Google Redirect?

[DandDYoukers]

Hello:

I seem to be having a periodic problem with the Google redirect virus.

It's kind of hit or miss, but I've ran mbam to remove a few culprits but I'm still getting redirects.

Thanks,

Patrick

[D-FRED-BROWN]

Hello DanDYoukers and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

I need to know: are the redirects in Firefox, Internet Explorer, or both?

-------------

Please do the following:

• Download DDS by sUBs from one of the following links. Save it to your Desktop.
  
  • DDS.com
    
  • DDS.scr
    
  • DDS.pif
    

  NOTE: Before scanning, make sure all other running programs are closed

  There shouldn't be any scheduled antivirus scans running while the scan is being performed.

  Do not use your computer for anything else during the scan.

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

  [*]Notepad will open with the results.

  [*]Follow the instructions that pop up for posting the results.

  [*]Close the program window, and delete the program from your Desktop.

-------------

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt

how the PC is running now?
-------------
Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

• DDS log
  
• TDSSKiller log
  
• Security Check checkup.txt

How is your computer running now?

[DandDYoukers]

Hi D-FRED-BROWN:

Love the avatar.

My redirects are happening in Firefox and IE.

When I run DDS.com a window pops up for half a second then disappears; nothing else happens.

When I download DDS.scr my system sees it as an AutoCAD script file and when I run it, Notepad opens up with a bunch of gibberish.

When I click on DDS.pif, no program downloads - a new tab opens in my browser with gibberish.

When I run TDSSKiller it finds nothing. Here is the log file:

2011/07/08 07:48:35.0234 0280 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/08 07:48:35.0578 0280 ================================================================================

2011/07/08 07:48:35.0578 0280 SystemInfo:

2011/07/08 07:48:35.0578 0280

2011/07/08 07:48:35.0578 0280 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/08 07:48:35.0578 0280 Product type: Workstation

2011/07/08 07:48:35.0578 0280 ComputerName: D12K5XG1

2011/07/08 07:48:35.0578 0280 UserName: D&D Drafting

2011/07/08 07:48:35.0578 0280 Windows directory: C:\WINDOWS

2011/07/08 07:48:35.0578 0280 System windows directory: C:\WINDOWS

2011/07/08 07:48:35.0578 0280 Processor architecture: Intel x86

2011/07/08 07:48:35.0578 0280 Number of processors: 2

2011/07/08 07:48:35.0578 0280 Page size: 0x1000

2011/07/08 07:48:35.0578 0280 Boot type: Normal boot

2011/07/08 07:48:35.0578 0280 ================================================================================

2011/07/08 07:48:35.0843 0280 Initialize success

2011/07/08 07:48:55.0078 3712 ================================================================================

2011/07/08 07:48:55.0078 3712 Scan started

2011/07/08 07:48:55.0078 3712 Mode: Manual;

2011/07/08 07:48:55.0078 3712 ================================================================================

2011/07/08 07:48:55.0265 3712 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/08 07:48:55.0328 3712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/08 07:48:55.0375 3712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/08 07:48:55.0453 3712 ADIHdAudAddService (de25fc7de3a464e455c0d0012757b0ac) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/07/08 07:48:55.0468 3712 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/08 07:48:55.0515 3712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/08 07:48:55.0593 3712 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/08 07:48:55.0671 3712 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/08 07:48:55.0734 3712 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/08 07:48:55.0781 3712 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/08 07:48:55.0812 3712 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/08 07:48:55.0890 3712 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/08 07:48:55.0937 3712 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/08 07:48:55.0968 3712 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/08 07:48:56.0000 3712 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/08 07:48:56.0031 3712 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/08 07:48:56.0078 3712 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/08 07:48:56.0109 3712 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/08 07:48:56.0156 3712 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/08 07:48:56.0187 3712 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/08 07:48:56.0234 3712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/08 07:48:56.0296 3712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/08 07:48:56.0359 3712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/08 07:48:56.0515 3712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/08 07:48:56.0593 3712 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2011/07/08 07:48:56.0625 3712 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2011/07/08 07:48:56.0656 3712 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/07/08 07:48:56.0765 3712 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

2011/07/08 07:48:56.0875 3712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/08 07:48:56.0906 3712 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/08 07:48:56.0937 3712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/08 07:48:56.0953 3712 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/08 07:48:56.0968 3712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/08 07:48:57.0031 3712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/08 07:48:57.0046 3712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/08 07:48:57.0109 3712 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/08 07:48:57.0218 3712 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/07/08 07:48:57.0234 3712 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/08 07:48:57.0281 3712 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/08 07:48:57.0328 3712 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/08 07:48:57.0390 3712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/08 07:48:57.0437 3712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/08 07:48:57.0515 3712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/08 07:48:57.0546 3712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/08 07:48:57.0593 3712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/08 07:48:57.0640 3712 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/08 07:48:57.0687 3712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/08 07:48:57.0734 3712 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/08 07:48:57.0796 3712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/08 07:48:57.0843 3712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/08 07:48:57.0921 3712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/08 07:48:57.0984 3712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/08 07:48:58.0062 3712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/08 07:48:58.0093 3712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/08 07:48:58.0125 3712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/08 07:48:58.0171 3712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/08 07:48:58.0250 3712 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/08 07:48:58.0296 3712 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys

2011/07/08 07:48:58.0343 3712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/08 07:48:58.0390 3712 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys

2011/07/08 07:48:58.0421 3712 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/08 07:48:58.0484 3712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/08 07:48:58.0578 3712 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/08 07:48:58.0625 3712 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/08 07:48:58.0656 3712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/08 07:48:58.0718 3712 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys

2011/07/08 07:48:58.0781 3712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/08 07:48:58.0906 3712 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/08 07:48:58.0921 3712 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/08 07:48:58.0968 3712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/08 07:48:59.0031 3712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/08 07:48:59.0078 3712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/08 07:48:59.0125 3712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/08 07:48:59.0187 3712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/08 07:48:59.0203 3712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/08 07:48:59.0234 3712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/08 07:48:59.0265 3712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/08 07:48:59.0343 3712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/08 07:48:59.0359 3712 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/08 07:48:59.0390 3712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/08 07:48:59.0421 3712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/08 07:48:59.0515 3712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/08 07:48:59.0578 3712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/08 07:48:59.0593 3712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/08 07:48:59.0640 3712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/08 07:48:59.0718 3712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/08 07:48:59.0765 3712 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/08 07:48:59.0781 3712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/08 07:48:59.0843 3712 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/08 07:48:59.0953 3712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/08 07:48:59.0984 3712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/08 07:49:00.0015 3712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/08 07:49:00.0031 3712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/08 07:49:00.0078 3712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/08 07:49:00.0109 3712 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/08 07:49:00.0140 3712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/08 07:49:00.0187 3712 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/08 07:49:00.0203 3712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/08 07:49:00.0218 3712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/08 07:49:00.0265 3712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/08 07:49:00.0281 3712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/08 07:49:00.0328 3712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/08 07:49:00.0437 3712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/08 07:49:00.0515 3712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/08 07:49:00.0546 3712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/08 07:49:00.0750 3712 nv (11d00ba58270a128354f3ea2262587cc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/08 07:49:01.0093 3712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/08 07:49:01.0109 3712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/08 07:49:01.0171 3712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/08 07:49:01.0187 3712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/08 07:49:01.0234 3712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/08 07:49:01.0250 3712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/08 07:49:01.0281 3712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/08 07:49:01.0328 3712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/08 07:49:01.0421 3712 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/08 07:49:01.0500 3712 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/08 07:49:01.0578 3712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/08 07:49:01.0593 3712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/08 07:49:01.0609 3712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/08 07:49:01.0625 3712 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/08 07:49:01.0640 3712 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/08 07:49:01.0687 3712 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/08 07:49:01.0718 3712 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/08 07:49:01.0750 3712 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/08 07:49:01.0796 3712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/08 07:49:01.0812 3712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/08 07:49:01.0828 3712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/08 07:49:01.0843 3712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/08 07:49:01.0875 3712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/08 07:49:01.0921 3712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/08 07:49:01.0937 3712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/08 07:49:01.0984 3712 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/08 07:49:02.0046 3712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/08 07:49:02.0125 3712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/08 07:49:02.0203 3712 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys

2011/07/08 07:49:02.0234 3712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/08 07:49:02.0250 3712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/08 07:49:02.0281 3712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/08 07:49:02.0359 3712 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/08 07:49:02.0390 3712 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/08 07:49:02.0453 3712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/08 07:49:02.0515 3712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/08 07:49:02.0578 3712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/08 07:49:02.0640 3712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/08 07:49:02.0656 3712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/08 07:49:02.0703 3712 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/08 07:49:02.0718 3712 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/08 07:49:02.0750 3712 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/08 07:49:02.0765 3712 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/08 07:49:02.0828 3712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/08 07:49:02.0906 3712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/08 07:49:02.0984 3712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/08 07:49:03.0015 3712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/08 07:49:03.0078 3712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/08 07:49:03.0140 3712 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/08 07:49:03.0171 3712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/08 07:49:03.0203 3712 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/08 07:49:03.0312 3712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/08 07:49:03.0375 3712 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/07/08 07:49:03.0421 3712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/08 07:49:03.0484 3712 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/07/08 07:49:03.0531 3712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/08 07:49:03.0578 3712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/08 07:49:03.0640 3712 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/07/08 07:49:03.0718 3712 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/08 07:49:03.0796 3712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/08 07:49:03.0828 3712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/08 07:49:03.0859 3712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/08 07:49:03.0921 3712 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/08 07:49:03.0953 3712 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/08 07:49:04.0015 3712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/08 07:49:04.0046 3712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/08 07:49:04.0078 3712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/08 07:49:04.0156 3712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/08 07:49:04.0281 3712 Boot (0x1200) (3d3f477509179210e9eaf65b203a6b27) \Device\Harddisk0\DR0\Partition0

2011/07/08 07:49:04.0281 3712 ================================================================================

2011/07/08 07:49:04.0281 3712 Scan finished

2011/07/08 07:49:04.0281 3712 ================================================================================

2011/07/08 07:49:04.0281 0492 Detected object count: 0

2011/07/08 07:49:04.0281 0492 Actual detected object count: 0

Security Check generates a blank Notepad document.

(I noticed 'system cannot find the path specified' and 'file not found - install/process text' pop up multiple times while running.)

Thanks,

Patrick

[D-FRED-BROWN]

Love the avatar.

thanks!

Let's try this :

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

DO NOT run it yet

--------------

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Please locate ComboFix.exe on your Desktop.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

[DandDYoukers]

D-F-B:

Well, after clicking around for about 10 minutes in both browsers it seems like things are fixed!

A few notes just for reference:

Even though I disabled AVG, ComboFix wanted me to uninstall it.

Because I was in safe mode, I couldn't access the internet to let CombFix install MS Windows Recovery Console. (<--I should've checked that ahead of time though)

!Thank You!

I will continue to test things out but in the meantime here's the log:

ComboFix 11-07-07.06 - D&D Drafting 07/08/2011 13:09:49.1.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.810 [GMT -4:00]

Running from: c:\documents and settings\D&D Drafting\Desktop\ComboFix.exe

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))

.

.

2011-07-07 13:13 . 2011-07-07 13:13 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-07-07 13:01 . 2011-07-07 14:35 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-07 13:01 . 2011-07-07 13:01 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-07-07 13:00 . 2011-07-07 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-07-01 16:01 . 2011-07-01 16:01 -------- d-----w- c:\program files\LG Electronics

2011-07-01 16:01 . 2007-04-09 13:56 21248 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys

2011-07-01 16:01 . 2007-04-09 13:55 22912 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys

2011-07-01 16:01 . 2007-04-09 13:53 12672 ----a-w- c:\windows\system32\drivers\lgusbbus.sys

2011-07-01 16:01 . 2001-09-05 09:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2011-07-01 16:01 . 2001-09-05 09:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-07-01 16:01 . 2001-09-05 09:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-07-01 16:01 . 2001-09-05 09:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-07-01 16:01 . 2002-07-25 21:07 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-07-01 15:30 . 2011-07-01 15:30 -------- d-----w- c:\program files\BitPim

2011-06-29 14:32 . 2011-06-29 14:32 -------- d-----w- c:\documents and settings\D&D Drafting\Application Data\FastStone

2011-06-22 11:24 . 2011-07-08 12:24 -------- d-----w- c:\documents and settings\D&D Drafting\Local Settings\Application Data\cache

2011-06-22 11:20 . 2011-06-22 11:20 -------- d-----w- C:\CustomCAD

2011-06-21 19:12 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2011-06-21 19:12 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll

2011-06-21 19:12 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-21 19:12 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2011-06-21 18:43 . 2011-06-21 18:43 -------- d-----w- C:\Autodesk

2011-06-21 18:31 . 2011-07-08 17:15 -------- d-----w- c:\program files\Common Files\Akamai

2011-06-20 18:09 . 2011-06-20 18:09 -------- d-----w- c:\program files\FastStone Image Viewer

2011-06-20 17:59 . 2011-06-20 17:59 -------- d-----w- c:\documents and settings\D&D Drafting\Application Data\Malwarebytes

2011-06-20 17:59 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-20 17:59 . 2011-06-20 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-20 17:59 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-20 17:59 . 2011-07-06 22:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-20 17:41 . 2011-06-20 17:42 -------- d-----w- c:\program files\Print2CAD 2011 English

2011-06-20 17:39 . 2011-06-20 17:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2011-06-20 15:32 . 2011-06-20 15:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-20 15:02 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-06-20 15:02 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2011-06-20 13:59 . 2011-06-22 17:28 -------- d-----w- c:\documents and settings\D&D Drafting\Application Data\Autodesk

2011-06-20 13:59 . 2011-06-21 19:19 -------- d-----w- c:\documents and settings\D&D Drafting\Local Settings\Application Data\Autodesk

2011-06-20 13:59 . 2011-06-20 18:29 -------- d-----w- c:\program files\AutoCAD 2010

2011-06-20 13:56 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll

2011-06-20 13:56 . 2008-02-06 03:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll

2011-06-20 13:56 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

2011-06-20 13:55 . 2011-06-20 13:55 -------- d-----w- c:\windows\Logs

2011-06-20 13:47 . 2011-06-22 14:18 -------- d-----w- c:\documents and settings\D&D Drafting\Local Settings\Application Data\Thunderbird

2011-06-20 13:47 . 2011-06-20 13:47 -------- d-----w- c:\documents and settings\D&D Drafting\Application Data\Thunderbird

2011-06-20 13:46 . 2011-07-06 17:43 -------- d-----w- c:\program files\Mozilla Thunderbird

2011-06-20 13:43 . 2011-06-20 13:43 -------- d-----w- c:\documents and settings\D&D Drafting\Local Settings\Application Data\Mozilla

2011-06-20 13:39 . 2011-06-20 13:39 -------- d-sh--w- c:\documents and settings\D&D Drafting\IECompatCache

2011-06-20 13:39 . 2011-06-20 13:39 -------- d-sh--w- c:\documents and settings\D&D Drafting\PrivacIE

2011-06-20 13:28 . 2011-06-20 13:28 -------- d-sh--w- c:\documents and settings\D&D Drafting\IETldCache

2011-06-20 12:49 . 2011-06-20 12:49 -------- d-----w- C:\Vcad386

2011-06-17 19:15 . 2011-06-20 15:52 -------- d-----w- C:\CAD Workfile

2011-06-16 18:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-06-09 11:15 . 2011-06-09 11:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-04 08:52 . 2010-10-29 14:43 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 06:25 . 2008-07-27 01:48 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-11 22:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-11 22:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-11 22:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-11 22:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-06-16 04:17 . 2011-07-07 15:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-27 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-11 1015808]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2008-10-15 45936]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-20 30192]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 61440]

"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-23 113664]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1045:TCP"= 1045:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 6:00 PM 14336]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 3:30 PM 79168]

R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2/2/2011 2:08 PM 18656]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/29/2010 10:49 AM 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/26/2008 9:57 PM 30192]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 14:49]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 14:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\D&D Drafting\Application Data\Mozilla\Firefox\Profiles\qsy16sm4.default\

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-08 13:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1472)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\program files\Autodesk\Inventor Fusion 2012\AcSignCore16.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

.

**************************************************************************

.

Completion time: 2011-07-08 13:20:56 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-08 17:20

.

Pre-Run: 45,243,441,152 bytes free

Post-Run: 44,432,920,576 bytes free

.

- - End Of File - - 75EB2884D3393B2BC9375DEB9EFF2BE3

[D-FRED-BROWN]

Well, after clicking around for about 10 minutes in both browsers it seems like things are fixed!

A few notes just for reference:

Even though I disabled AVG, ComboFix wanted me to uninstall it.

Because I was in safe mode, I couldn't access the internet to let CombFix install MS Windows Recovery Console. (<--I should've checked that ahead of time though)

!Thank You!

I will continue to test things out but in the meantime here's the log:

Glad to hear things are running better .

Let's see if we can get ComboFix to run in normal mode, but first, AVG must be uninstalled :

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

AVG needs to remain uninstalled until I tell you its safest to reinstall it.

---------

Run ComboFix.exe again (in Normal Mode). Please post the newly-created C:\ComboFix.txt in your next reply .

[D-FRED-BROWN]

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

[DandDYoukers]

Sorry, I must have missed a post.

Everything seems fine now.

Thanks for your help, DFB!

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!