Author Topic: Another Google redirect virus.. (Read 11337 times)

endlessvelocity · « **on:** November 04, 2011, 10:20:13 PM »

I have a google redirect virus, I'm looking for some help removing it (or making sure it's removed) I've already installed a bunch of the go-to's for malware/spyware/virus removal. I've read the rules and suggestions before posting ( i.e. not having more than one running at once, etc ) . Any help would be appreciated, thanks!

Allan · « **Reply #1 on:** November 05, 2011, 07:23:59 AM »

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

endlessvelocity · « **Reply #2 on:** November 05, 2011, 11:22:59 AM »

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8088

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/4/2011 9:28:49 PM
mbam-log-2011-11-04 (21-28-49).txt

Scan type: Quick scan
Objects scanned: 170825
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\microsoftnotifieronline.dll (Trojan.Agent) -> Delete on reboot.
c:\Users\Dawn\AppData\Local\AMD\amdupdate\AMDup.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{188A4539-EA58-4B2E-AE38-03517F2C06Ec} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{188A4539-EA58-4B2E-AE38-03517F2C06EC} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftNotifierOnline (Trojan.Agent) -> Value: MicrosoftNotifierOnline -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek Update (Trojan.Agent) -> Value: Realtek Update -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\microsoftnotifieronline.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dawn\AppData\Local\AMD\amdupdate\AMDup.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dawn\AppData\Local\shellx86_x64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dawn\local settings\shellx86_x64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dawn\local settings\application data\shellx86_x64.dll (Trojan.Agent) -> Quarantined and deleted successfully.

endlessvelocity · « **Reply #3 on:** November 05, 2011, 11:29:24 AM »

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Dawn at 10:28:33 on 2011-11-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2623 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B8BF91C3-F192-4C64-9E55-C4BD5A036DDE} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.

SuperDave · « **Reply #4 on:** November 05, 2011, 12:33:19 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***********************************************
The DDS logs are not complete. Please run it again and post the two logs in their entirety

endlessvelocity · « **Reply #5 on:** November 05, 2011, 01:01:52 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/05/2011 at 11:58 AM

Application Version : 5.0.1134

Core Rules Database Version : 7904
Trace Rules Database Version: 5716

Scan type : Complete Scan
Total Scan Time : 01:28:40

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 682
Memory threats detected : 0
Registry items scanned : 69110
Registry threats detected : 0
File items scanned : 335513
File threats detected : 22

Adware.Tracking Cookie
   C:\USERS\DAWN\AppData\Roaming\Microsoft\Windows\Cookies\ZBYH4MOQ.txt [ Cookie:[email protected]/accounts/ ]
   C:\USERS\DAWN\Cookies\ZBYH4MOQ.txt [ Cookie:[email protected]/accounts/ ]
   C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Cookies\UY7NP468.txt [ /ad.yieldmanager.com ]
   C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Cookies\7P2WASSI.txt [ /atdmt.com ]
   C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Cookies\RE0C2KD3.txt [ /fastclick.net ]
   C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Cookies\BWBRJVS3.txt [ /doubleclick.net ]
   C:\USERS\DAWN\Cookies\UY7NP468.txt [ Cookie:[email protected]/ ]
   C:\USERS\DAWN\Cookies\7P2WASSI.txt [ Cookie:[email protected]/ ]
   C:\USERS\DAWN\Cookies\RE0C2KD3.txt [ Cookie:[email protected]/ ]
   C:\USERS\DAWN\Cookies\BWBRJVS3.txt [ Cookie:[email protected]/ ]
   .doubleclick.net [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   .mediaforge.com [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   .mediaforge.com [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]
   .charmingshoppes.112.2o7.net [ C:\USERS\DAWN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2I9RNTB0.DEFAULT\COOKIES.SQLITE ]

endlessvelocity · « **Reply #6 on:** November 05, 2011, 01:05:45 PM »

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2010 9:31:09 PM
System Uptime: 11/5/2011 8:48:56 AM (4 hours ago)
.
Motherboard: MSI | | 870A Fuzion (MS-7660)
Processor: AMD Athlon(tm) II X2 265 Processor | CPU1 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 629.225 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Device
Device ID: PCI\VEN_1FC8&DEV_0BE0&SUBSYS_00000000&REV_00\6&78EFBF1&0&00500010
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_1FC8&DEV_0BE0&SUBSYS_00000000&REV_00\6&78EFBF1&0&00500010
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 3Com 3C2000-T Gigabit Adapter
Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&378661BC&0&1.1.0
Manufacturer: Marvell
Name: 3Com 3C2000-T Gigabit Adapter
PNP Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&378661BC&0&1.1.0
Service: yukonw7
.
==== System Restore Points ===================
.
RP61: 11/4/2011 9:34:21 PM - Removed Apple Application Support
RP62: 11/4/2011 9:35:16 PM - Removed Apple Software Update
RP63: 11/4/2011 9:37:06 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
.
==== Installed Programs ======================
.
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Amazon Games & Software Downloader
AMD USB Filter Driver
AMD VISION Engine Control Center
Cake Mania 2
Cake Mania 3
calibre
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Chocolatier: Decadence by Design
Coconut Queen
Cooking Dash
Cooking Dash 3 Thrills and Spills standard edition
Diner Dash 5 - BOOM Collectors Edition
Diner Dash: Hometown Hero
DinerTown Tycoon
Dragon Age: Origins
Farm Frenzy Pizza Party
Flora's Fruit Farm
Gemini Lost
Hotel Dash
Java Auto Updater
Java(TM) 6 Update 29
Left 4 Dead 2
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 7.0.1 (x86 en-US)
OpenOffice.org 3.3
Pandora
Parking Dash
Plants vs. Zombies: Game of the Year
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
RIFT™
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Steam
Team Fortress 2
The Sims(TM) Medieval
Trillian
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
.
==== Event Viewer Messages From Past Week ========
.
11/5/2011 12:21:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv szkg5
11/4/2011 9:58:41 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/4/2011 9:30:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
11/4/2011 10:03:01 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
11/4/2011 10:02:01 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/4/2011 10:02:01 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 10:02:01 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 10:02:01 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 10:02:01 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/4/2011 10:02:01 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/4/2011 10:02:01 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/4/2011 10:02:01 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Dawn at 12:01:52 on 2011-11-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2025 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B8BF91C3-F192-4C64-9E55-C4BD5A036DDE} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-4 366152]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-4 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-8-30 401920]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-11-05 17:24:37   --------   d-----w-   C:\Program Files\CCleaner
2011-11-05 07:32:54   8570192   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-05 07:32:49   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C0000D0-9B02-41CD-9795-FA34C597280E}\offreg.dll
2011-11-05 07:32:48   8570192   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C0000D0-9B02-41CD-9795-FA34C597280E}\mpengine.dll
2011-11-05 04:40:16   --------   d-----w-   C:\Windows\pss
2011-11-05 04:23:34   --------   d-----w-   C:\Users\Dawn\AppData\Roaming\Malwarebytes
2011-11-05 04:23:27   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-11-05 04:23:24   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-11-05 04:23:24   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-04 17:08:02   476904   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-04 17:04:05   --------   d-----w-   C:\Users\Dawn\AppData\Roaming\SUPERAntiSpyware.com
2011-11-04 17:03:34   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2011-11-04 17:03:34   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-11-04 07:20:24   917840   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3EE22EE1-5A20-43C5-BB63-54EFC7898FB2}\gapaengine.dll
2011-11-04 07:19:17   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2011-11-04 07:19:11   --------   d-----w-   C:\Program Files\Microsoft Security Client
2011-11-04 07:11:02   --------   d-----w-   C:\ProgramData\STOPzilla!
2011-11-04 07:08:21   16432   ----a-w-   C:\Windows\System32\lsdelete.exe
2011-11-04 07:02:47   55384   ----a-w-   C:\Windows\System32\drivers\SBREDrv.sys
2011-11-04 07:00:53   69376   ----a-w-   C:\Windows\System32\drivers\Lbd.sys
2011-11-04 07:00:43   --------   d-----w-   C:\Program Files (x86)\Lavasoft
2011-11-01 09:57:02   8570192   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59C18DD8-9ABD-4DF8-9317-79797BAF1C62}\mpengine.dll
2011-10-26 05:51:25   6144   ----a-w-   C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 05:51:25   6144   ----a-w-   C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-07 00:11:16   159744   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-10-07 00:10:17   --------   d-----w-   C:\Users\Dawn\AppData\Local\Apple
.
==================== Find3M ====================
.
2011-11-04 02:53:07   404640   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 12:06:03   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:25:37   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-09-06 03:03:17   3138048   ----a-w-   C:\Windows\System32\win32k.sys
2011-09-02 05:14:44   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2011-09-02 05:14:44   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2011-08-27 05:37:49   861696   ----a-w-   C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48   331776   ----a-w-   C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
2011-08-25 03:19:10   56320   ----a-w-   C:\Windows\SysWow64\OpenVideo.dll
2011-08-25 03:18:30   13601280   ----a-w-   C:\Windows\SysWow64\amdocl.dll
2011-08-20 05:37:58   1188864   ----a-w-   C:\Windows\System32\wininet.dll
2011-08-20 04:31:05   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-08-17 05:26:46   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 12:02:17.34 ===============

SuperDave · « **Reply #7 on:** November 05, 2011, 04:33:25 PM »

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

endlessvelocity · « **Reply #8 on:** November 05, 2011, 07:51:19 PM »

I followed the instructions and turned off everything while it was running I stepped away and when I came back it had restarted my computer, so some of these programs (including steam) were loading up. So I'm not sure if that interfered, do you need me to run it again? Just let me know, thanks.

ComboFix 11-11-05.03 - Dawn 11/05/2011 18:27:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1862 [GMT -7:00]
Running from: c:\users\Dawn\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\extensions\{8ca99639-b4b1-4f29-807a-a7ce4b72b9c5}
c:\users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\extensions\{8ca99639-b4b1-4f29-807a-a7ce4b72b9c5}\chrome.manifest
c:\users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\extensions\{8ca99639-b4b1-4f29-807a-a7ce4b72b9c5}\chrome\xulcache.jar
c:\users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\extensions\{8ca99639-b4b1-4f29-807a-a7ce4b72b9c5}\defaults\preferences\xulcache.js
c:\users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\extensions\{8ca99639-b4b1-4f29-807a-a7ce4b72b9c5}\install.rdf
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 01:33 . 2011-11-06 01:33   69000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C0000D0-9B02-41CD-9795-FA34C597280E}\offreg.dll
2011-11-06 01:32 . 2011-11-06 01:32   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-11-05 17:24 . 2011-11-05 17:24   --------   d-----w-   c:\program files\CCleaner
2011-11-05 07:32 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-05 07:32 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C0000D0-9B02-41CD-9795-FA34C597280E}\mpengine.dll
2011-11-05 04:23 . 2011-11-05 04:23   --------   d-----w-   c:\users\Dawn\AppData\Roaming\Malwarebytes
2011-11-05 04:23 . 2011-11-05 04:23   --------   d-----w-   c:\programdata\Malwarebytes
2011-11-05 04:23 . 2011-11-05 04:23   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-05 04:23 . 2011-09-01 00:00   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-04 17:08 . 2011-10-03 12:06   476904   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-04 17:04 . 2011-11-04 17:04   --------   d-----w-   c:\users\Dawn\AppData\Roaming\SUPERAntiSpyware.com
2011-11-04 17:03 . 2011-11-04 17:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-11-04 17:03 . 2011-11-04 17:03   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-11-04 07:20 . 2011-11-04 07:20   917840   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EE22EE1-5A20-43C5-BB63-54EFC7898FB2}\gapaengine.dll
2011-11-04 07:19 . 2011-11-04 07:19   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-11-04 07:19 . 2011-11-04 07:19   --------   d-----w-   c:\program files\Microsoft Security Client
2011-11-04 07:11 . 2011-11-05 04:38   --------   d-----w-   c:\programdata\STOPzilla!
2011-11-04 07:08 . 2011-11-04 07:02   16432   ----a-w-   c:\windows\system32\lsdelete.exe
2011-11-04 07:02 . 2011-11-04 07:02   55384   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-11-04 07:00 . 2011-10-29 02:35   69376   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2011-11-04 07:00 . 2011-11-04 07:00   --------   d-----w-   c:\programdata\Lavasoft
2011-11-04 07:00 . 2011-11-04 07:00   --------   d-----w-   c:\program files (x86)\Lavasoft
2011-11-01 09:57 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{59C18DD8-9ABD-4DF8-9317-79797BAF1C62}\mpengine.dll
2011-10-26 05:51 . 2011-08-13 05:27   6144   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2011-10-26 05:51 . 2011-08-13 04:18   6144   ----a-w-   c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 02:53 . 2011-07-13 15:36   404640   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 12:06 . 2011-08-15 20:43   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-09-02 05:14 . 2011-09-02 05:14   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2011-09-02 05:14 . 2011-09-02 05:14   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2011-08-25 03:19 . 2011-08-25 03:19   56320   ----a-w-   c:\windows\SysWow64\OpenVideo.dll
2011-08-25 03:18 . 2011-08-25 03:18   13601280   ----a-w-   c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-09 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys

R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-29 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-29 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-04 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-11-05 18:38:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-06 01:38
.
Pre-Run: 675,478,331,392 bytes free
Post-Run: 675,223,048,192 bytes free
.
- - End Of File - - D9284F8FD0255EB38BDD4590E8AADB8D

SuperDave · « **Reply #9 on:** November 06, 2011, 12:21:21 PM »

Things look good in that log. Are you still getting the re-directs?

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

endlessvelocity · « **Reply #10 on:** November 06, 2011, 11:07:07 PM »

Here's the log for Rooter, I haven't had any redirects since last evening. Thanks so much for all your guys' help!

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.7601.17514
Mozilla Firefox 7.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:931 Go - Free:622 Go )
D:\ [CD_Rom]
.
Scan : 22:05.47
Path : C:\Users\Dawn\Desktop\Rooter.exe
User : Dawn ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______

? (272)
______

? (428)
______

? (500)
______

? (520)
______

? (556)
______

? (572)
______

? (580)
______

? (700)
______

? (724)
______

? (812)
______

? (864)
______

? (988)
______

? (108)
______

? (384)
______

? (420)
______

? (1080)
______

? (1164)
______

? (1216)
______ C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (1240)
______

? (1484)
______

? (1508)
______

? (1644)
______

? (1676)
______

? (1684)
______

? (1800)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1824)
______

? (1884)
______

? (1976)
______

? (2156)
______

? (2232)
______ C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (2464)
______

? (2516)
______

? (2524)
______ C:\Program Files (x86)\Steam\Steam.exe (2532)
______ C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (2604)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2828)
______

? (2876)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2892)
______

? (3056)
______

? (972)
______

? (2196)
______

? (3464)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3576)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4068)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (1628)
______

? (904)
______

? (824)
______

? (4572)
______

? (3756)
______ C:\Users\Dawn\Desktop\Rooter.exe (4276)
.
----------------------\\ Device\Harddisk0\

SuperDave · « **Reply #11 on:** November 07, 2011, 01:07:48 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

endlessvelocity · « **Reply #12 on:** November 09, 2011, 01:18:39 AM »

C:\Qoobox\Quarantine\C\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\extensions\{8ca99639-b4b1-4f29-807a-a7ce4b72b9c5}\chrome.manifest.vir   Win32/TrojanDownloader.Tracur.F trojan   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\2i9rntb0.default\extensions\{8ca99639-b4b1-4f29-807a-a7ce4b72b9c5}\chrome\xulcache.jar.vir   JS/Agent.NDO trojan   cleaned by deleting - quarantined
C:\Users\Dawn\Documents\Downloads\crap\Setup_FreeBurnerN.exe   Win32/Adware.Toolbar.Dealio application   deleted - quarantined

SuperDave · « **Reply #13 on:** November 09, 2011, 12:28:47 PM »

That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**********************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: Another Google redirect virus.. (Read 11337 times)

endlessvelocity

Another Google redirect virus..

Allan

Re: Another Google redirect virus..

endlessvelocity

Re: Another Google redirect virus..

endlessvelocity

Re: Another Google redirect virus..

SuperDave

Re: Another Google redirect virus..

endlessvelocity

Re: Another Google redirect virus..

endlessvelocity

Re: Another Google redirect virus..

SuperDave

Re: Another Google redirect virus..

endlessvelocity

Re: Another Google redirect virus..

SuperDave

Re: Another Google redirect virus..

endlessvelocity

Re: Another Google redirect virus..

SuperDave

Re: Another Google redirect virus..

endlessvelocity

Re: Another Google redirect virus..

SuperDave

Re: Another Google redirect virus..