 06:17 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 06:17 . 2011-11-28 06:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-09 04:54 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 04:54 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 04:54 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:54 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 06:09 . 2010-07-20 13:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-28 06:08 . 2010-07-20 13:12 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-28 06:08 . 2010-07-20 13:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-28 06:07 . 2010-07-28 22:20 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-17 01:55 . 2010-07-28 22:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-11-17 01:54 . 2010-07-28 22:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-17 01:54 . 2010-07-28 22:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-17 01:54 . 2010-07-20 13:12 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-18 20:32 . 2010-10-27 05:07 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 19:16 . 2010-10-27 05:24 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16 . 2010-10-27 05:23 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 19:16 . 2010-10-27 05:23 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16 . 2010-10-27 05:23 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 19:16 . 2010-10-27 05:23 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 19:16 . 2010-10-27 05:23 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16 . 2010-10-27 05:23 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16 . 2010-08-24 19:57 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 19:16 . 2010-08-24 19:57 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-14 04:46 . 2011-06-30 01:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-12 04:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-12 04:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-12 04:56]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-12 04:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360610d525l0424z145t44j2x237
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360610d525l0424z145t44j2x237
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
.
**************************************************************************
.
Completion time: 2011-11-29 02:22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 08:22
.
Pre-Run: 102,522,187,776 bytes free
Post-Run: 101,287,514,112 bytes free
.
- - End Of File - - 22B82C66CD9EC8B039E2BDB8B61B61CC

I know we are not done yet, but thanks for your help. The computer is already running noticeably better!

Bobbye · Nov 29, 2011

Glad to help. Let's keep more of the malware out:

Please update Java- you are using Java(TM) 6 Update 23 which is several versions out of date: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
------------------------------
Because of this outdated program, you have gotten malware in the Java cache, so it needs to be empties:

. Click Start > Control Panel.
. Double-click the Java icon

in the Control Panel.
. Click Settings under Temporary Internet Files.
http://www.java.com/en/img/download/5000020303.jpg[/b]
There are three options on this window to clear the cache.(Version dependent)
[o]. Delete Files
[o]. View Applications
[o]. View Applets
[*]. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
[*]. Click OK on Temporary Files Settings window. [/list]
===========================================
For the Eset entries:

Please download [url=http://oldtimer.geekstogo.com/OTM.exe][b][color=blue]OTMovit by Old Timer[/b][/color][/url] and save to your desktop.
[list]

[*] Double-click [b]OTMoveIt3.exe[/b] to run it. (Vista users, please right click on [b]OTMoveit3.exe[/b] and select "Run as an [b]Administrator[/b]")
[*][b]Copy the file paths below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):
[CODE]
:Files
C:\Users\Chasity Kay\AppData\Local\Google\Chrome\User Data\Default\Default\hjkcakmpchlhhchlbdccdmpjcekjbomg\contentscript.js
C:\Users\Chasity Kay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1526f290-623f46ca

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot][/CODE]

[*] Return to OTMoveIt3, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window and choose [b]Paste[/b].
[*]Click the red [b]Moveit![/b] button.
[*]A log of files and folders moved will be created in the [b]c:\_OTMoveIt\MovedFiles[/b] folder in the form of Date and Time ([b]mmddyyyy_hhmmss.log[/b]). Please open this log in Notepad and post its contents in your next reply.
[*]Close [b]OTMoveIt3[/b]
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b]
=======================================
Although you don't mention it, it looks like you're having a problem with the graphics driver and Display:
11/28/2011 12:36:37 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
11/28/2011 12:36:37 AM, Error: atikmdag [43029] - Display is not active

It involves your Acer Aspire+ ATI Radeon Graphics + atikmdag.sys + .Catalyst Control Center:
I am not experienced with this and if the redirect has been resolved and you are experiencing this, possibly BSODs, I may refer you to our forum better able to help with this.

Please let me know. The Combofix log looks pretty good- there are just a few entries to remove

ajax213 · Dec 1, 2011

I have gotten the this part done.

Please update Java- you are using Java(TM) 6 Update 23 which is several versions out of date: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
------------------------------
Because of this outdated program, you have gotten malware in the Java cache, so it needs to be empties:
1.. Click Start > Control Panel.

But when i get here i can't find the Java Icon in my Control Panel to Click it.2

.. Double-click the Java icon in the Control Panel.

I don't know if there is any simplier way that you can tell me how to find it, but I am just having trouble locating it. I'm sure you already know that my computer is a Windows 7, but i thought i'd let you know in case it helps you help me. Sorry for the ignorance.

ajax213 · Dec 1, 2011

Forgot to send you the OTM logs

All processes killed
========== FILES ==========
File/Folder C:\Users\Chasity Kay\AppData\Local\Google\Chrome\User Data\Default\Default\hjkcakmpchlhhchlbdccdmpjcekjbomg\contentscript.js not found.
File/Folder C:\Users\Chasity Kay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1526f290-623f46ca not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chasity Kay
->Temp folder emptied: 502090 bytes
->Temporary Internet Files folder emptied: 2645075 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 790 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49286 bytes
RecycleBin emptied: 0 bytes

Hope it was okay I did this before the Java stuff was complete. If I need to redo it just let me know. Thanks again

Bobbye · Dec 1, 2011

There should be one more line in OTM toward the end, It begins with Total Files Cleaned followed by a number. If you can find that #, just let me know what it is.
==========================
This should help with clearing the Java cache:
1. Click Start, and then click Control Panel.

2. Click Programs, and then click the Java icon.

If you are using Windows 7 and your View by is set to either Large icons or Small icons, then click the Java icon.

3. Click the General tab> Temporary Internet Files section> click Settings.
4. Click Delete Files.
5. In the Delete Temporary Files window, select all the check boxes, and then click OK.
6. Click OK to close the Temporary Files Settings window.
7. Click OK to close the Java Control Panel window.
Images courtesy AOL Help
====================================
Combofix looks good- just a couple of removals:
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

File::
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
ClearJavaCache::

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . You do not need to leave this log unless there are new problems.
====================
Please update the Adobe Reader: Visit this Adobe Reader site and make sure you have the most current update. Uninstall Adobe Reader v9.
=====================================
Has the redirect been resolved? Are there any remaining problems?

ajax213 · Dec 1, 2011

I am still unable to locate the Java program. I had previously deleted it from my computer when you first told me it was outdated and needed to be removed. Maybe that is why I am having trouble locating it. I have deleted my internet browsing history however.

Also i am not sure if there was anything found in the Combofix scan so I will post the log anyway.

ComboFix 11-12-01.03 - Chasity Kay 12/01/2011 22:13:13.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1925 [GMT -6:00]
Running from: c:\users\Chasity Kay\Desktop\ComboFix.exe
Command switches used :: c:\users\Chasity Kay\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 04:22 . 2011-12-02 04:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-01 05:35 . 2011-12-01 05:35 -------- d-----w- C:\_OTM
2011-11-29 01:57 . 2011-11-29 01:57 -------- d-----w- c:\program files (x86)\ESET
2011-11-28 06:17 . 2011-11-28 06:17 -------- d-----w- c:\users\Chasity Kay\AppData\Roaming\Malwarebytes
2011-11-28 06:17 . 2011-11-28 06:17 -------- d-----w- c:\programdata\Malwarebytes
2011-11-28 06:17 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 06:17 . 2011-11-28 06:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-09 04:54 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 04:54 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 04:54 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:54 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 06:09 . 2010-07-20 13:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-28 06:08 . 2010-07-20 13:12 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-28 06:08 . 2010-07-20 13:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-28 06:07 . 2010-07-28 22:20 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-17 01:55 . 2010-07-28 22:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-11-17 01:54 . 2010-07-28 22:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-17 01:54 . 2010-07-28 22:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-17 01:54 . 2010-07-20 13:12 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-18 20:32 . 2010-10-27 05:07 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 19:16 . 2010-10-27 05:24 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16 . 2010-10-27 05:23 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 19:16 . 2010-10-27 05:23 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16 . 2010-10-27 05:23 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 19:16 . 2010-10-27 05:23 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 19:16 . 2010-10-27 05:23 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16 . 2010-10-27 05:23 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16 . 2010-08-24 19:57 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 19:16 . 2010-08-24 19:57 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-14 04:46 . 2011-06-30 01:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-12 04:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-12 04:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-29_08.17.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-05 20:39 . 2011-12-01 08:00 31982 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-28 06:38 44116 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-02 04:26 44116 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-09 01:37 . 2011-12-02 04:26 12086 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4145559401-2350437283-3778004215-1000_UserData.bin
- 2010-01-06 20:54 . 2011-11-29 05:34 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-06 20:54 . 2011-12-02 04:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-06 20:54 . 2011-11-29 05:34 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-06 20:54 . 2011-12-02 04:24 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-02 03:51 . 2011-12-02 03:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011120120111202\index.dat
+ 2011-11-30 21:14 . 2011-12-01 00:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011113020111201\index.dat
- 2009-07-14 04:54 . 2011-11-29 05:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-02 04:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-12 23:36 . 2011-12-02 04:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 23:36 . 2011-11-29 05:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 23:36 . 2011-11-29 05:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-12 23:36 . 2011-12-02 04:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-12 23:36 . 2011-11-29 05:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-12 23:36 . 2011-12-02 04:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-09 01:39 . 2011-12-02 04:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-09 01:39 . 2011-11-29 06:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-09 01:39 . 2011-12-02 04:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-09 01:39 . 2011-11-29 06:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-29 05:34 . 2011-11-29 05:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-02 04:24 . 2011-12-02 04:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-29 05:34 . 2011-11-29 05:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-02 04:24 . 2011-12-02 04:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-09 03:52 . 2011-12-01 11:24 245760 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2011-11-29 05:33 394268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-02 04:23 394268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-11-29 06:23 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-12-02 04:11 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360610d525l0424z145t44j2x237
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360610d525l0424z145t44j2x237
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
.
**************************************************************************
.
Completion time: 2011-12-01 22:33:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-02 04:33
ComboFix2.txt 2011-11-29 08:22
.
Pre-Run: 104,701,485,056 bytes free
Post-Run: 104,425,762,816 bytes free
.
- - End Of File - - 88A0669A97D5CFB2F31C2C1049F29255

The Redirect problem seems to be corrected, I have not had any trouble with it. Also my computer is running much faster. Thanks very much, you have helped me greatly.

ajax213 · Dec 2, 2011

Here was that OTM log again

All processes killed
========== FILES ==========
File/Folder C:\Users\Chasity Kay\AppData\Local\Google\Chrome\User Data\Default\Default\hjkcakmpchlhhchlbdccdmpjcekjbomg\contentscript.js not found.
File/Folder C:\Users\Chasity Kay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1526f290-623f46ca not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chasity Kay
->Temp folder emptied: 509775 bytes
->Temporary Internet Files folder emptied: 27138629 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 999 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51443 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 12012011_230519

Files moved on Reboot...
C:\Users\Chasity Kay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Also, do I need to reset all my passwords or will I be okay leaving them the same. I reinstalled Java and it is now in the location you told me to look. So obviously when I deleted it earlier is when I encountered the problem of not finding it. I have also now updated Adobe to version 9.4.6 MUI. Is this the correct version?
Sorry for having everything split on two different post, and again thanks for all your help.

Bobbye · Dec 2, 2011

This was all I wanted from OTM: Total Files Cleaned = 26.00 mb. This is good! Sometimes I see several hundred files cleaned- that's an indication that regular maintenance isn't being done.
----------------------------------
How do I manually download and install Java for my Windows computer?
For: Platform(s): Windows 7, Vista, Windows XP, Windows 2000, Windows 2003, Windows 2008 Server
For: Java version(s): 6.0

Disable your Internet firewall.

Download Windows 7, XP Online current version of Java and save to the desktop

Double-click on the saved file to start the installation process.
Accept the license terms and to continue with the installation.
Click Next
Note: do not check any other products offered by partners. Uncheck any pre-checked boxes.
Click Close.
Reboot the computer

To make sure Java is working properly, run this TEST.

ajax213 · Dec 2, 2011

The test run on my Java showed it was working and the most up to date version. So does this mean everything is clean? Do I need to reset all my passwords or can I leave them as they are? Also, you said something about my video card having some issues, I would appreciate any help you could get me with resolving that also. Thanks very much for all you have done.

Bobbye · Dec 6, 2011

You're welcome- glad to help. I don't think it's necessary to change your passwords. However, in any malware infection, there is always a chance they have been compromised.

Regarding my earlier reference to graphics card:

Although you don't mention it, it looks like you're having a problem with the graphics driver and Display:
11/28/2011 12:36:37 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
11/28/2011 12:36:37 AM, Error: atikmdag [43029] - Display is not active

It involves your Acer Aspire+ ATI Radeon Graphics + atikmdag.sys + .Catalyst Control Center:
I am not experienced with this and if the redirect has been resolved and you are experiencing this, possibly BSODs, I may refer you to our forum better able to help with this.

Look for ATI Radeon Graphics Driver
. If there is an update, I recommend getting it. However. I have no experience with CCC, so if you have an Display problems, I suggest you copy the text I have put in quotes and start a thread in the Software Forum.
========================================
Remove all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted
[o] Click START> then RUN
[o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Download OTCleanIt by OldTimer and save it to your Desktop.
[o] Double click OTCleanIt.exe.
[o] Click the CleanUp! button.
[o] If you are prompted to Reboot during the cleanup, select Yes.
[o]The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
Set a new, clean Restore Point
[o] Click on Start> right click on Computer> Properties
[o] Select System Protection
[o] Click on the Create button (near bottom)
[o] Type a name for the Restore Point
[o] Click on Create again to save the restore point.
Deleting all but the most recent System Protection point in Windows 7
[o] Click Start> Computer> right click the C Drive and choose Properties> enter.
[o] Click Disk Cleanup from there.

[o] Click Clean up system files
This restarts Disk Cleanup to run in elevated mode.
[o] Click the More Options tab

[o] Click the Clean up under System Restore and Shadow Copies.
[o] Click OK.
[o] You will get a confirmation screen> Just click Delete.
[o] Click OK on the Disk Cleanup Screen.
[o] Click Delete Files on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
--------------------------------------
I'm leaving some security tips you might want to look over:
Tips for added security and safer browsing: (Links are in Bold Blue)

Browser Security
[o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
[o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
[o] Replace the Host Files
[o] Google Toolbar Pop Up Blocker
[o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
Have layered Security:
[o]Antivirus :(only one):Both of the following programs are free and known to be good:
[o]Avira-AntiVir-Personal-Free-Antivirus
[o]Avast-Free Antivirus
[o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
[o]Comodo
[o]Zone Alarm
Antimalware: I recommend all of the following:
[o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
[o]Spybot Search & Destroy
Updates: Stay current:
[o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
[o]Adobe Reader Install current, uninstall old.
[o]Java Updates Install current, uninstall old.
Tracking Cookies
Reset Cookie:
[o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
[o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
[o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
Do regular Maintenance
Clean the temporary internet files often:
[o] Temporary File Cleaner]
or
[o] ATF Cleaner by Atribune
Restore Points:
[o]See System Restore Guide
Safe Email Handling
[o] Don't open email from anyone you don't know.
[o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
[o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.
Let me know if you have any more questions.

Solved I am having trouble with redirect virus and need help

ajax213

Posts: 7 +0

Bobbye

Posts: 16,313 +36

ajax213

Posts: 7 +0

Bobbye

Posts: 16,313 +36

ajax213

Posts: 7 +0

ajax213

Posts: 7 +0

Bobbye

Posts: 16,313 +36

ajax213

Posts: 7 +0

ajax213

Posts: 7 +0

Bobbye

Posts: 16,313 +36

ajax213

Posts: 7 +0

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts