Google links redirect to ads.

July 28, 2011 at 12:21:18
Specs: Windows 7
Google links are redirecting to ads. I have run a HijackThis but apparently i need to wait before i post it. And i don't want to screw up my computer so i have the report but haven't done anything to it.

See More: Google links redirect to ads.

Report •

#1
July 28, 2011 at 12:30:38
I would first check for an internal proxy, that's a tell-tale sign malware is messing with your browser.

Check: Control Panel > Internet Options > Connections tab > LAN Settings button.
The check-box option for "Use a proxy on your LAN" should almost always be disabled. If the address in the box is 127.0.0.1, and this option is enable, it's a good sign you've got a baddy installed. Disable it and get someone to check that HiJackThis log for you.


Report •

#2
July 28, 2011 at 12:36:49
Kendall,

Please do the following:

Download TDSSKiller.zip:
http://support.kaspersky.com/downlo...

Save to your Desktop

Execute TDSSKiller.exe by double-clicking on it.
Press 'Start Scan'

If Malicious objects are found, do NOT allow it to fix anything, and select: Skip
Need to see the report first.

Next, click 'Continue'
Once the tool finishes, a log is produced at the root drive which is typically C:\

For example, C:\TDSSKiller.<version_date_time_log.txt

Please post the contents of that report directly in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#3
July 28, 2011 at 14:39:52

it didn't say anything was infected but here is the report.

-------------

2011/07/28 16:37:53.0719 5188 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/28 16:37:54.0179 5188 ================================================================================
2011/07/28 16:37:54.0179 5188 SystemInfo:
2011/07/28 16:37:54.0179 5188
2011/07/28 16:37:54.0179 5188 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/28 16:37:54.0179 5188 Product type: Workstation
2011/07/28 16:37:54.0179 5188 ComputerName: KENDALL-PC
2011/07/28 16:37:54.0179 5188 UserName: Kendall
2011/07/28 16:37:54.0179 5188 Windows directory: C:\Windows
2011/07/28 16:37:54.0179 5188 System windows directory: C:\Windows
2011/07/28 16:37:54.0179 5188 Running under WOW64
2011/07/28 16:37:54.0179 5188 Processor architecture: Intel x64
2011/07/28 16:37:54.0179 5188 Number of processors: 2
2011/07/28 16:37:54.0179 5188 Page size: 0x1000
2011/07/28 16:37:54.0180 5188 Boot type: Normal boot
2011/07/28 16:37:54.0180 5188 ================================================================================
2011/07/28 16:37:54.0561 5188 Initialize success
2011/07/28 16:37:57.0386 1588 ================================================================================
2011/07/28 16:37:57.0386 1588 Scan started
2011/07/28 16:37:57.0386 1588 Mode: Manual;
2011/07/28 16:37:57.0386 1588 ================================================================================
2011/07/28 16:37:58.0133 1588 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/28 16:37:58.0251 1588 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/28 16:37:58.0354 1588 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/28 16:37:58.0499 1588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/28 16:37:58.0628 1588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/28 16:37:58.0761 1588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/28 16:37:58.0915 1588 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/28 16:37:59.0035 1588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/28 16:37:59.0167 1588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/28 16:37:59.0316 1588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/28 16:37:59.0448 1588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/28 16:37:59.0512 1588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/28 16:37:59.0658 1588 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/28 16:37:59.0775 1588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/28 16:37:59.0887 1588 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/28 16:38:00.0011 1588 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/28 16:38:00.0165 1588 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/28 16:38:00.0357 1588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/28 16:38:00.0469 1588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/28 16:38:00.0590 1588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/28 16:38:00.0702 1588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/28 16:38:00.0839 1588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/28 16:38:00.0971 1588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/28 16:38:01.0077 1588 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
2011/07/28 16:38:01.0242 1588 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/28 16:38:01.0414 1588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/28 16:38:01.0543 1588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/28 16:38:01.0711 1588 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/28 16:38:01.0846 1588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/28 16:38:01.0945 1588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/28 16:38:02.0069 1588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/28 16:38:02.0185 1588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/28 16:38:02.0285 1588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/28 16:38:02.0384 1588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/28 16:38:02.0502 1588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/28 16:38:02.0618 1588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/28 16:38:02.0731 1588 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/28 16:38:02.0845 1588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/28 16:38:02.0950 1588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/28 16:38:03.0105 1588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/28 16:38:03.0207 1588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/28 16:38:03.0323 1588 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/28 16:38:03.0452 1588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/28 16:38:03.0575 1588 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/28 16:38:03.0695 1588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/28 16:38:03.0849 1588 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/07/28 16:38:03.0948 1588 dc3d (db0459afd124ce5ccb649e33f95d715f) C:\Windows\system32\DRIVERS\dc3d.sys
2011/07/28 16:38:04.0107 1588 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/28 16:38:04.0233 1588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/28 16:38:04.0346 1588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/28 16:38:04.0470 1588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/28 16:38:04.0611 1588 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/28 16:38:04.0797 1588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/28 16:38:05.0002 1588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/28 16:38:05.0105 1588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/28 16:38:05.0236 1588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/28 16:38:05.0329 1588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/28 16:38:05.0435 1588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/28 16:38:05.0553 1588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/28 16:38:05.0650 1588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/28 16:38:05.0750 1588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/28 16:38:05.0872 1588 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/28 16:38:05.0985 1588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/28 16:38:06.0086 1588 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/28 16:38:06.0193 1588 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/28 16:38:06.0334 1588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/28 16:38:06.0478 1588 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/28 16:38:06.0610 1588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/28 16:38:06.0748 1588 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/28 16:38:06.0856 1588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/28 16:38:06.0968 1588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/28 16:38:07.0076 1588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/28 16:38:07.0186 1588 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/28 16:38:07.0313 1588 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/28 16:38:07.0431 1588 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/28 16:38:07.0530 1588 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/28 16:38:07.0654 1588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/28 16:38:07.0802 1588 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/28 16:38:07.0947 1588 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/28 16:38:08.0258 1588 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/28 16:38:08.0502 1588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/28 16:38:08.0607 1588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/28 16:38:08.0717 1588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/28 16:38:08.0837 1588 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/28 16:38:08.0949 1588 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/28 16:38:09.0052 1588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/28 16:38:09.0180 1588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/28 16:38:09.0280 1588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/28 16:38:09.0389 1588 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/28 16:38:09.0487 1588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/28 16:38:09.0594 1588 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/28 16:38:09.0713 1588 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/28 16:38:09.0837 1588 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/28 16:38:09.0928 1588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/28 16:38:10.0090 1588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/28 16:38:10.0240 1588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/28 16:38:10.0367 1588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/28 16:38:10.0492 1588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/28 16:38:10.0603 1588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/28 16:38:10.0716 1588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/28 16:38:10.0816 1588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/28 16:38:10.0930 1588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/28 16:38:11.0110 1588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/28 16:38:11.0215 1588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/28 16:38:11.0329 1588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/28 16:38:11.0441 1588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/28 16:38:11.0553 1588 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/28 16:38:11.0660 1588 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/28 16:38:11.0758 1588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/28 16:38:11.0883 1588 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/28 16:38:11.0990 1588 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/28 16:38:12.0116 1588 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/28 16:38:12.0222 1588 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/28 16:38:12.0267 1588 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/28 16:38:12.0373 1588 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/28 16:38:12.0535 1588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/28 16:38:12.0639 1588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/28 16:38:12.0731 1588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/28 16:38:12.0868 1588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/28 16:38:12.0970 1588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/28 16:38:13.0088 1588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/28 16:38:13.0207 1588 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/28 16:38:13.0307 1588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/28 16:38:13.0412 1588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/28 16:38:13.0522 1588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/28 16:38:13.0631 1588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/28 16:38:13.0752 1588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/28 16:38:13.0869 1588 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/28 16:38:13.0989 1588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/28 16:38:14.0104 1588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/28 16:38:14.0226 1588 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/28 16:38:14.0264 1588 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/28 16:38:14.0355 1588 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/28 16:38:14.0459 1588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/28 16:38:14.0596 1588 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/28 16:38:14.0752 1588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/28 16:38:14.0860 1588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/28 16:38:14.0901 1588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/28 16:38:15.0055 1588 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/28 16:38:15.0164 1588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/28 16:38:15.0270 1588 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/28 16:38:15.0388 1588 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/28 16:38:15.0488 1588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/28 16:38:15.0598 1588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/28 16:38:15.0754 1588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/28 16:38:15.0870 1588 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/28 16:38:16.0031 1588 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/28 16:38:16.0140 1588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/28 16:38:16.0248 1588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/28 16:38:16.0354 1588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/28 16:38:16.0451 1588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/28 16:38:16.0784 1588 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/28 16:38:16.0905 1588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/28 16:38:17.0044 1588 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/28 16:38:17.0160 1588 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/28 16:38:17.0306 1588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/28 16:38:17.0453 1588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/28 16:38:17.0565 1588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/28 16:38:17.0682 1588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/28 16:38:17.0783 1588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/28 16:38:17.0894 1588 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/28 16:38:18.0023 1588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/28 16:38:18.0168 1588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/28 16:38:18.0222 1588 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/28 16:38:18.0333 1588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/28 16:38:18.0464 1588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/28 16:38:18.0577 1588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/28 16:38:18.0683 1588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/28 16:38:18.0786 1588 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/28 16:38:18.0915 1588 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/28 16:38:19.0109 1588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/28 16:38:19.0218 1588 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/28 16:38:19.0348 1588 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/28 16:38:19.0451 1588 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/28 16:38:19.0638 1588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/28 16:38:19.0754 1588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/28 16:38:19.0868 1588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/28 16:38:19.0982 1588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/28 16:38:20.0119 1588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/28 16:38:20.0231 1588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/28 16:38:20.0334 1588 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/28 16:38:20.0445 1588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/28 16:38:20.0603 1588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/28 16:38:20.0721 1588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/28 16:38:20.0837 1588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/28 16:38:20.0975 1588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/28 16:38:21.0118 1588 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/28 16:38:21.0236 1588 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/28 16:38:21.0354 1588 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/28 16:38:21.0473 1588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/28 16:38:21.0569 1588 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/28 16:38:21.0698 1588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/28 16:38:21.0903 1588 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/28 16:38:22.0078 1588 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/28 16:38:22.0202 1588 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/28 16:38:22.0331 1588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/28 16:38:22.0436 1588 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/28 16:38:22.0565 1588 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/28 16:38:22.0672 1588 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/28 16:38:22.0821 1588 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/28 16:38:22.0939 1588 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/28 16:38:23.0055 1588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/28 16:38:23.0158 1588 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/28 16:38:23.0314 1588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/28 16:38:23.0432 1588 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/28 16:38:23.0559 1588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/28 16:38:23.0701 1588 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/28 16:38:23.0819 1588 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/07/28 16:38:23.0924 1588 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/28 16:38:24.0038 1588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/28 16:38:24.0177 1588 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/28 16:38:24.0313 1588 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/28 16:38:24.0410 1588 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/07/28 16:38:24.0521 1588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/28 16:38:24.0651 1588 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/28 16:38:24.0749 1588 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/28 16:38:24.0862 1588 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/28 16:38:25.0008 1588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/28 16:38:25.0200 1588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/28 16:38:25.0310 1588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/28 16:38:25.0424 1588 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/28 16:38:25.0527 1588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/28 16:38:25.0636 1588 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/28 16:38:25.0751 1588 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/28 16:38:25.0866 1588 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/28 16:38:25.0978 1588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/28 16:38:26.0105 1588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/28 16:38:26.0225 1588 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/28 16:38:26.0340 1588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/28 16:38:26.0460 1588 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 16:38:26.0504 1588 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 16:38:26.0682 1588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/28 16:38:26.0795 1588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/28 16:38:27.0009 1588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/28 16:38:27.0113 1588 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/28 16:38:27.0238 1588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/28 16:38:27.0414 1588 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/28 16:38:27.0540 1588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/28 16:38:27.0687 1588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/28 16:38:27.0859 1588 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/28 16:38:27.0954 1588 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/28 16:38:28.0099 1588 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/28 16:38:28.0153 1588 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/07/28 16:38:28.0175 1588 Boot (0x1200) (9025f5f50a56850b1f101cd31fc80309) \Device\Harddisk0\DR0\Partition0
2011/07/28 16:38:28.0209 1588 Boot (0x1200) (45e1dc5f68aa56a619c7427965da6aac) \Device\Harddisk0\DR0\Partition1
2011/07/28 16:38:28.0216 1588 ================================================================================
2011/07/28 16:38:28.0216 1588 Scan finished
2011/07/28 16:38:28.0216 1588 ================================================================================
2011/07/28 16:38:28.0237 3140 Detected object count: 0
2011/07/28 16:38:28.0237 3140 Actual detected object count: 0


Report •

Related Solutions

#4
July 28, 2011 at 14:40:20
there is no address in the box.


Report •

#5
July 28, 2011 at 15:10:13
Kendall,

Thanks for the info.

Please download iExplore.exe, which is a renamed copy of RKill:
http://www.bleepingcomputer.com/dow...

[If the file does not download, paste the following, >without the brackets<, in the address bar of your browser:
[http://www.bleepingcomputer.com/download/anti-virus/rkill]

Save the file to the Desktop

Right-click and select: Run as Administrator

Ignore any messages, and allow the file to run until the command window closes.
If you have problems running RKill, download any of the other renamed versions of RKill from its download page.


Without a reboot, download Malwarebytes’ Anti-Malware (black button with green and white icon) :
http://download.cnet.com/Malwarebyt...

Save to the Desktop

Right-click mbam-setup.exe and select: Run as Administrator

Follow the prompts to install the program.

Run Malwarfebytes’ AntiMalware and update the program.

Once updated, select Perform Full Scan and click the scan button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click the Remove Selected button to get rid of the malware.

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.

>>Please post the >Malwarebytes log< in your reply.<<

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#6
July 28, 2011 at 15:28:46
i''ve already scanned my computer with that. heres the log i did.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7260

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/24/2011 5:10:47 AM
mbam-log-2011-07-24 (05-10-47).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 349710
Time elapsed: 40 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Kendall\AppData\Local\Temp\867471686.dll (Spyware.OnLineGames) -> Quarantined and deleted successfully.
c:\Users\Kendall\AppData\Local\Temp\arp.bat (Spyware.OnLineGames) -> Quarantined and deleted successfully.
c:\Users\Kendall\AppData\Local\Temp\rmcwxenaos.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Kendall\AppData\Local\Temp\icreinstall\downloadmanagersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Kendall\AppData\Local\Temp\nsjCE8D.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Kendall\AppData\Local\Temp\nsoCF96.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Kendall\AppData\Local\Temp\nsyFDE6.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Kendall\AppData\Local\Temp\nsyFDE6.tmp\Setup.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Kendall\AppData\Roaming\dfq45cjf0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Kendall\downloads\downloadmanagersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Kendall\downloads\installer_sony_vegas_pro_9_0_build_563_(64_bit)_english.exe (PUP.SmsPay.pns) -> Not selected for removal.
c:\Users\Kendall\downloads\keygen(2).exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Kendall\downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.


i removed those items and it didn't do anything.


Report •

#7
July 28, 2011 at 15:57:00
Let's check the Master Boot Record (MBR)...

We can use Anti-Malware scanners endlessly, but the infection will return if its source is the Master Boot Record. The infection will load as soon as you boot into Windows.

For this reason, please download aswMBR:
http://public.avast.com/~gmerek/asw...
Save it to the Desktop.

XP users - Double-click aswMBR.exe to start the tool.
Vista/Windows 7 users - Right-click and select: Run as Administrator

Click Scan

Upon completion of the scan, click ‘Save log’ and save it to the Desktop,
Note - Do NOT attempt any fix anything!!.

>>Please post the log in your next reply.<<


Another file is created on the Desktop named MBR.dat.
If you have a USB flash drive, please move the mbr.dat file to it.
If not, move the mbr.dat from the Desktop, to the C:\ drive.

This is important, just in case we need to have access to the MBR information!!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#8
July 28, 2011 at 16:10:28
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-28 18:09:30
-----------------------------
18:09:30.295 OS Version: Windows x64 6.1.7600
18:09:30.295 Number of processors: 2 586 0x170A
18:09:30.298 ComputerName: KENDALL-PC UserName: Kendall
18:09:31.745 Initialize success
18:09:43.239 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:09:43.243 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
18:09:43.269 Disk 0 MBR read successfully
18:09:43.273 Disk 0 MBR scan
18:09:43.278 Disk 0 Windows VISTA default MBR code
18:09:43.284 Service scanning
18:09:44.704 Modules scanning
18:09:44.711 Disk 0 trace - called modules:
18:09:44.769 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003f97ee0]<<
18:09:44.777 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004149370]
18:09:44.784 Scan finished successfully
18:10:02.051 Disk 0 MBR has been saved successfully to "C:\Users\Kendall\Documents\MBR.dat"
18:10:02.052 The log file has been saved successfully to "C:\Users\Kendall\Documents\aswMBR.txt"



Report •

#9
July 28, 2011 at 16:15:10
Kendall,

Let's see if this one nails 'whatever' is causing the redirections...

Please download ComboFix:
http://download.bleepingcomputer.co...

Save ComboFix.exe to your Desktop!!


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of CF.

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link: http://www.bleepingcomputer.com/for...

Now, right-click on ComboFix.exe and select: Run as Administrator
Follow the prompts.

Make sure you skip the Recovery Console part since you are running Windows 7.

Click on Yes, to continue scanning for malware.

When finished, CF produces a report.

Since this report can also be quite large, please go to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the CF report, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Please copy the 'Download link', and provide it in your reply.

Notes:

1.Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#10
July 30, 2011 at 15:27:46
i wasn't quite sure how to work the uploading thing so i don't know, here is the report.


ComboFix 11-07-31.01 - Kendall 07/30/2011 17:28:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2686 [GMT -5:00]
Running from: c:\users\Kendall\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\programdata\api-ms-win-core-misc-l1-1-032.exe
c:\programdata\drprov32.exe
c:\programdata\drt32.exe
c:\programdata\iernonce32.dll
c:\programdata\iernonce32.exe
c:\programdata\ifmon32.exe
c:\programdata\ifsutil32.exe
c:\programdata\WinSATAPI32.dll
c:\programdata\WinSyncProviders32.exe
c:\programdata\wksprtPS32.exe
c:\users\Kendall\AppData\Local\{532B114A-1E27-4733-8E70-076DF70750EB}
c:\users\Kendall\AppData\Local\{532B114A-1E27-4733-8E70-076DF70750EB}\chrome.manifest
c:\users\Kendall\AppData\Local\{532B114A-1E27-4733-8E70-076DF70750EB}\chrome\content\_cfg.js
c:\users\Kendall\AppData\Local\{532B114A-1E27-4733-8E70-076DF70750EB}\chrome\content\overlay.xul
c:\users\Kendall\AppData\Local\{532B114A-1E27-4733-8E70-076DF70750EB}\install.rdf
c:\users\Kendall\AppData\Local\tnh.exe
c:\users\Kendall\AppData\Roaming\19ridof.log
c:\users\Kendall\AppData\Roaming\inlog
c:\users\Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\f5ox5tcx.default\extensions\{4139bf2d-5ce3-4021-9391-1c3675d6a813}
c:\users\Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\f5ox5tcx.default\extensions\{4139bf2d-5ce3-4021-9391-1c3675d6a813}\chrome.manifest
c:\users\Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\f5ox5tcx.default\extensions\{4139bf2d-5ce3-4021-9391-1c3675d6a813}\chrome\xulcache.jar
c:\users\Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\f5ox5tcx.default\extensions\{4139bf2d-5ce3-4021-9391-1c3675d6a813}\defaults\preferences\xulcache.js
c:\users\Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\f5ox5tcx.default\extensions\{4139bf2d-5ce3-4021-9391-1c3675d6a813}\install.rdf
c:\users\Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\f5ox5tcx.default\searchplugins\SearchquWebSearch.xml
c:\windows\system\msvbvm60.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp32
-------\Service_TabletInputService32
-------\Service_vds32
-------\Service_WdiServiceHost32
-------\Service_WSearch32
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-29 03:52 . 2011-07-29 03:52 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-07-29 03:52 . 2011-07-29 03:52 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-07-29 02:31 . 2011-07-29 02:31 -------- d-----w- c:\users\Kendall\AppData\Local\Apple
2011-07-28 21:13 . 2011-07-28 23:09 -------- d-----w- c:\users\Kendall\AppData\Local\Adobe
2011-07-24 10:23 . 2011-07-24 10:23 -------- d-----w- c:\program files\iPod
2011-07-24 10:23 . 2011-07-24 10:24 -------- d-----w- c:\program files\iTunes
2011-07-24 10:21 . 2011-07-24 10:21 -------- d-----w- c:\program files\Bonjour
2011-07-24 10:21 . 2011-07-24 10:21 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-23 07:06 . 2011-07-23 07:06 -------- d-----w- c:\users\Kendall\AppData\Roaming\NetMedia Providers
2011-07-23 06:16 . 2011-07-23 06:16 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2011-07-23 06:15 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2011-07-23 06:15 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2011-07-23 06:15 . 2011-07-23 06:15 -------- d-----w- c:\program files (x86)\Outsim
2011-07-23 06:13 . 2011-07-23 06:15 -------- d-----w- c:\program files (x86)\Image-Line
2011-07-23 06:12 . 2011-07-23 06:12 819729 ----a-w- c:\windows\SysWow64\mrvcl32.exe
2011-07-23 06:04 . 2011-07-24 10:10 -------- d-----w- c:\users\Kendall\AppData\Roaming\Azureus
2011-07-23 05:53 . 2011-07-23 05:54 -------- d-----w- c:\program files (x86)\Download Manager
2011-07-19 05:04 . 2011-07-19 05:04 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-07-19 05:04 . 2011-07-19 05:04 -------- d-----r- c:\program files (x86)\Skype
2011-07-12 16:34 . 2011-07-12 16:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:34 . 2011-07-12 16:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:34 . 2011-07-12 16:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:34 . 2011-07-12 16:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-07 01:05 . 2011-07-28 19:09 -------- d-----w- c:\program files (x86)\trend micro
2011-07-07 01:05 . 2011-07-07 01:05 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:52 . 2010-05-23 20:25 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-05-23 20:25 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-27 06:28 . 2011-06-11 01:55 0 ----a-w- c:\users\Kendall\AppData\Local\Oguyon.bin
2011-06-24 08:46 . 2011-06-24 08:46 565248 ----a-w- c:\windows\SysWow64\msorcl3232.exe
2011-06-24 08:46 . 2011-06-24 08:46 565248 ----a-w- c:\windows\SysWow64\KBDA132.exe
2011-06-11 01:54 . 2011-06-11 01:54 150 ----a-w- c:\users\Kendall\AppData\Roaming\tlzsmw3rr.bat
2011-06-09 22:38 . 2011-06-09 22:38 18944 ----a-r- c:\users\Kendall\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-06-02 05:56 . 2011-07-13 05:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-14 22:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-14 22:50 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 11:21 . 2011-06-29 00:09 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 00:09 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 00:09 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 00:09 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 00:09 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-10 13:06 . 2011-05-10 13:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 13:06 . 2011-05-10 13:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-04 05:30 . 2011-06-29 00:09 2326016 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:28 . 2011-06-29 00:09 2228224 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:28 . 2011-06-29 00:09 779264 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:28 . 2011-06-29 00:09 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:28 . 2011-06-29 00:09 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:28 . 2011-06-29 00:09 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:24 . 2011-06-29 00:09 593408 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:24 . 2011-06-29 00:09 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:24 . 2011-06-29 00:09 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:53 . 2011-06-29 00:09 1553920 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:52 . 2011-06-29 00:09 1401856 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:52 . 2011-06-29 00:09 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:52 . 2011-06-29 00:09 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:52 . 2011-06-29 00:09 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:52 . 2011-06-29 00:09 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:52 . 2011-06-29 00:09 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52 . 2011-06-29 00:09 428032 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52 . 2011-06-29 00:09 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51 . 2011-06-14 22:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-14 22:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-14 22:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-14 22:49 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-14 22:49 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-04-17 23:27 139768 ----a-w- c:\users\Kendall\AppData\Roaming\ComplitlyEngine\ComplitlyEngine.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Kendall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Driver performer.lnk - c:\users\Kendall\Downloads\DriverPerformer_V15.exe [2011-6-5 233056]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 136176]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 clr_optimization_v2.0.50727_643232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\api-ms-win-core-misc-l1-1-032.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SCPolicySvc32;Smart Card Removal Policy ;c:\programdata\rascfg32.exe [2011-06-24 565248]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-07-16 648432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 06:09]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 06:09]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4106347209-3009637940-228828294-1000Core.job
- c:\users\Kendall\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 08:38]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4106347209-3009637940-228828294-1000UA.job
- c:\users\Kendall\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 08:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-04-17 23:27 167416 ----a-w- c:\users\Kendall\AppData\Roaming\ComplitlyEngine\64\ComplitlyEngine64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF6262.cfxxe" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/hypercam/{A8D6642B-79E7-4D4F-A0A5-58ACC66C2F01}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: facebook.com\www
Trusted Zone: myspace.com\www
Trusted Zone: oceanup.com\www
Trusted Zone: watch-movies-online.tv\www
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\f5ox5tcx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z003&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: ComplitlyEngine - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: FreeOnlineRadioPlayerRecorder Community Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files (x86)\Google\Google Gears\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Download-Manager - c:\program files (x86)\Download Manager\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\06\17\06\04\06ƒ"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\msorcl3232.exe
c:\windows\SysWOW64\kbda132.exe
c:\programdata\iernonce32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-07-30 18:09:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-30 23:09
.
Pre-Run: 353,355,780,096 bytes free
Post-Run: 353,204,436,992 bytes free
.
- - End Of File - - 53565B7887ACA7A72D644347FA08B1F1


Report •

#11
July 30, 2011 at 19:03:16
Kendall,

Any improvement, or are you still getting redirected?

In any event, please submit each of the following files for analysis to Virus Total, one at a time:
http://www.virustotal.com/

c:\windows\SysWOW64\msorcl3232.exe
c:\windows\SysWOW64\kbda132.exe
c:\programdata\iernonce32.exe

Use the 'Browse' button to navigate to the location of each file

Click on a file, and then click the 'Open' button.
The file is now displayed in the Submit Box.

Scroll down and click 'Send File', and wait for the results.

If you get a message saying: 'File has already been analyzed', click 'Reanalyze file now'

Once scanned, please provide the link to the results page for each file in your reply.

Note: You may need to enable the viewing of hidden and protected system files in Windows 7:

Close all programs so that you are at your Desktop.
Click on the 'Start' button (globe).
Click on the 'Control Pane'l menu option.
Click on: 'Appearance and Personalization'

Under 'Folder Options', click on: 'Show hidden files and folder's
Under the 'Hidden Files and Folders' section, tick: 'Show hidden files, folders, and drives'.

Remove the checkmark from the check from: 'Hide extensions for known file types'.

Remove the checkmark from the check from: 'Hide protected operating system files (Recommended)'.

Press the 'Apply' button and then OK

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#12
July 31, 2011 at 08:56:17
hi, thanks so much! the redirecting is still occurring. not as often but it still does.

when i tried to do the third link you gave me, it said it couldn't be found still after i went to my folder options like you said,
but here are the first two.

http://www.virustotal.com/file-scan...

http://www.virustotal.com/file-scan...


Report •

#13
July 31, 2011 at 11:18:11
Kendall,

Thank you for the report.

The CF log showed those malicious files, and we need to get rid of them.

Be sure to continue temporarily disabling your protective software.

Now, open Notepad (Start > Run, in the Open field type: notepad)
Click: OK

Copy/paste all the following text below to Notepad:

KillAll::
File::
c:\windows\SysWOW64\msorcl3232.exe
c:\windows\SysWOW64\kbda132.exe
c:\programdata\iernonce32.exe

Save as CFScript.txt
Change the 'Save as type' to: All Files (*.*)

Save it to the Desktop

(Both the ComboFix icon and the CFScript.txt must be on the Desktop.)

http://img.photobucket.com/albums/v...

Left click and drag the CFScript.txt file over to the ComboFix icon. Then, 'drop' it over CF.

This triggers ComboFix to run another scan where it carries out the commands of CFScript.

CF may reboot when it finishes. This is normal.

Do not mouse-click ComboFix while it is running, as iIt may cause a stall!

When finished, a log is produced: ComboFix.txt

Please upload the contents of the new ComboFix.txt to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Please copy the 'Download link', and provide it in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#14
July 31, 2011 at 15:52:17
ComboFix 11-07-31.04 - Kendall 07/31/2011 17:24:10.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2628 [GMT -5:00]
Running from: c:\users\Kendall\Desktop\ComboFix.exe
Command switches used :: c:\users\Kendall\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\iernonce32.exe"
"c:\windows\SysWOW64\kbda132.exe"
"c:\windows\SysWOW64\msorcl3232.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\api-ms-win-core-misc-l1-1-032.dll
c:\programdata\drprov32.dll
c:\programdata\ifmon32.dll
c:\programdata\rascfg32.exe
c:\programdata\WinSyncProviders32.dll
c:\windows\SysWOW64\kbda132.exe
c:\windows\SysWOW64\msorcl3232.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SCPolicySvc32
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-29 03:52 . 2011-07-29 03:52 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-07-29 03:52 . 2011-07-29 03:52 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-07-29 02:31 . 2011-07-29 02:31 -------- d-----w- c:\users\Kendall\AppData\Local\Apple
2011-07-28 21:13 . 2011-07-28 23:09 -------- d-----w- c:\users\Kendall\AppData\Local\Adobe
2011-07-24 10:23 . 2011-07-24 10:23 -------- d-----w- c:\program files\iPod
2011-07-24 10:23 . 2011-07-24 10:24 -------- d-----w- c:\program files\iTunes
2011-07-24 10:21 . 2011-07-24 10:21 -------- d-----w- c:\program files\Bonjour
2011-07-24 10:21 . 2011-07-24 10:21 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-23 07:06 . 2011-07-23 07:06 -------- d-----w- c:\users\Kendall\AppData\Roaming\NetMedia Providers
2011-07-23 06:16 . 2011-07-23 06:16 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2011-07-23 06:15 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2011-07-23 06:15 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2011-07-23 06:15 . 2011-07-23 06:15 -------- d-----w- c:\program files (x86)\Outsim
2011-07-23 06:13 . 2011-07-23 06:15 -------- d-----w- c:\program files (x86)\Image-Line
2011-07-23 06:12 . 2011-07-23 06:12 819729 ----a-w- c:\windows\SysWow64\mrvcl32.exe
2011-07-23 06:04 . 2011-07-24 10:10 -------- d-----w- c:\users\Kendall\AppData\Roaming\Azureus
2011-07-23 05:53 . 2011-07-23 05:54 -------- d-----w- c:\program files (x86)\Download Manager
2011-07-19 05:04 . 2011-07-19 05:04 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-07-19 05:04 . 2011-07-19 05:04 -------- d-----r- c:\program files (x86)\Skype
2011-07-12 16:34 . 2011-07-12 16:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:34 . 2011-07-12 16:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:34 . 2011-07-12 16:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:34 . 2011-07-12 16:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-07 01:05 . 2011-07-28 19:09 -------- d-----w- c:\program files (x86)\trend micro
2011-07-07 01:05 . 2011-07-07 01:05 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:52 . 2010-05-23 20:25 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-05-23 20:25 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-27 06:28 . 2011-06-11 01:55 0 ----a-w- c:\users\Kendall\AppData\Local\Oguyon.bin
2011-06-11 01:54 . 2011-06-11 01:54 150 ----a-w- c:\users\Kendall\AppData\Roaming\tlzsmw3rr.bat
2011-06-09 22:38 . 2011-06-09 22:38 18944 ----a-r- c:\users\Kendall\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-06-02 05:56 . 2011-07-13 05:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-14 22:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-14 22:50 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 11:21 . 2011-06-29 00:09 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 00:09 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 00:09 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 00:09 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 00:09 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-10 13:06 . 2011-05-10 13:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 13:06 . 2011-05-10 13:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-04 05:30 . 2011-06-29 00:09 2326016 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:28 . 2011-06-29 00:09 2228224 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:28 . 2011-06-29 00:09 779264 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:28 . 2011-06-29 00:09 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:28 . 2011-06-29 00:09 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:28 . 2011-06-29 00:09 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:24 . 2011-06-29 00:09 593408 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:24 . 2011-06-29 00:09 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:24 . 2011-06-29 00:09 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:53 . 2011-06-29 00:09 1553920 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:52 . 2011-06-29 00:09 1401856 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:52 . 2011-06-29 00:09 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:52 . 2011-06-29 00:09 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:52 . 2011-06-29 00:09 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:52 . 2011-06-29 00:09 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:52 . 2011-06-29 00:09 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52 . 2011-06-29 00:09 428032 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52 . 2011-06-29 00:09 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51 . 2011-06-14 22:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-14 22:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-14 22:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-14 22:49 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-14 22:49 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-30_23.03.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-07-31 22:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-30 23:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-30 23:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 22:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-30 23:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 22:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-25 06:07 . 2011-07-30 23:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-25 06:07 . 2011-07-31 22:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-25 06:07 . 2011-07-31 22:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-25 06:07 . 2011-07-30 23:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-25 06:07 . 2011-07-30 23:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-25 06:07 . 2011-07-31 22:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-25 06:39 . 2011-07-31 22:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 06:39 . 2011-07-30 23:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 06:39 . 2011-07-30 23:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-25 06:39 . 2011-07-31 22:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-31 22:30 . 2011-07-31 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-30 23:03 . 2011-07-30 23:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-31 22:30 . 2011-07-31 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-30 23:03 . 2011-07-30 23:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-25 08:08 . 2011-07-31 15:37 255514 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-25 06:36 . 2011-07-31 21:46 282170 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2011-07-30 23:02 339920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-31 22:29 339920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-07-30 14:59 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-07-31 15:58 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-04-17 23:27 139768 ----a-w- c:\users\Kendall\AppData\Roaming\ComplitlyEngine\ComplitlyEngine.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Kendall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Driver performer.lnk - c:\users\Kendall\Downloads\DriverPerformer_V15.exe [2011-6-5 233056]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v2.0.50727_6432;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\windows\system32\msorcl3232.exe [x]
R2 clr_optimization_v2.0.50727_643232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\api-ms-win-core-misc-l1-1-032.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 136176]
R2 p2pimsvc32;Peer Networking Identity Manager ;c:\windows\system32\kbda132.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-07-16 648432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 06:09]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 06:09]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4106347209-3009637940-228828294-1000Core.job
- c:\users\Kendall\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 08:38]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4106347209-3009637940-228828294-1000UA.job
- c:\users\Kendall\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 08:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-04-17 23:27 167416 ----a-w- c:\users\Kendall\AppData\Roaming\ComplitlyEngine\64\ComplitlyEngine64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF25379.cfxxe" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/hypercam/{A8D6642B-79E7-4D4F-A0A5-58ACC66C2F01}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: facebook.com\www
Trusted Zone: myspace.com\www
Trusted Zone: oceanup.com\www
Trusted Zone: watch-movies-online.tv\www
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\f5ox5tcx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z003&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: ComplitlyEngine - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: FreeOnlineRadioPlayerRecorder Community Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files (x86)\Google\Google Gears\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\06\17\06\04\06ƒ"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-07-31 17:47:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-31 22:47
ComboFix2.txt 2011-07-30 23:09
.
Pre-Run: 351,312,322,560 bytes free
Post-Run: 350,967,717,888 bytes free
.
- - End Of File - - AD4B31328C775878FFFB1AFAEE50776D

Report •

#15
July 31, 2011 at 16:29:13
How is it going now?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#16
July 31, 2011 at 16:34:36
things seem to be going fine but that would happen and the links would work and then the next time they wouldn't. but everything seems to be fine now.

but next to the links it says cached, and i didn't know if that meant something because i had seen that on a question someone asked when i was googling about the problem some time back. so i didn't know if that meant anything or not.


Report •

#17
July 31, 2011 at 20:02:10
Cached pages are nothing to worry about:
http://www.googleguide.com/cached_p...

Try the computer for a few days, and if the problem returns, post back.

Otherwise, you are good to go.

The following step will implement a cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.

Press 'Start' 'R' at he same time, and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall


To help protect your computer, look into the following free programs:

SpywareBlaster
http://www.javacoolsoftware.com/spy...

Helps prevent spyware from installing in the first place. Install and update SpywareBlaster with the latest definitions. After updating, click the button: 'Enable protection for all unprotected items'.


Web of Trust:
http://www.mywot.com/

This free browser add-on (available for both Firefox and IE) warns you about risky websites that try to scam visitors, deliver malware, or send spam. It is especially helpful when browsing or searching in unfamiliar territory.

WOT's color-coded icons help you avoid dangerous sites:
Green to go
Yellow for caution
Red to stop


If you wish, mark the reply that helped the most as 'Best Answer' (if you think there is one) so others looking for help with the same issue will know what topic to look at. It also marks the topic as 'Solved'.

Good luck, Kendall!!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#18
August 2, 2011 at 20:17:25
thanks so much for all your help! you've helped me sooooo much! THANK YOU!

Report •

#19
August 2, 2011 at 20:54:55
Glad to help.

Good luck, Kendall!!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

Ask Question