Inactive When I click on a Google link I get redirected

S

shahed92

Hi,
basically whenever i click a link on google i get redirected to an advertisement or something, i have looked at other posts and i think it is malware or something, can anyone please help me to fix this problem?

Thank you
 
Welcome to TechSpot! I will help but need information first:

Pease follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
===============================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.
 
Logs

Here are the logs:

Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.27.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
sal :: SAL-PC [administrator]

Protection: Enabled

27/02/2012 14:51:48
mbam-log-2012-02-27 (14-51-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180305
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\se45mdfl.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Windows\System32\se45mdfl.dll (RootKit.0Access.H) -> Delete on reboot.

(end)


GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-27 16:26:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
Running: tgotqr68.exe; Driver: C:\Users\sal\AppData\Local\Temp\uwldypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process PING.EXE (*** hidden *** ) 2100

---- EOF - GMER 1.0.15 ----


DDS logs: DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by sal at 16:28:14 on 2012-02-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3005.1656 [GMT 0:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.9.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.9.0.12\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.9.0.12\coIEPlg.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CB2C547C-EA3E-4DE4-9B10-6041D05DE8C2} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1109000.00c\symds.sys [2012-1-12 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1109000.00c\symefa.sys [2012-1-12 173176]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-16 820344]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1109000.00c\cchpx86.sys [2012-1-12 485512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-13 232512]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20120224.002\IDSvix86.sys [2012-2-25 368248]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-17 10752]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1109000.00c\ironx86.sys [2012-1-12 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1109000.00c\symtdiv.sys [2012-1-12 340088]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-10 652360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-27 20464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-17 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-10 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-2 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-10 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2012-02-27 14:49:11 -------- d-----w- c:\users\sal\appdata\roaming\Malwarebytes
2012-02-27 14:48:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-27 14:48:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 12:23:15 162664 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10140.bin
2012-02-19 22:24:28 -------- d-----w- c:\users\sal\appdata\local\NPE
2012-02-19 22:19:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-19 19:51:23 -------- d-----w- c:\users\sal\appdata\roaming\GetRightToGo
2012-02-17 14:57:02 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-02-17 14:57:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-17 14:57:00 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-17 14:57:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-17 14:57:00 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-02-16 12:35:37 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 12:32:23 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 12:32:05 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 11:27:49 2340864 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-02-25 16:16:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 11:44:29 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-01-13 17:42:39 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-11 09:53:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2001-09-28 18:00:28 164864 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 16:29:32.10 ===============


DDS logs: Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02/05/2010 14:48:22
System Uptime: 27/02/2012 15:07:25 (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R519/R719
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 1188/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 109 GiB total, 2.731 GiB free.
D: is FIXED (NTFS) - 109 GiB total, 78.647 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Accelrys License Pack
ACD/Labs Software in C:\Program Files\ACDFREE12\
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
Alice Greenfingers
AnyPC Client
Atheros Client Installation Program
Avogadro
BatteryLifeExtender
Business Contact Manager for Outlook 2007 SP1
CambridgeSoft Activation Client
CambridgeSoft BioAssay 12.0
CambridgeSoft ChemBioOffice Ultra 2010
CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0
CambridgeSoft ChemScript 12.0
CambridgeSoft Desktop Inventory 12.0
CambridgeSoft ENotebook 12.02
CTC Instrument Control Redist 1.4.0.1
Cubist-demo 2.07
CyberLink YouCam
Dairy Dash
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EPSON PhotoQuicker3.2
EPSON PRINT Image Framer Tool1.1
EPSON Printer Software
Farm Frenzy 2
FIFA 12 (c) EA version 1
Game Pack
Go-Go Gourmet
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
J2SE Runtime Environment 5.0 Update 3
Java 3D 1.3.1 (OpenGL) Runtime
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
MestReNova LITE 5.2.5-5780
Micromass MassLynx V4.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Python 2.5
Python 2.7.1
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
REBOL/View
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
SamsungMovie
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SpinWorks_3
STATISTICA 8.0.725.0 CS
STATISTICA CambridgeSoft Integration
STATNOVAPDF (novaPDF Professional Server 5.4 printer)
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Word 2007 (KB974631)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
User Guide
VEGA ZZ 2.4.0
VMD 1.9.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.10 beta 5 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
27/02/2012 16:27:44, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
27/02/2012 15:07:53, Error: Service Control Manager [7023] - The Ati2mtaa service terminated with the following error: The specified module could not be found.
27/02/2012 15:07:53, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
27/02/2012 15:07:49, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
27/02/2012 15:07:49, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
25/02/2012 17:56:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xbae4f5d8, 0x00000002, 0x00000000, 0x82e9f6fd). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 022512-39000-01.
24/02/2012 17:16:41, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
24/02/2012 11:56:24, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
21/02/2012 16:02:01, Error: Service Control Manager [7030] - The AMService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
20/02/2012 11:39:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tdx
20/02/2012 11:39:18, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
20/02/2012 11:39:18, Error: Service Control Manager [7001] - The DHCP Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
20/02/2012 08:24:05, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 
I'm very sorry- I did not get the email feeback of your reply. I thought I had found all of the affected threads.

I'd like you to temporarily disable the CD Emulation program Daemon Tools:
To disable CD Emulation programs using DeFogger please perform these steps:
  1. . Please download DeFogger to your desktop.
  2. . Double-click on the DeFogger icon to start the tool.
  3. . The application window will> appear> click on the Disable button to disable your CD Emulation drivers
  4. . At prompt to continue> click on the Yes button to continue
  5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
---------------------------
The following can be done when we're finished:
To enable CD Emulation programs using DeFogger please perform these steps:
  1. . Please download DeFogger to your desktop.
  2. . Once downloaded, double-click on the DeFogger icon to start the tool.
  3. . The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. . When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. . If CD Emulation programs are present and have been enabled,

DeFogger will now ask you to reboot the machine. Please allow it to do so
by clicking on the OK button.
Click to expand...
=======================================
Follow with> Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===============================
Please let me know if you are still being redirected and/or if you are having any other, new system problems.
 
ComboFix Report

here is the report:

ComboFix 12-02-25.02 - sal 03/03/2012 15:20:00.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3005.2031 [GMT 0:00]
Running from: c:\users\sal\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 15:21 . 2012-03-03 15:26 -------- d-----w- c:\users\sal\AppData\Local\temp
2012-03-03 15:21 . 2012-03-03 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-27 14:49 . 2012-02-27 14:49 -------- d-----w- c:\users\sal\AppData\Roaming\Malwarebytes
2012-02-27 14:48 . 2012-02-27 14:48 -------- d-----w- c:\programdata\Malwarebytes
2012-02-27 14:48 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 12:23 . 2012-02-24 12:23 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-20 13:48 . 2012-02-28 08:33 -------- d-----w- c:\windows\Sun
2012-02-19 22:24 . 2012-02-20 11:48 -------- d-----w- c:\users\sal\AppData\Local\NPE
2012-02-19 22:19 . 2012-03-03 15:23 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-19 19:51 . 2012-02-19 19:52 -------- d-----w- c:\users\sal\AppData\Roaming\GetRightToGo
2012-02-17 18:14 . 2012-02-17 18:14 -------- d-----w- c:\users\Public\CyberLink
2012-02-17 14:57 . 2012-02-19 22:21 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-17 14:57 . 2012-02-17 14:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-17 14:57 . 2012-02-19 22:21 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-17 14:57 . 2012-02-19 22:21 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-02-17 14:57 . 2012-02-17 14:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-16 15:22 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-16 12:35 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 12:32 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 12:32 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 11:27 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 16:16 . 2012-01-11 08:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 11:44 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-01-17 19:54 . 2012-01-17 19:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-17 19:54 . 2012-01-17 19:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-17 19:54 . 2012-01-17 19:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-17 19:54 . 2012-01-17 19:54 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-17 19:54 . 2012-01-17 19:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-17 19:54 . 2012-01-17 19:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-17 19:54 . 2012-01-17 19:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-17 19:54 . 2012-01-17 19:54 367104 ----a-w- c:\windows\system32\html.iec
2012-01-17 19:54 . 2012-01-17 19:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-17 19:54 . 2012-01-17 19:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-17 19:54 . 2012-01-17 19:54 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-17 19:54 . 2012-01-17 19:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-17 19:54 . 2012-01-17 19:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-17 19:54 . 2012-01-17 19:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-17 19:54 . 2012-01-17 19:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-17 19:54 . 2012-01-17 19:54 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-17 19:54 . 2012-01-17 19:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-13 17:42 . 2012-01-13 17:42 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-11 09:53 . 2012-01-11 09:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-10 19:29 . 2012-01-10 19:29 45056 ----a-r- c:\users\sal\AppData\Roaming\Microsoft\Installer\{AC0F06C8-865D-4EC4-99CB-0714E2800880}\vmd.exe_ACB45EC7E21F469AA1111BD96CD51ACF.exe
2001-09-28 18:00 . 2012-01-10 20:10 164864 ----a-w- c:\program files\UNWISE.EXE
2012-02-19 22:21 . 2012-02-17 14:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-03 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-12 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS [2011-08-22 173176]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2011-12-23 820344]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys [2011-08-04 485512]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-13 232512]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120303.003\IDSvix86.sys [2011-12-15 368248]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS [2011-08-22 340088]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SE26mdfl
bc_ip_f
websensedcagent
bgmainsvc
crystalaps
hpconfig
mgisvr
atimtag
oracle_load_balancer_60_server-forms6i
btfirst
BRGSp50
nimdbgk
i81x
Packet
dlabmfsm
ipcsvc
crauto
pdlndoem
hpqwmi
sbservice
procdd
ipodservice
DMUSBUSBDCam
point32
se44unic
wtwservice
smserial
iAimFP5
TClass2k
cdr4_2k
hpqwmiex
padfsvr
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 20:04]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:31,ff,96,ab,55,f1,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,54,3c,40,f8,a7,c2,45,bc,9f,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,54,3c,40,f8,a7,c2,45,bc,9f,1d,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\mswsock.dll
mswsock.dll 75440000 245760 \\.\globalroot\systemroot\system32\mswsock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-03 15:31:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-03 15:31
.
Pre-Run: 2,350,895,104 bytes free
Post-Run: 2,284,724,224 bytes free
.
- - End Of File - - 0E5A404F89A2426CA4C3BB1C0214D31C
 
Per Combofix directions:
Before you run the Combofix scan, please disable any security software you have running.
Click to expand...

You had these enabled:
AV: Norton Internet Security *Enabled/
FW: Norton Internet Security *Enabled*
SP: Norton Internet Security *Enabled/
Click to expand...

.Which is most likely why you had to run Combofix in:
- REDUCED FUNCTIONALITY MODE -

Please disconnect from the internet, disable the security and run the following with the security off:

Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
FileLook::
C:\windows\system32\conhost.exe
C:\windows\system32\conhost.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Next this online virus scan:
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
Please leave logs in next reply.
======================================
Comment: I note that Windows 7 Home Premium has Install Date: 02/05/2010
But there are No restore point in system.
Updates show only for .NET Frmework

Why is this?

Net Framework updates nly
 
Logs

Ok i have disabled the antivirus and done what you said, here are the logs:

ComboFix Log:

ComboFix 12-02-25.02 - sal 04/03/2012 15:16:57.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3005.2133 [GMT 0:00]
Running from: c:\users\sal\Desktop\ComboFix.exe
Command switches used :: c:\users\sal\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 15:19 . 2012-03-04 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 15:21 . 2012-03-04 15:23 -------- d-----w- c:\users\sal\AppData\Local\temp
2012-02-27 14:49 . 2012-02-27 14:49 -------- d-----w- c:\users\sal\AppData\Roaming\Malwarebytes
2012-02-27 14:48 . 2012-02-27 14:48 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 12:23 . 2012-02-24 12:23 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-20 13:48 . 2012-02-28 08:33 -------- d-----w- c:\windows\Sun
2012-02-19 22:24 . 2012-02-20 11:48 -------- d-----w- c:\users\sal\AppData\Local\NPE
2012-02-19 22:19 . 2012-03-04 15:21 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-19 19:51 . 2012-02-19 19:52 -------- d-----w- c:\users\sal\AppData\Roaming\GetRightToGo
2012-02-17 18:14 . 2012-02-17 18:14 -------- d-----w- c:\users\Public\CyberLink
2012-02-17 14:57 . 2012-02-19 22:21 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-17 14:57 . 2012-02-17 14:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-17 14:57 . 2012-02-19 22:21 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-17 14:57 . 2012-02-19 22:21 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-02-17 14:57 . 2012-02-17 14:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-16 15:22 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-16 12:35 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 12:32 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 12:32 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 11:27 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 16:16 . 2012-01-11 08:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 11:44 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-01-17 19:54 . 2012-01-17 19:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-17 19:54 . 2012-01-17 19:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-17 19:54 . 2012-01-17 19:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-17 19:54 . 2012-01-17 19:54 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-17 19:54 . 2012-01-17 19:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-17 19:54 . 2012-01-17 19:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-17 19:54 . 2012-01-17 19:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-17 19:54 . 2012-01-17 19:54 367104 ----a-w- c:\windows\system32\html.iec
2012-01-17 19:54 . 2012-01-17 19:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-17 19:54 . 2012-01-17 19:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-17 19:54 . 2012-01-17 19:54 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-17 19:54 . 2012-01-17 19:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-17 19:54 . 2012-01-17 19:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-17 19:54 . 2012-01-17 19:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-17 19:54 . 2012-01-17 19:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-17 19:54 . 2012-01-17 19:54 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-17 19:54 . 2012-01-17 19:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-13 17:42 . 2012-01-13 17:42 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-11 09:53 . 2012-01-11 09:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-10 19:29 . 2012-01-10 19:29 45056 ----a-r- c:\users\sal\AppData\Roaming\Microsoft\Installer\{AC0F06C8-865D-4EC4-99CB-0714E2800880}\vmd.exe_ACB45EC7E21F469AA1111BD96CD51ACF.exe
2001-09-28 18:00 . 2012-01-10 20:10 164864 ----a-w- c:\program files\UNWISE.EXE
2012-02-19 22:21 . 2012-02-17 14:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\conhost.exe ---
Company: Microsoft Corporation
File Description: Console Window Host
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CONHOST.EXE.MUI
File size: 271360
Created time: 2012-01-11 11:44
Modified time: 2011-07-16 04:31
MD5: B5C8881951776ECD34ED2929B1AF975D
SHA1: 2F88215FF7E59160F15E52F2EE3FD1FC4277E663
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-03 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-12 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS [2011-08-22 173176]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2011-12-23 820344]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys [2011-08-04 485512]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-13 232512]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120303.003\IDSvix86.sys [2011-12-15 368248]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS [2011-08-22 340088]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SE26mdfl
bc_ip_f
websensedcagent
bgmainsvc
crystalaps
hpconfig
mgisvr
atimtag
oracle_load_balancer_60_server-forms6i
btfirst
BRGSp50
nimdbgk
i81x
Packet
dlabmfsm
ipcsvc
crauto
pdlndoem
hpqwmi
sbservice
procdd
ipodservice
DMUSBUSBDCam
point32
se44unic
wtwservice
smserial
iAimFP5
TClass2k
cdr4_2k
hpqwmiex
padfsvr
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 20:04]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:31,ff,96,ab,55,f1,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,54,3c,40,f8,a7,c2,45,bc,9f,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,54,3c,40,f8,a7,c2,45,bc,9f,1d,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\mswsock.dll
mswsock.dll 74bf0000 245760 \\.\globalroot\systemroot\system32\mswsock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-04 15:28:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-04 15:28
ComboFix2.txt 2012-03-03 15:31
.
Pre-Run: 2,206,941,184 bytes free
Post-Run: 2,536,235,008 bytes free
.
- - End Of File - - 260D11F5BCC26F4FB2BDCF75D667CB5C

And here is the ESET Log:

C:\Users\sal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\sal\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-34f22789-3539d81c.zip Java/Exploit.CVE-2011-3544.AV trojan
C:\Windows\$NtUninstallKB20903$\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-2d8cfad4-64b55814.zip Java/Exploit.CVE-2011-3544.AU trojan
C:\Windows\$NtUninstallKB20903$\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-477e2791-40765a6a.zip Java/Exploit.CVE-2011-3544.AV trojan
C:\Windows\System32\AsDsm.dll probably a variant of Win32/Sirefef.ER trojan
C:\Windows\System32\usbcm.dll probably a variant of Win32/Sirefef.ER trojan
C:\Windows\System32\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-2d8cfad4-64b55814.zip Java/Exploit.CVE-2011-3544.AU trojan
C:\Windows\System32\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-477e2791-40765a6a.zip Java/Exploit.CVE-2011-3544.AV trojan
C:\Windows\System32\drivers\afd.sys a variant of Win32/Sirefef.DA trojan
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys a variant of Win32/Sirefef.DA trojan
Operating memory Win32/Sirefef.DN trojan
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
465
eriksnyman1
E
D
Wifi suddenly stopped working but ethernet works
Replies
1
Views
469
learninmypc
learninmypc
M
Web Meeting disconnects even though internet is connected
Replies
1
Views
605
madhav04
M

Latest posts

Back