Jump to content

Internet Explorer keeps opening with ads Search result links redirect


swanek

Recommended Posts

IE keeps opening spontaneously with ad pages. Search results in IE and Firefox redirect to ad pages. Malwarebytes scan came up clean. Here are my dds logs. Please help

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21

Run by Frank at 17:04:11 on 2011-10-15

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.780 [GMT -4:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Windows\System32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\sttray.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Frank\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer provided by Dell

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070606

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.1.1.3\ips\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - c:\program files\adblock pro\AdblockPro.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe

uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background

uRun: [Google Update] "c:\users\frank\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\frank\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Block This Image (Adblock Pro) - c:\program files\adblock pro\blockimg.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: $talisma_url$

Trusted Zone: internet

Trusted Zone: intuit.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: netlibrary.com

Trusted Zone: turbotax.com

Trusted Zone: wpcc.edu\bb

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll

DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab

DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8A1BB723-27CF-43C1-BDFD-A1D7970D826D} - file:///E:/data/ASR_3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ive.boehringer-ingelheim.com/dana-cached/sc/JuniperSetupClient.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53

TCP: Interfaces\{476A8650-3BFA-4508-8725-5BE4E911048E} : DhcpNameServer = 172.16.145.103 172.16.145.103

TCP: Interfaces\{5542C586-096E-49E1-A885-D950C64BEF04} : DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\frank\appdata\roaming\mozilla\firefox\profiles\fh4qdfyu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - component: c:\program files\virtual account numbers\components\SlimOrbAddonCitiVAN.dll

FF - component: c:\users\frank\appdata\roaming\mozilla\firefox\profiles\fh4qdfyu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

FF - plugin: c:\users\frank\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\users\frank\appdata\roaming\move networks\plugins\npqmp071503000010.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1301010.003\symds.sys [2011-10-12 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1301010.003\symefa.sys [2011-10-12 897656]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.0.0.128\definitions\bashdefs\20110929.001\BHDrvx86.sys [2011-9-29 816760]

R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1301010.003\ccsetx86.sys [2011-10-12 132744]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.0.0.128\definitions\ipsdefs\20111014.031\IDSvix86.sys [2011-10-15 368248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1301010.003\ironx86.sys [2011-10-12 149624]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1301010.003\symnets.sys [2011-10-12 314488]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-22 47640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-12 105592]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-9-22 15488]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-6-5 5504]

S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-11-14 18912]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-24 52224]

.

=============== Created Last 30 ================

.

2011-10-15 20:34:08 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 20:34:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-14 22:00:40 -------- d-----w- c:\program files\iTunes

2011-10-14 22:00:40 -------- d-----w- c:\program files\iPod

2011-10-14 21:52:58 -------- d-----w- c:\program files\Bonjour

2011-10-14 16:39:56 -------- d-----w- c:\users\frank\appdata\local\{00E320E0-78D8-48B5-88C5-8CA317F66F3F}

2011-10-14 16:39:39 -------- d-----w- c:\users\frank\appdata\local\{F5990A7E-5A9E-4E51-B663-712D4DEE7BFC}

2011-10-13 22:18:24 -------- d-----w- c:\users\frank\appdata\local\{3AA8ACE7-F8CC-434F-8155-2CA1151CB67D}

2011-10-13 22:18:11 -------- d-----w- c:\users\frank\appdata\local\{5ED4087A-4BEC-4E23-B2B0-9CF4976FEA7F}

2011-10-13 10:17:44 -------- d-----w- c:\users\frank\appdata\local\{BF527654-7941-4303-8C16-9D7738077806}

2011-10-13 10:17:31 -------- d-----w- c:\users\frank\appdata\local\{7032C8A1-BCB6-4690-A244-79E5FC7392DF}

2011-10-13 06:06:49 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 06:06:49 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 06:06:46 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 06:06:46 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 06:06:39 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 01:42:39 897656 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symefa.sys

2011-10-13 01:42:39 340088 ----a-r- c:\windows\system32\drivers\nav\1301010.003\symds.sys

2011-10-13 01:42:39 31864 ----a-w- c:\windows\system32\drivers\nav\1301010.003\srtspx.sys

2011-10-13 01:42:39 314488 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symnets.sys

2011-10-13 01:42:38 566904 ----a-w- c:\windows\system32\drivers\nav\1301010.003\srtsp.sys

2011-10-13 01:42:38 149624 ----a-w- c:\windows\system32\drivers\nav\1301010.003\ironx86.sys

2011-10-13 01:42:38 132744 ----a-w- c:\windows\system32\drivers\nav\1301010.003\ccsetx86.sys

2011-10-13 01:42:29 -------- d-----w- c:\windows\system32\drivers\nav\1301010.003

2011-10-13 01:39:30 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{00b7404e-e63c-42fa-b13d-d27f7b6829e3}\mpengine.dll

2011-10-13 01:35:15 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-10-13 01:35:15 -------- d-----w- c:\program files\Symantec

2011-10-13 01:35:15 -------- d-----w- c:\program files\common files\Symantec Shared

2011-10-13 01:32:37 -------- d-----w- c:\windows\system32\drivers\NAV

2011-10-13 01:32:34 -------- d-----w- c:\program files\Norton AntiVirus

2011-10-13 01:32:33 -------- d-----w- c:\programdata\Norton

2011-10-13 01:27:27 -------- d-----w- c:\programdata\NortonInstaller

2011-10-13 01:27:27 -------- d-----w- c:\program files\NortonInstaller

2011-10-12 22:17:03 -------- d-----w- c:\users\frank\appdata\local\{86D335CD-145F-43BC-8F55-B56945C52ED2}

2011-10-12 10:16:32 -------- d-----w- c:\users\frank\appdata\local\{710AFF08-2DB7-45F8-8D8D-77B802D1601A}

2011-10-11 22:16:02 -------- d-----w- c:\users\frank\appdata\local\{5456691B-358D-4B85-B628-6E61282BD421}

2011-10-11 10:15:24 -------- d-----w- c:\users\frank\appdata\local\{01482513-442F-49C1-BFD8-5FF65EFB48E0}

2011-10-10 18:13:59 -------- d-----w- c:\users\frank\appdata\local\{9B097179-81DF-4D96-913C-6A5E94E6251A}

2011-10-10 18:13:32 -------- d-----w- c:\users\frank\appdata\local\{1BC10900-560B-4DC8-BD24-6C6EE16E6ADB}

2011-10-10 10:35:46 -------- d-----w- c:\users\frank\appdata\roaming\Malwarebytes

2011-10-10 10:35:28 -------- d-----w- c:\programdata\Malwarebytes

2011-10-10 04:18:43 -------- d-----w- c:\users\frank\appdata\local\{F4FAF693-629A-4F60-9EEE-03266927FF64}

2011-10-10 04:18:19 -------- d-----w- c:\users\frank\appdata\local\{25AA4910-D868-450D-8964-47216CD5DC24}

2011-10-08 10:11:48 -------- d-----w- c:\users\frank\appdata\local\{8F9E361D-1434-413F-9674-E78EAB180EFE}

2011-10-08 10:11:32 -------- d-----w- c:\users\frank\appdata\local\{85621EFE-813A-4F4C-B8EB-71A125DFF5BD}

2011-10-07 22:10:26 -------- d-----w- c:\users\frank\appdata\local\{AC3AAA95-F673-4E46-B7CE-4B6052E48C95}

2011-10-07 22:09:54 -------- d-----w- c:\users\frank\appdata\local\{7B5AE02A-F1B2-475A-A786-11D404E46032}

2011-10-06 22:21:39 -------- d-----w- c:\users\frank\appdata\local\{1668CA18-919F-4117-BBAA-7168746B320F}

2011-10-06 10:21:14 -------- d-----w- c:\users\frank\appdata\local\{5CEFAE8A-4CDE-476D-BC47-5AF04EE71ACE}

2011-10-05 22:20:49 -------- d-----w- c:\users\frank\appdata\local\{EA3B7D95-E9F8-4312-B90B-04B606C1FFFD}

2011-10-05 10:20:24 -------- d-----w- c:\users\frank\appdata\local\{29DBFCC9-2693-4517-A772-18EEB61C0846}

2011-10-04 22:19:59 -------- d-----w- c:\users\frank\appdata\local\{1D715E4E-2F51-4336-A336-EC1EF559625E}

2011-10-04 10:19:30 -------- d-----w- c:\users\frank\appdata\local\{3A8AD3B1-D7C7-4D56-AEA7-AC12D1372963}

2011-10-04 10:19:10 -------- d-----w- c:\users\frank\appdata\local\{811701C2-0590-4531-900B-6C0BD847272B}

2011-10-03 12:07:30 -------- d-----w- c:\users\frank\appdata\local\{38EC0805-364A-4E6D-9BDD-DABAAB97AA68}

2011-10-03 12:07:19 -------- d-----w- c:\users\frank\appdata\local\{3B73F454-491C-4EB9-9FA8-0B03D5818DED}

2011-10-03 00:06:48 -------- d-----w- c:\users\frank\appdata\local\{655E7C83-E44E-42BB-82E1-7245F4413076}

2011-10-03 00:06:32 -------- d-----w- c:\users\frank\appdata\local\{06AC2497-8331-4EBD-B006-6FE868552276}

2011-10-02 12:01:39 -------- d-----w- c:\users\frank\appdata\local\{F9B25E57-C8F8-4008-A4DB-D128E58DD2DE}

2011-10-02 00:01:11 -------- d-----w- c:\users\frank\appdata\local\{A45DE483-B36D-4BA9-9B99-D6E73C1FC298}

2011-10-01 12:00:45 -------- d-----w- c:\users\frank\appdata\local\{F1B66DDE-7BA1-4BC0-ABBA-6021D52F323E}

2011-10-01 00:00:18 -------- d-----w- c:\users\frank\appdata\local\{6E9EAEB8-462D-4F56-AE1B-495506CDF3B2}

2011-09-30 11:59:52 -------- d-----w- c:\users\frank\appdata\local\{092686F2-AA1E-425B-8A3A-CEC29911F9AF}

2011-09-29 23:59:26 -------- d-----w- c:\users\frank\appdata\local\{C3207B32-1356-4FF9-975A-93C85CEB169C}

2011-09-29 11:58:59 -------- d-----w- c:\users\frank\appdata\local\{BF186E65-D5EF-41B0-B381-12A65BF7D7A8}

2011-09-28 23:58:32 -------- d-----w- c:\users\frank\appdata\local\{44EA930F-A432-44DF-A53C-55814BB37E1A}

2011-09-28 11:58:04 -------- d-----w- c:\users\frank\appdata\local\{745D281F-A8DC-44A3-9D24-75A00A1BEAED}

2011-09-27 23:57:38 -------- d-----w- c:\users\frank\appdata\local\{24288C88-4D3F-431B-AA22-6F0D2332ECBC}

2011-09-27 11:57:12 -------- d-----w- c:\users\frank\appdata\local\{D46424A5-C5D4-4A16-8D92-A29859F1E852}

2011-09-27 11:57:00 -------- d-----w- c:\users\frank\appdata\local\{484DAFAF-F9DA-49B6-9D2F-0A8DE2609147}

2011-09-26 23:56:34 -------- d-----w- c:\users\frank\appdata\local\{8D72B93F-4366-426A-81B3-12ED7A345323}

2011-09-26 11:56:08 -------- d-----w- c:\users\frank\appdata\local\{CCFE5023-8121-41AC-836D-7D34713A3457}

2011-09-26 11:55:56 -------- d-----w- c:\users\frank\appdata\local\{49AF4113-F4B6-4C7E-BE6E-AFEA7A51D99F}

2011-09-25 23:55:26 -------- d-----w- c:\users\frank\appdata\local\{C1940BE9-403A-4591-B6DD-7BE89F066604}

2011-09-25 11:55:00 -------- d-----w- c:\users\frank\appdata\local\{0F1F9EDC-D883-4845-8333-E0943551BD72}

2011-09-24 23:54:35 -------- d-----w- c:\users\frank\appdata\local\{55FD2EA5-D639-4960-BE5B-0757FA9585A9}

2011-09-24 11:53:46 -------- d-----w- c:\users\frank\appdata\local\{FFD5B0C6-680D-47F4-9A5C-F6FFE93E0682}

2011-09-23 23:27:43 -------- d-----w- c:\users\frank\appdata\local\{A97B8E2C-7CA1-427B-A347-A993E178D9DF}

2011-09-23 23:27:31 -------- d-----w- c:\users\frank\appdata\local\{308CC9E9-788A-4BB5-9707-38B0E8580738}

2011-09-23 02:41:34 -------- d-----w- c:\users\frank\appdata\local\{6EC89023-023F-4401-A744-C2640C536DCD}

2011-09-22 14:41:08 -------- d-----w- c:\users\frank\appdata\local\{D4AC55DC-EDFB-4AD7-AE9D-9B76D9181A80}

2011-09-22 02:40:29 -------- d-----w- c:\users\frank\appdata\local\{C5F78752-911F-44C7-868B-71B8F46E7DD6}

2011-09-22 02:40:10 -------- d-----w- c:\users\frank\appdata\local\{ACC4595B-DD4C-4533-98E0-C5B38E273311}

2011-09-21 11:28:35 -------- d-----w- c:\users\frank\appdata\local\{273BD0DC-966B-4F17-9CAF-12A8CFF7DA20}

2011-09-20 23:28:09 -------- d-----w- c:\users\frank\appdata\local\{3CCBCE0F-95AF-468A-9B51-C3C70D3CBC6C}

2011-09-20 11:27:43 -------- d-----w- c:\users\frank\appdata\local\{96931B50-623A-4DED-BB0B-DA33DA813C11}

2011-09-20 11:27:32 -------- d-----w- c:\users\frank\appdata\local\{E137D891-3A49-4996-9724-AA0B31845542}

2011-09-19 23:27:05 -------- d-----w- c:\users\frank\appdata\local\{84B2322F-F1BA-43B3-982E-C0ED33FFF14B}

2011-09-19 11:26:39 -------- d-----w- c:\users\frank\appdata\local\{54754FA9-C469-4D4C-9CF5-ED6C7CEBAD65}

2011-09-19 11:26:26 -------- d-----w- c:\users\frank\appdata\local\{A2C99025-4DA8-4353-A2E9-DA4CCA78C81A}

2011-09-18 23:25:47 -------- d-----w- c:\users\frank\appdata\local\{794A9CDB-6E3B-4B43-B24F-ED9134966265}

2011-09-18 08:59:31 -------- d-----w- c:\users\frank\appdata\local\{D67295ED-C186-4547-83FA-C4DCBBDF32E3}

2011-09-17 20:59:06 -------- d-----w- c:\users\frank\appdata\local\{9053A681-3A73-45BA-9731-8BB4104FB87A}

2011-09-17 08:58:40 -------- d-----w- c:\users\frank\appdata\local\{E92976EC-D055-43F0-8D93-011284F982C8}

2011-09-16 20:58:14 -------- d-----w- c:\users\frank\appdata\local\{8142E4F8-8438-4413-80C7-C75FB5D67991}

2011-09-16 08:57:47 -------- d-----w- c:\users\frank\appdata\local\{56693737-7BFD-489F-83B1-850860FF7036}

.

==================== Find3M ====================

.

2011-10-13 01:54:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-07 10:18:32 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-07 10:18:32 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-10-07 10:18:31 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-07 10:18:31 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-26 07:29:34 60 ----a-w- c:\windows\wpd99.drv

2011-08-19 15:01:27 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2011-07-19 10:58:42 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

.

============= FINISH: 17:14:13.06 ===============

DDS.txt

Attach.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.