Jump to content

rheaslip

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I think that the computer is fixed. I don't seem to be having any more redirect problems with Firefox or IE. Thank you for helping me.
  2. The main one that is running that is being redirected is Firefox 13.0. The only other one I have instailled but hardly ever use is Internet Explorer Verison 9.0.8112.16421.
  3. Gringo, Sorry I have not been getting back to you quickly. I do appricate the time and help you are giving me, just trying to find time to sit down and work with the computer. The whitesmoke toobar is gone and I am getting redirected less with the computer, however I am still being redireced to an ad site every once in a while (maybe every 10-15 minutes of internet browsing). The following is my report from OTL: ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully. File Protocol\Handler\msdaipp - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found. File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found. File Protocol\Handler\msdaipp\oledb - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. HKU\S-1-5-21-2477298372-428459766-202237345-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "WhiteSmoke US Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13" removed from browser.startup.homepage Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" removed from keyword.URL Folder C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\ not found. C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\wecarereminder@bryan\META-INF folder moved successfully. C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\wecarereminder@bryan\defaults\preferences folder moved successfully. C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\wecarereminder@bryan\defaults folder moved successfully. C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\wecarereminder@bryan\components folder moved successfully. C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\wecarereminder@bryan\chrome\logo folder moved successfully. C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\wecarereminder@bryan\chrome folder moved successfully. C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\wecarereminder@bryan folder moved successfully. C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\searchplugins\conduit.xml moved successfully. C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\sszivkqrdb@sszivkqrdb.org.xpi moved successfully. C:\Users\Susannah\AppData\Local\jetmp3\ie folder moved successfully. C:\Users\Susannah\AppData\Local\jetmp3 folder moved successfully. C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully. C:\Program Files (x86)\Conduit folder moved successfully. C:\ProgramData\MFAData\pack folder moved successfully. C:\ProgramData\MFAData\logs folder moved successfully. C:\ProgramData\MFAData folder moved successfully. C:\Users\Susannah\AppData\Local\Conduit folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Susannah\Desktop\Virus\cmd.bat deleted successfully. C:\Users\Susannah\Desktop\Virus\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: AppData User: Default User: Default User User: Public User: Susannah ->Java cache emptied: 119509 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: AppData User: Default ->Flash cache emptied: 56502 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Susannah ->Flash cache emptied: 1007 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.45.0 log created on 06032012_101002
  4. OTL logfile created on: 6/1/2012 5:03:21 PM - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Susannah\Desktop\Virus 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.08% Memory free 16.20 Gb Paging File | 14.42 Gb Available in Paging File | 89.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298.09 Gb Total Space | 173.09 Gb Free Space | 58.06% Space Free | Partition Type: NTFS Drive D: | 578.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: SUSANNAH-PC | User Name: Susannah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Susannah\Desktop\Virus\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uviplPX.dll () MOD - C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvipl.dll () MOD - C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\Cpuinf32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation) SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (udfs) -- C:\Windows\SysNative\DRIVERS\udfs.sys (Microsoft Corporation) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider) DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.) DRV:64bit: - (Amusbprt) -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys (A4Tech Co.,Ltd.) DRV:64bit: - (IPMIDRV) -- C:\Windows\SysNative\drivers\ipmidrv.sys (Microsoft Corporation) DRV:64bit: - (i2omp) -- C:\Windows\SysNative\drivers\i2omp.sys (Microsoft Corporation) DRV:64bit: - (adpu320) -- C:\Windows\SysNative\drivers\adpu320.sys (Adaptec, Inc.) DRV:64bit: - (Wd) -- C:\Windows\SysNative\drivers\wd.sys (Microsoft Corporation) DRV:64bit: - (mpio) -- C:\Windows\SysNative\drivers\mpio.sys (Microsoft Corporation) DRV:64bit: - (SiSRaid4) -- C:\Windows\SysNative\drivers\sisraid4.sys (Silicon Integrated Systems) DRV:64bit: - (vsmraid) -- C:\Windows\SysNative\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV:64bit: - (fdc) -- C:\Windows\SysNative\DRIVERS\fdc.sys (Microsoft Corporation) DRV:64bit: - (usbuhci) -- C:\Windows\SysNative\DRIVERS\usbuhci.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) DRV:64bit: - (msdsm) -- C:\Windows\SysNative\drivers\msdsm.sys (Microsoft Corporation) DRV:64bit: - (blbdrive) -- C:\Windows\SysNative\drivers\blbdrive.sys (Microsoft Corporation) DRV:64bit: - (circlass) -- C:\Windows\SysNative\drivers\circlass.sys (Microsoft Corporation) DRV:64bit: - (LSI_SCSI) -- C:\Windows\SysNative\drivers\lsi_scsi.sys (LSI Logic) DRV:64bit: - (arcsas) -- C:\Windows\SysNative\drivers\arcsas.sys (Adaptec, Inc.) DRV:64bit: - (sffdisk) -- C:\Windows\SysNative\drivers\sffdisk.sys (Microsoft Corporation) DRV:64bit: - (elxstor) -- C:\Windows\SysNative\drivers\elxstor.sys (Emulex) DRV:64bit: - (iaStorV) -- C:\Windows\SysNative\drivers\iastorv.sys (Intel Corporation) DRV:64bit: - (HpCISSs) -- C:\Windows\SysNative\drivers\hpcisss.sys (Hewlett-Packard Company) DRV:64bit: - (megasas) -- C:\Windows\SysNative\drivers\megasas.sys (LSI Corporation) DRV:64bit: - (sermouse) -- C:\Windows\SysNative\drivers\sermouse.sys (Microsoft Corporation) DRV:64bit: - (MegaSR) -- C:\Windows\SysNative\drivers\megasr.sys (LSI Corporation, Inc.) DRV:64bit: - (uliahci) -- C:\Windows\SysNative\drivers\uliahci.sys (ULi Electronics Inc.) DRV:64bit: - (LSI_SAS) -- C:\Windows\SysNative\drivers\lsi_sas.sys (LSI Logic) DRV:64bit: - (SiSRaid2) -- C:\Windows\SysNative\drivers\sisraid2.sys (Microsoft Corporation) DRV:64bit: - (flpydisk) -- C:\Windows\SysNative\DRIVERS\flpydisk.sys (Microsoft Corporation) DRV:64bit: - (adpahci) -- C:\Windows\SysNative\drivers\adpahci.sys (Adaptec, Inc.) DRV:64bit: - (nvraid) -- C:\Windows\SysNative\drivers\nvraid.sys (NVIDIA Corporation) DRV:64bit: - (adpu160m) -- C:\Windows\SysNative\drivers\adpu160m.sys (Adaptec, Inc.) DRV:64bit: - (VST64_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (adp94xx) -- C:\Windows\SysNative\drivers\adp94xx.sys (Adaptec, Inc.) DRV:64bit: - (VST64HWBS2) -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS (Conexant Systems, Inc.) DRV:64bit: - (ql2300) -- C:\Windows\SysNative\drivers\ql2300.sys (QLogic Corporation) DRV:64bit: - (ulsata2) -- C:\Windows\SysNative\drivers\ulsata2.sys (Promise Technology, Inc.) DRV:64bit: - (arc) -- C:\Windows\SysNative\drivers\arc.sys (Adaptec, Inc.) DRV:64bit: - (rdpdr) -- C:\Windows\SysNative\drivers\rdpdr.sys (Microsoft Corporation) DRV:64bit: - (LSI_FC) -- C:\Windows\SysNative\drivers\lsi_fc.sys (LSI Logic) DRV:64bit: - (intelppm) -- C:\Windows\SysNative\DRIVERS\intelppm.sys (Microsoft Corporation) DRV:64bit: - (Processor) -- C:\Windows\SysNative\drivers\processr.sys (Microsoft Corporation) DRV:64bit: - (isapnp) -- C:\Windows\SysNative\drivers\isapnp.sys (Microsoft Corporation) DRV:64bit: - (msahci) -- C:\Windows\SysNative\drivers\msahci.sys (Microsoft Corporation) DRV:64bit: - (Compbatt) -- C:\Windows\SysNative\drivers\compbatt.sys (Microsoft Corporation) DRV:64bit: - (intelide) -- C:\Windows\SysNative\drivers\intelide.sys (Microsoft Corporation) DRV:64bit: - (viaide) -- C:\Windows\SysNative\drivers\viaide.sys (VIA Technologies, Inc.) DRV:64bit: - (cmdide) -- C:\Windows\SysNative\drivers\cmdide.sys (CMD Technology, Inc.) DRV:64bit: - (amdide) -- C:\Windows\SysNative\drivers\amdide.sys (Microsoft Corporation) DRV:64bit: - (aliide) -- C:\Windows\SysNative\drivers\aliide.sys (Acer Laboratories Inc.) DRV:64bit: - (WmiAcpi) -- C:\Windows\SysNative\drivers\wmiacpi.sys (Microsoft Corporation) DRV:64bit: - (ErrDev) -- C:\Windows\SysNative\drivers\errdev.sys (Microsoft Corporation) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (Amfilter) -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys ((Standard mouse types)) DRV:64bit: - (nfrd960) -- C:\Windows\SysNative\drivers\nfrd960.sys (IBM Corporation) DRV:64bit: - (Symc8xx) -- C:\Windows\SysNative\drivers\symc8xx.sys (LSI Logic) DRV:64bit: - (Sym_u3) -- C:\Windows\SysNative\drivers\sym_u3.sys (LSI Logic) DRV:64bit: - (iirsp) -- C:\Windows\SysNative\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV:64bit: - (Sym_hi) -- C:\Windows\SysNative\drivers\sym_hi.sys (LSI Logic) DRV:64bit: - (Mraid35x) -- C:\Windows\SysNative\drivers\mraid35x.sys (LSI Logic Corporation) DRV:64bit: - (iteraid) -- C:\Windows\SysNative\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV:64bit: - (iteatapi) -- C:\Windows\SysNative\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV:64bit: - (pcmcia) -- C:\Windows\SysNative\drivers\pcmcia.sys (Microsoft Corporation) DRV:64bit: - (UlSata) -- C:\Windows\SysNative\drivers\ulsata.sys (Promise Technology, Inc.) DRV:64bit: - (ql40xx) -- C:\Windows\SysNative\drivers\ql40xx.sys (QLogic Corporation) DRV:64bit: - (sbp2port) -- C:\Windows\SysNative\drivers\sbp2port.sys (Microsoft Corporation) DRV:64bit: - (aic78xx) -- C:\Windows\SysNative\drivers\djsvs.sys (Adaptec, Inc.) DRV:64bit: - (BTHMODEM) -- C:\Windows\SysNative\drivers\bthmodem.sys (Microsoft Corporation) DRV:64bit: - (HidBth) -- C:\Windows\SysNative\drivers\hidbth.sys (Microsoft Corporation) DRV:64bit: - (usbccgp) -- C:\Windows\SysNative\DRIVERS\usbccgp.sys (Microsoft Corporation) DRV:64bit: - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\SysNative\drivers\usbcir.sys (Microsoft Corporation) DRV:64bit: - (HidIr) -- C:\Windows\SysNative\drivers\hidir.sys (Microsoft Corporation) DRV:64bit: - (WacomPen) -- C:\Windows\SysNative\drivers\wacompen.sys (Microsoft Corporation) DRV:64bit: - (sfloppy) -- C:\Windows\SysNative\drivers\sfloppy.sys (Microsoft Corporation) DRV:64bit: - (Parport) -- C:\Windows\SysNative\drivers\parport.sys (Microsoft Corporation) DRV:64bit: - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\SysNative\drivers\brserid.sys (Brother Industries Ltd.) DRV:64bit: - (BrSerWdm) -- C:\Windows\SysNative\drivers\brserwdm.sys (Brother Industries Ltd.) DRV:64bit: - (BrUsbMdm) -- C:\Windows\SysNative\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant) DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785 IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 4D 84 0C A9 9F CB 01 [binary data] IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\..\SearchScopes,DefaultScope = {F8B07734-2B06-42EE-97CC-8462CC07F325} IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\..\SearchScopes\{0B37FBC1-F9A6-4B2D-9829-754F2C049ECE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\..\SearchScopes\{2FD9507E-CF43-4216-9A20-F148235F8FD7}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\..\SearchScopes\{F8B07734-2B06-42EE-97CC-8462CC07F325}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\..\SearchScopes\{FC56E86F-34BA-483F-A933-7390229974E0}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-2477298372-428459766-202237345-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/26 16:00:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/27 18:43:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/27 18:43:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/10 09:58:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/12/18 15:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susannah\AppData\Roaming\Mozilla\Extensions [2010/12/18 15:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susannah\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/05/26 15:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions [2010/12/18 15:40:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/05/26 15:54:26 | 000,000,000 | ---D | M] (WhiteSmoke US Community Toolbar) -- C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} [2010/12/18 15:40:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2012/05/26 15:54:21 | 000,000,000 | ---D | M] (JetMP3) -- C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\jetmp3@jetpack [2012/04/07 09:10:56 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\extensions\wecarereminder@bryan [2012/05/22 11:24:04 | 000,000,929 | ---- | M] () -- C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\searchplugins\conduit.xml [2011/12/14 04:26:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/05/25 08:22:36 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\SUSANNAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3IBO47UN.DEFAULT\EXTENSIONS\SSZIVKQRDB@SSZIVKQRDB.ORG.XPI [2012/05/04 13:03:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/01/22 16:35:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/01/22 16:35:09 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/05/31 06:50:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PhotoExplosionCalCheck] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKU\S-1-5-21-2477298372-428459766-202237345-1000..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2477298372-428459766-202237345-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2477298372-428459766-202237345-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3428694F-CAF6-4D53-AC0A-6444815FB9E6}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAD664F1-E5D1-4CB3-B368-EDED782DFBDD}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Susannah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Susannah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/03/25 09:11:02 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/31 06:58:09 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/05/31 06:58:09 | 000,000,000 | ---D | C] -- C:\Users\Susannah\AppData\Local\temp [2012/05/31 06:50:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/05/30 07:13:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/05/30 07:13:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/05/30 07:13:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/05/29 08:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/05/27 19:19:32 | 000,000,000 | ---D | C] -- C:\Users\Susannah\AppData\Roaming\Malwarebytes [2012/05/27 19:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/27 19:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/27 19:19:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/05/27 19:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/05/27 19:12:44 | 000,000,000 | ---D | C] -- C:\Users\Susannah\Desktop\RK_Quarantine [2012/05/27 19:11:52 | 000,000,000 | ---D | C] -- C:\Users\Susannah\Desktop\Virus [2012/05/27 19:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012/05/27 19:02:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/27 18:49:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/26 16:08:37 | 000,000,000 | ---D | C] -- C:\Users\Susannah\AppData\Roaming\AVG2012 [2012/05/26 16:01:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/05/26 16:00:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012/05/26 16:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/05/26 16:00:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012/05/26 16:00:23 | 000,000,000 | ---D | C] -- C:\$AVG [2012/05/26 15:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/05/26 15:54:20 | 000,000,000 | ---D | C] -- C:\Users\Susannah\AppData\Local\jetmp3 [2012/05/26 15:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012/05/26 15:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/05/26 15:54:15 | 000,000,000 | ---D | C] -- C:\Users\Susannah\AppData\Local\Conduit [2012/05/13 10:10:25 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/05/12 09:55:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll [2012/05/12 09:55:04 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/05/12 09:55:02 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012/05/12 09:55:02 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012/05/12 09:55:01 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012/05/12 09:55:01 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012/05/12 09:54:45 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/05/05 14:30:50 | 000,000,000 | ---D | C] -- C:\Users\Susannah\Documents\MumboJumbo [2012/05/05 14:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo [2012/05/05 14:24:42 | 000,000,000 | ---D | C] -- C:\Users\Susannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MumboJumbo [2012/05/05 14:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MumboJumbo [2012/05/04 13:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/04 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Susannah\Desktop\*.tmp files -> C:\Users\Susannah\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/01 15:14:27 | 000,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/01 15:14:27 | 000,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/01 08:13:21 | 099,618,711 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/05/31 17:13:14 | 000,048,223 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/05/31 07:22:20 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/31 07:22:20 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/31 07:22:20 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/31 07:14:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/31 06:50:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/05/30 21:46:06 | 000,002,637 | ---- | M] () -- C:\Users\Susannah\Desktop\Microsoft Word 2010.lnk [2012/05/30 21:36:11 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/29 08:15:04 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/05/27 21:33:27 | 000,414,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/27 19:08:18 | 000,000,258 | ---- | M] () -- C:\Windows\ulead32.ini [2012/05/27 17:21:52 | 000,001,460 | ---- | M] () -- C:\Users\Susannah\AppData\Local\d3d9caps64.dat [2012/05/27 07:41:19 | 000,034,814 | ---- | M] () -- C:\Users\Susannah\AppData\Local\dt.dat [2012/05/26 16:00:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/05/26 16:00:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/05/13 10:10:25 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/05/13 10:10:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/05/13 03:05:55 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BXD2140.DAT [2012/05/10 09:58:37 | 000,001,868 | ---- | M] () -- C:\Users\Susannah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012/05/10 09:58:37 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012/05/10 09:53:34 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012/05/05 14:24:54 | 000,001,110 | ---- | M] () -- C:\Users\Susannah\Desktop\LUXOR - Mah Jong.lnk [2012/05/05 14:24:50 | 000,001,010 | ---- | M] () -- C:\Users\Susannah\Desktop\LUXOR 2.lnk [2012/05/05 14:24:45 | 000,001,106 | ---- | M] () -- C:\Users\Susannah\Desktop\LUXOR - Amun Rising.lnk [2012/05/05 14:24:42 | 000,000,985 | ---- | M] () -- C:\Users\Susannah\Desktop\LUXOR.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Susannah\Desktop\*.tmp files -> C:\Users\Susannah\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/01 08:13:21 | 099,618,711 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/05/31 17:13:14 | 000,048,223 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/05/30 07:13:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/05/30 07:13:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/05/30 07:13:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/05/30 07:13:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/05/30 07:13:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/05/27 19:19:23 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/27 07:41:19 | 000,034,814 | ---- | C] () -- C:\Users\Susannah\AppData\Local\dt.dat [2012/05/26 16:01:02 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/05/26 16:00:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/05/26 16:00:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/05/10 09:58:37 | 000,001,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012/05/05 14:30:21 | 000,001,110 | ---- | C] () -- C:\Users\Susannah\Desktop\LUXOR - Mah Jong.lnk [2012/05/05 14:30:02 | 000,001,106 | ---- | C] () -- C:\Users\Susannah\Desktop\LUXOR - Amun Rising.lnk [2012/05/05 14:29:47 | 000,001,010 | ---- | C] () -- C:\Users\Susannah\Desktop\LUXOR 2.lnk [2012/05/05 14:29:33 | 000,000,985 | ---- | C] () -- C:\Users\Susannah\Desktop\LUXOR.lnk [2012/04/22 11:22:47 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012/04/22 11:22:43 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012/04/15 22:49:38 | 000,000,552 | ---- | C] () -- C:\Users\Susannah\AppData\Local\d3d8caps.dat [2012/01/08 21:37:54 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010/12/19 12:34:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010/12/19 12:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010/12/19 12:32:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010/12/19 00:58:14 | 000,000,258 | ---- | C] () -- C:\Windows\ulead32.ini [2010/12/18 20:13:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2010/12/18 16:24:16 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BXD2140.DAT [2010/12/18 16:06:28 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/12/18 16:06:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT [2010/12/18 15:58:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/12/18 15:39:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/12/18 15:38:47 | 000,019,456 | ---- | C] () -- C:\Users\Susannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/18 15:20:51 | 000,001,460 | ---- | C] () -- C:\Users\Susannah\AppData\Local\d3d9caps64.dat < End of report >
  5. Gringo thanks for getting back to me. I have run the security check and combofix you sent me. The computer is still the same with the Whitesmoke Toolbar trying to redirect me. The log for security check and combofix are as follows: Results of screen317's Security Check version 0.99.41 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. AVG2012 successfully updated! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware version 1.61.0.1400 Auslogics Registry Cleaner Java™ 6 Update 26 Java version out of date! Adobe Reader X (10.1.3) Mozilla Firefox (12.0) Mozilla Thunderbird (12.0.1) ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! AVG avgwdsvc.exe AVG avgtray.exe Susannah Desktop Virus SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log`````````````````````` ComboFix 12-05-31.01 - Susannah 05/31/2012 6:38.3.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6066 [GMT -6:00] Running from: c:\users\Susannah\Desktop\Virus\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 ))))))))))))))))))))))))))))))) . . 2012-05-31 12:47 . 2012-05-31 12:52 -------- d-----w- c:\users\Susannah\AppData\Local\temp 2012-05-31 12:47 . 2012-05-31 12:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-29 13:48 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDD59F08-BFF3-4FF7-B5AC-26D5A5FAD3EF}\mpengine.dll 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\users\Susannah\AppData\Roaming\Malwarebytes 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\programdata\Malwarebytes 2012-05-28 01:19 . 2012-05-31 03:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-28 01:19 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-28 01:06 . 2012-05-28 01:06 -------- d-----w- c:\programdata\GFI Software 2012-05-26 22:08 . 2012-05-26 22:08 -------- d-----w- c:\users\Susannah\AppData\Roaming\AVG2012 2012-05-26 22:01 . 2012-05-26 22:01 -------- d--h--w- c:\programdata\Common Files 2012-05-26 22:00 . 2012-05-26 22:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-05-26 22:00 . 2012-05-31 12:16 -------- d-----w- c:\windows\system32\drivers\AVG 2012-05-26 22:00 . 2012-05-26 22:09 -------- d-----w- c:\programdata\AVG2012 2012-05-26 22:00 . 2012-05-26 22:00 -------- d-----w- C:\$AVG 2012-05-26 21:58 . 2012-05-26 21:58 -------- d-----w- c:\program files (x86)\AVG 2012-05-26 21:54 . 2012-05-30 13:40 -------- d-----w- c:\users\AppData 2012-05-26 21:54 . 2012-05-26 21:54 -------- d-----w- c:\users\Susannah\AppData\Local\jetmp3 2012-05-26 21:54 . 2012-05-26 21:54 -------- d-----w- c:\program files (x86)\Conduit 2012-05-26 21:54 . 2012-05-31 12:16 -------- d-----w- c:\programdata\MFAData 2012-05-26 21:54 . 2012-05-27 13:41 -------- d-----w- c:\users\Susannah\AppData\Local\Conduit 2012-05-26 21:47 . 2012-05-26 21:47 -------- d-----w- c:\users\Susannah\AppData\Local\adaware 2012-05-26 21:46 . 2012-05-26 21:46 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-05-13 16:10 . 2012-05-13 16:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-12 15:54 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-12 15:54 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-12 15:54 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys 2012-05-05 20:30 . 2012-05-05 20:30 -------- d-----w- c:\programdata\MumboJumbo 2012-05-05 20:24 . 2012-05-05 20:24 -------- d-----w- c:\program files (x86)\MumboJumbo 2012-05-04 19:03 . 2012-05-04 19:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-04 19:03 . 2012-05-04 19:03 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-04 19:03 . 2012-05-04 19:03 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-13 16:10 . 2011-05-29 17:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 10:50 . 2012-04-19 10:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-03-19 11:17 . 2012-03-19 11:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-03-06 23:15 . 2011-01-17 17:41 258520 ----a-w- c:\windows\system32\aswBoot.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-05-30_13.32.05 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2012-05-31 12:51 39284 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2012-05-31 12:51 72590 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-12-18 21:22 . 2012-05-31 12:51 12306 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2477298372-428459766-202237345-1000_UserData.bin + 2012-05-31 12:49 . 2012-05-31 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-30 13:31 . 2012-05-30 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-30 13:31 . 2012-05-30 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-31 12:49 . 2012-05-31 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 12:46 . 2012-05-30 14:07 604502 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-05-28 03:40 604502 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2012-05-30 14:07 104202 c:\windows\system32\perfc009.dat - 2006-11-02 12:46 . 2012-05-28 03:40 104202 c:\windows\system32\perfc009.dat - 2011-02-10 14:56 . 2012-05-30 13:29 392016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-10 14:56 . 2012-05-31 12:48 392016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-05-31 12:48 . 2012-05-31 12:48 392784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2477298372-428459766-202237345-1000-4096.dat + 2012-05-30 13:29 . 2012-05-31 12:48 2207028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2477298372-428459766-202237345-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PhotoExplosionCalCheck"="c:\program files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 69632] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-25 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll TCP: DhcpNameServer = 192.168.0.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q= . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe c:\program files (x86)\Nero\Update\NASvc.exe c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe c:\program files (x86)\ControlCenter4\BrCcUxSys.exe c:\program files\Logitech\SetPoint\x86\SetPoint32.exe c:\program files (x86)\AVG\AVG2012\avgcfgex.exe . ************************************************************************** . Completion time: 2012-05-31 06:58:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-31 12:58 ComboFix2.txt 2012-05-30 14:08 ComboFix3.txt 2012-05-30 13:40 . Pre-Run: 181,102,157,824 bytes free Post-Run: 187,205,722,112 bytes free . - - End Of File - - C9E610CBCDA7CCBC685D23669735AA0F
  6. Hello, I've been looking over the forms for a solution. My wife somehow got the whitesmoke toolbar/malware on the computer and it keeps hijacking the internet browsing. I've tried a scan with Malwarebytes' Anti-Malware but to no avail. Anyway I've been looking for a way to get it off and any help you could give would really be appreciated. Below are my DDS.txt Attach.txt and I have ran Combofix: DDS.txt ----------------------------------------------------------------------------------------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Susannah at 21:34:02 on 2012-05-30 . ============== Running Processes =============== . C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Users\Susannah\Desktop\Virus\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler mRun: [PhotoExplosionCalCheck] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun mRun: [brStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3428694F-CAF6-4D53-AC0A-6444815FB9E6} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{FAD664F1-E5D1-4CB3-B368-EDED782DFBDD} : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do Not Track - No File BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [PhotoExplosionCalCheck] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun-x64: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun mRun-x64: [brStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R? AVGIDSAgent;AVGIDSAgent R? BrYNSvc;BrYNSvc R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service R? MozillaMaintenance;Mozilla Maintenance Service R? osppsvc;Office Software Protection Platform R? PerfHost;Performance Counter DLL Host R? SBRE;SBRE R? VST64_DPV;VST64_DPV R? VST64HWBS2;VST64HWBS2 R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? AdobeARMservice;Adobe Acrobat Update Service S? AVGIDSDriver;AVGIDSDriver S? AVGIDSFilter;AVGIDSFilter S? AVGIDSHA;AVGIDSHA S? Avgldx64;AVG AVI Loader Driver S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx64;AVG Anti-Rootkit Driver S? Avgtdia;AVG TDI Driver S? avgwd;AVG WatchDog S? CAXHWBS2;CAXHWBS2 S? FontCache;Windows Font Cache Service S? NAUpdate;Nero Update S? netr28x;Ralink 802.11n Wireless Driver for Windows Vista S? PDFProFiltSrvPP;PDFProFiltSrvPP . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-05-30 14:08:25 -------- d-----w- C:\Users\Susannah\AppData\Local\temp 2012-05-30 13:13:35 98816 ----a-w- C:\Windows\sed.exe 2012-05-30 13:13:35 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-30 13:13:35 256000 ----a-w- C:\Windows\PEV.exe 2012-05-30 13:13:35 208896 ----a-w- C:\Windows\MBR.exe 2012-05-29 13:48:09 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDD59F08-BFF3-4FF7-B5AC-26D5A5FAD3EF}\mpengine.dll 2012-05-28 01:19:32 -------- d-----w- C:\Users\Susannah\AppData\Roaming\Malwarebytes 2012-05-28 01:19:22 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-28 01:19:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-28 01:19:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-28 01:06:17 -------- d-----w- C:\ProgramData\GFI Software 2012-05-26 22:08:37 -------- d-----w- C:\Users\Susannah\AppData\Roaming\AVG2012 2012-05-26 22:01:23 -------- d--h--w- C:\ProgramData\Common Files 2012-05-26 22:00:58 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-05-26 22:00:23 -------- d-----w- C:\Windows\System32\drivers\AVG 2012-05-26 22:00:23 -------- d-----w- C:\ProgramData\AVG2012 2012-05-26 22:00:23 -------- d-----w- C:\$AVG 2012-05-26 21:58:13 -------- d-----w- C:\Program Files (x86)\AVG 2012-05-26 21:54:20 -------- d-----w- C:\Users\Susannah\AppData\Local\jetmp3 2012-05-26 21:54:20 -------- d-----w- C:\Program Files (x86)\Conduit 2012-05-26 21:54:19 -------- d-----w- C:\ProgramData\MFAData 2012-05-26 21:54:15 -------- d-----w- C:\Users\Susannah\AppData\Local\Conduit 2012-05-26 21:47:00 -------- d-----w- C:\Users\Susannah\AppData\Local\adaware 2012-05-26 21:46:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-05-13 16:10:25 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-12 15:54:59 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-12 15:54:45 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-12 15:54:44 2766848 ----a-w- C:\Windows\System32\win32k.sys 2012-05-05 20:30:49 -------- d-----w- C:\ProgramData\MumboJumbo 2012-05-05 20:24:39 -------- d-----w- C:\Program Files (x86)\MumboJumbo 2012-05-04 19:03:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-05-04 19:03:50 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-04 19:03:50 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe . ==================== Find3M ==================== . 2012-05-13 16:10:25 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 10:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-19 11:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys . ============= FINISH: 21:34:38.49 =============== Attach.txt ----------------------------------------------------------------------------------------------------------------------------------------- . ==== Installed Programs ====================== . µTorrent Ad-Aware Browsing Protection Adobe AIR Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 ASPCA Reminder by We-Care.com v5.0.5.1 Auslogics Registry Cleaner AVCutty 3.2 Brother MFL-Pro Suite DCP-7065DN Compatibility Pack for the 2007 Office system Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition erLT Google SketchUp 8 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java Auto Updater Java™ 6 Update 26 JetMP3 Logitech SetPoint LUXOR LUXOR - Amun Rising LUXOR - Mah Jong LUXOR 2 Luxor: Amun Rising Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Web Publishing Wizard 1.52 MozBackup 1.4.10 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 12.0.1 (x86 en-US) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi Nuance PaperPort 12 Nuance PDF Viewer Plus NVIDIA PhysX Oblivion Photo Explosion Deluxe 3.0 Realtek High Definition Audio Driver Scansoft PDF Professional Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Snood for Windows version 3.52-W swMSM Unreal Tournament 2004 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Visual Studio 2008 x64 Redistributables Windows Media Player Firefox Plugin . ==== End Of File =========================== Combofix log ----------------------------------------------------------------------------------------------------------------------------------------- ComboFix 12-05-30.03 - Susannah 05/30/2012 7:48.2.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6466 [GMT -6:00] Running from: c:\users\Susannah\Desktop\Virus\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 ))))))))))))))))))))))))))))))) . . 2012-05-30 13:58 . 2012-05-30 14:02 -------- d-----w- c:\users\Susannah\AppData\Local\temp 2012-05-30 13:58 . 2012-05-30 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-29 13:48 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDD59F08-BFF3-4FF7-B5AC-26D5A5FAD3EF}\mpengine.dll 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\users\Susannah\AppData\Roaming\Malwarebytes 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\programdata\Malwarebytes 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-28 01:19 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-28 01:06 . 2012-05-28 01:06 -------- d-----w- c:\programdata\GFI Software 2012-05-26 22:08 . 2012-05-26 22:08 -------- d-----w- c:\users\Susannah\AppData\Roaming\AVG2012 2012-05-26 22:01 . 2012-05-26 22:01 -------- d--h--w- c:\programdata\Common Files 2012-05-26 22:00 . 2012-05-26 22:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-05-26 22:00 . 2012-05-29 23:22 -------- d-----w- c:\windows\system32\drivers\AVG 2012-05-26 22:00 . 2012-05-26 22:09 -------- d-----w- c:\programdata\AVG2012 2012-05-26 22:00 . 2012-05-26 22:00 -------- d-----w- C:\$AVG 2012-05-26 21:58 . 2012-05-26 21:58 -------- d-----w- c:\program files (x86)\AVG 2012-05-26 21:54 . 2012-05-30 13:40 -------- d-----w- c:\users\AppData 2012-05-26 21:54 . 2012-05-26 21:54 -------- d-----w- c:\users\Susannah\AppData\Local\jetmp3 2012-05-26 21:54 . 2012-05-26 21:54 -------- d-----w- c:\program files (x86)\Conduit 2012-05-26 21:54 . 2012-05-29 23:22 -------- d-----w- c:\programdata\MFAData 2012-05-26 21:54 . 2012-05-27 13:41 -------- d-----w- c:\users\Susannah\AppData\Local\Conduit 2012-05-26 21:47 . 2012-05-26 21:47 -------- d-----w- c:\users\Susannah\AppData\Local\adaware 2012-05-26 21:46 . 2012-05-26 21:46 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-05-13 16:10 . 2012-05-13 16:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-12 15:54 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-12 15:54 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-12 15:54 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys 2012-05-05 20:30 . 2012-05-05 20:30 -------- d-----w- c:\programdata\MumboJumbo 2012-05-05 20:24 . 2012-05-05 20:24 -------- d-----w- c:\program files (x86)\MumboJumbo 2012-05-04 19:03 . 2012-05-04 19:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-04 19:03 . 2012-05-04 19:03 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-04 19:03 . 2012-05-04 19:03 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-13 16:10 . 2011-05-29 17:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 10:50 . 2012-04-19 10:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-03-19 11:17 . 2012-03-19 11:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-03-06 23:15 . 2011-01-17 17:41 258520 ----a-w- c:\windows\system32\aswBoot.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-05-30_13.32.05 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2012-05-30 14:01 39212 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2012-05-30 14:02 72398 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-12-18 21:22 . 2012-05-30 14:02 12012 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2477298372-428459766-202237345-1000_UserData.bin - 2012-05-30 13:31 . 2012-05-30 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-30 13:59 . 2012-05-30 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-30 13:31 . 2012-05-30 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-30 13:59 . 2012-05-30 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 12:46 . 2012-05-30 13:38 604502 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-05-28 03:40 604502 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-05-28 03:40 104202 c:\windows\system32\perfc009.dat + 2006-11-02 12:46 . 2012-05-30 13:38 104202 c:\windows\system32\perfc009.dat - 2011-02-10 14:56 . 2012-05-30 13:29 392016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-10 14:56 . 2012-05-30 13:58 392016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-05-30 13:29 . 2012-05-30 13:58 1507292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2477298372-428459766-202237345-1000-8192.dat - 2012-05-30 13:29 . 2012-05-30 13:29 1507292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2477298372-428459766-202237345-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PhotoExplosionCalCheck"="c:\program files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 69632] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-25 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll TCP: DhcpNameServer = 192.168.0.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q= . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe c:\program files (x86)\Nero\Update\NASvc.exe c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe c:\program files (x86)\AVG\AVG2012\avgidsagent.exe c:\program files\Logitech\SetPoint\x86\SetPoint32.exe . ************************************************************************** . Completion time: 2012-05-30 08:08:22 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-30 14:08 ComboFix2.txt 2012-05-30 13:40 . Pre-Run: 183,526,543,360 bytes free Post-Run: 183,918,620,672 bytes free . - - End Of File - - A247374F71FD391B3C4C47964372761C
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.