Hijackthis log?

[wolfeking]

Issue : affecting all browsers (chrome, FF5, IE9, Opera). Tried uninstall and reinstall on chrome and FF5, to no affect. Issue is presented as a redirect from any search engine search. For instance, if I google "acer" and click on the link, it redirects me to another site. See attachment below.

maleware bytes ran after Rkill.exe showed no maleware.

Hijackthis log is:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:44:57 PM, on 8/5/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\wolfe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-959880353-1699106330-520933104-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-959880353-1699106330-520933104-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll, wbsys.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

[johnb35]

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

 

[wolfeking]

it didnt find anything.

 

[johnb35]

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

I'm going out for a bit, be back later to reply after you post your log.

 

[wolfeking]

I got to be at school in 30 minutes john, But ill run and give results when im back. Thank you for your help so far.

 

[wolfeking]

ComboFix 11-08-05.02 - wolfe 08/05/2011 19:49:15.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3767.2300 [GMT -4:00]
Running from: c:\users\wolfe\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Steam\Steam.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 23:54 . 2011-08-05 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-05 17:35 . 2011-08-05 17:35 388096 ----a-r- c:\users\wolfe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-05 17:35 . 2011-08-05 17:35 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-05 15:38 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05F188D0-48CD-43EF-92D4-C760F77A2625}\mpengine.dll
2011-07-31 10:19 . 2011-07-31 10:19 -------- d-----w- c:\users\wolfe\AppData\Local\Apps
2011-07-31 10:19 . 2011-07-31 10:20 -------- d-----w- c:\users\wolfe\AppData\Local\Deployment
2011-07-23 23:41 . 2011-07-23 23:41 -------- d-----w- c:\users\wolfe\AppData\Local\ODUI
2011-07-23 23:41 . 2011-07-23 23:41 -------- d-----w- c:\users\wolfe\AppData\Local\Stardock
2011-07-23 23:33 . 2011-07-23 23:33 -------- d-----w- c:\users\wolfe\AppData\Roaming\ValuSoft
2011-07-22 08:35 . 2011-07-22 08:35 -------- d-----w- c:\program files (x86)\18 WoS Pedal to the Metal
2011-07-22 08:04 . 2011-07-22 08:04 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-07-21 08:01 . 2011-07-21 08:01 -------- d-----w- c:\program files (x86)\RocketDock
2011-07-21 07:49 . 2010-06-07 18:59 53904 ----a-w- c:\windows\system32\wbload.dll
2011-07-21 07:49 . 2010-06-07 18:59 57904 ----a-w- c:\windows\SysWow64\wbload.dll
2011-07-21 07:49 . 2008-04-26 19:14 42672 ----a-w- c:\windows\SysWow64\wbsys.dll
2011-07-21 01:39 . 2011-07-21 01:39 -------- d-----w- c:\program files\CCleaner
2011-07-19 02:00 . 2011-07-20 02:03 -------- d-----w- c:\users\wolfe\AppData\Roaming\FinalMediaPlayer
2011-07-19 02:00 . 2011-07-19 02:00 -------- d-----w- c:\program files (x86)\FinalMediaPlayer
2011-07-18 02:56 . 2011-07-18 02:56 -------- d-----w- c:\program files (x86)\EA Games
2011-07-18 02:51 . 2005-04-04 03:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-07-18 02:51 . 2005-04-04 03:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-07-18 02:51 . 2005-04-04 03:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-07-18 02:51 . 2005-04-04 03:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-07-18 02:51 . 2005-04-04 03:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-07-18 02:51 . 2005-04-04 02:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-07-18 02:51 . 2011-07-18 02:51 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-07-18 02:51 . 2011-07-18 02:51 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-07-17 04:34 . 2011-07-17 04:34 -------- d-----w- c:\windows\system32\SPReview
2011-07-17 04:33 . 2011-07-17 04:33 -------- d-----w- c:\windows\system32\EventProviders
2011-07-16 11:29 . 2011-07-16 11:29 -------- d-----w- c:\users\wolfe\AppData\Roaming\Stardock
2011-07-16 11:29 . 2011-07-23 23:41 -------- dc-h--w- c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2011-07-16 11:29 . 2011-07-16 11:29 -------- d-----w- c:\users\wolfe\AppData\Local\PackageAware
2011-07-16 08:21 . 2011-07-16 11:29 -------- d-----w- c:\program files (x86)\Stardock
2011-07-15 04:51 . 2011-07-17 02:39 -------- d-----w- c:\users\wolfe\VirtualBox VMs
2011-07-15 04:50 . 2011-07-17 02:39 -------- d-----w- c:\users\wolfe\.VirtualBox
2011-07-15 04:48 . 2011-06-24 19:04 219440 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-07-15 04:48 . 2011-06-24 19:05 44848 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-07-15 04:48 . 2011-07-15 04:48 -------- d-----w- c:\program files\Oracle
2011-07-14 03:23 . 2011-07-14 03:23 -------- d-----w- C:\found.000
2011-07-13 01:11 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-12 08:44 . 2011-07-12 08:44 -------- d-----w- c:\users\wolfe\AppData\Local\PBlackout
2011-07-12 06:55 . 2011-07-12 06:55 -------- d-----w- C:\SG Interactive
2011-07-12 06:33 . 2011-07-17 22:49 -------- d-----w- c:\users\wolfe\AppData\Local\PMB Files
2011-07-12 06:33 . 2011-07-17 07:29 -------- d-----w- c:\programdata\PMB Files
2011-07-12 06:33 . 2011-07-12 06:33 -------- d-----w- c:\program files (x86)\Pando Networks
2011-07-11 08:11 . 2011-07-11 08:11 -------- d-----w- C:\ubuntu
2011-07-11 06:29 . 2011-07-11 06:29 -------- d-----w- c:\users\wolfe\AppData\Local\NeoSmart_Technologies
2011-07-11 06:26 . 2011-07-11 07:47 -------- d-----w- C:\NST
2011-07-11 06:25 . 2011-07-11 06:25 -------- d-----w- c:\program files (x86)\NeoSmart Technologies
2011-07-10 21:33 . 2011-07-10 21:33 -------- d-----w- c:\users\wolfe\AppData\Local\World in Conflict - DEMO
2011-07-10 21:25 . 2011-07-10 21:25 -------- d-----w- c:\users\wolfe\AppData\Local\Adobe
2011-07-10 21:18 . 2011-07-10 21:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-10 18:55 . 2011-08-05 15:34 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-07-10 18:55 . 2011-08-05 23:54 -------- d-----w- c:\program files (x86)\Steam
2011-07-10 03:44 . 2011-07-23 20:56 -------- d-----r- c:\users\wolfe\Virtual Machines
2011-07-10 03:33 . 2009-12-31 10:04 360712 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2011-07-10 03:33 . 2009-12-31 09:52 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2011-07-10 03:33 . 2009-12-31 09:52 4514816 ----a-w- c:\windows\system32\vpc.exe
2011-07-10 03:33 . 2009-12-31 07:29 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2011-07-10 03:25 . 2009-09-23 01:51 13312 ----a-w- c:\windows\system32\drivers\en-US\vpcvmm.sys.mui
2011-07-10 03:25 . 2009-09-23 01:46 66304 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2011-07-10 03:24 . 2009-09-23 01:51 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcnfltr.sys.mui
2011-07-10 03:24 . 2009-09-23 01:18 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2011-07-10 03:24 . 2009-09-23 01:51 3584 ----a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui
2011-07-10 03:24 . 2009-09-23 01:32 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2011-07-10 03:24 . 2009-09-23 01:32 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-07-10 03:24 . 2009-09-23 01:32 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2011-07-10 03:24 . 2009-09-23 01:32 187904 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2011-07-10 03:24 . 2009-09-23 01:32 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2011-07-10 03:24 . 2009-09-23 01:51 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcuxd.sys.mui
2011-07-10 03:24 . 2009-09-23 01:51 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui
2011-07-10 03:24 . 2009-09-23 01:33 936448 ----a-w- c:\windows\system32\vmsal.exe
2011-07-10 03:20 . 2011-07-10 03:21 -------- d-----w- c:\program files\Windows XP Mode
2011-07-08 18:57 . 2011-07-08 18:57 -------- d-----w- c:\users\wolfe\AppData\Roaming\Yahoo!
2011-07-08 18:23 . 2011-07-08 18:23 86016 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-07-08 18:23 . 2011-07-08 18:23 262144 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-07-08 18:18 . 2011-07-08 18:18 -------- d-----w- c:\windows\SysWow64\Futuremark
2011-07-08 18:18 . 2004-10-26 00:02 21664 ----a-w- c:\windows\SysWow64\drivers\Entech.sys
2011-07-08 18:18 . 2004-06-22 19:44 5632 ----a-w- c:\windows\SysWow64\drivers\Entech64.sys
2011-07-08 18:18 . 2001-11-19 23:05 3972 ----a-w- c:\windows\SysWow64\drivers\PciBus.sys
2011-07-08 18:16 . 2011-07-08 18:16 -------- d-----w- c:\program files (x86)\Futuremark
2011-07-08 18:16 . 2011-07-08 18:16 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-07-08 18:16 . 2011-07-08 18:16 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-07-08 18:16 . 2005-03-22 21:50 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-07-08 18:16 . 2004-07-16 04:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-07-08 18:16 . 2004-07-16 04:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-07-08 18:16 . 2004-07-16 04:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-07-08 18:16 . 2004-07-16 04:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-07-08 17:05 . 2011-07-08 17:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-08 17:04 . 2011-07-08 17:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-08 17:04 . 2011-07-08 17:04 -------- d-----w- c:\program files (x86)\Java
2011-07-08 11:44 . 2011-07-10 21:39 -------- d-----w- c:\program files (x86)\EVGA Precision
2011-07-08 11:44 . 2011-07-27 07:19 -------- d-----w- c:\users\wolfe\AppData\Local\WinZip
2011-07-07 02:26 . 2011-07-07 02:26 -------- d-----w- c:\program files (x86)\PowerISO
2011-07-07 02:26 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 03:31 . 2011-06-28 06:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-29 07:41 . 2011-06-29 07:41 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-06-29 07:41 . 2011-06-29 07:41 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-06-28 20:28 . 2011-06-28 20:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-28 20:28 . 2011-06-28 20:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-28 20:28 . 2011-06-28 20:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-28 20:28 . 2011-06-28 20:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-28 20:28 . 2011-06-28 20:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-28 20:28 . 2011-06-28 20:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-28 20:28 . 2011-06-28 20:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-28 20:28 . 2011-06-28 20:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-28 20:28 . 2011-06-28 20:28 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-28 20:28 . 2011-06-28 20:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-28 20:28 . 2011-06-28 20:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-28 20:28 . 2011-06-28 20:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-28 20:28 . 2011-06-28 20:28 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-28 20:28 . 2011-06-28 20:28 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-06-28 20:28 . 2011-06-28 20:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-28 20:28 . 2011-06-28 20:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-28 20:28 . 2011-06-28 20:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-28 20:28 . 2011-06-28 20:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-28 20:28 . 2011-06-28 20:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-28 20:28 . 2011-06-28 20:28 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-28 20:28 . 2011-06-28 20:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-28 20:28 . 2011-06-28 20:28 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-28 20:28 . 2011-06-28 20:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-28 20:28 . 2011-06-28 20:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-28 20:28 . 2011-06-28 20:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-28 20:28 . 2011-06-28 20:28 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-28 20:28 . 2011-06-28 20:28 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-28 20:28 . 2011-06-28 20:28 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-28 20:28 . 2011-06-28 20:28 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-28 20:28 . 2011-06-28 20:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-28 20:28 . 2011-06-28 20:28 448512 ----a-w- c:\windows\system32\html.iec
2011-06-28 20:28 . 2011-06-28 20:28 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-28 20:28 . 2011-06-28 20:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-28 20:28 . 2011-06-28 20:28 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-06-28 20:28 . 2011-06-28 20:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-28 20:28 . 2011-06-28 20:28 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-28 20:28 . 2011-06-28 20:28 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-28 20:28 . 2011-06-28 20:28 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-28 20:28 . 2011-06-28 20:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-28 20:28 . 2011-06-28 20:28 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-28 20:28 . 2011-06-28 20:28 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-28 20:28 . 2011-06-28 20:28 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-27 02:17 . 2011-06-27 02:17 206208 ----a-w- c:\windows\PLFSetI.exe
2011-06-24 19:05 . 2011-06-24 19:05 164656 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-06-24 19:05 . 2011-06-24 19:05 144688 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-06-24 19:04 . 2011-06-24 19:04 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-06-02 05:56 . 2011-07-13 01:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-29 16:11 . 2011-06-28 06:13 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2011-06-28 06:13 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 12:56 . 2011-05-28 12:56 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-05-24 23:14 . 2011-06-27 02:54 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:21 . 2011-06-29 14:48 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 14:48 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 14:48 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 14:48 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 14:48 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-10 15:06 . 2011-05-10 15:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-06-29 273544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\wolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-11-23 18:38 539952 ----a-w- c:\program files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-28 1620584]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-07-19 19:24]
.
2011-08-05 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-06-27 23:50]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-959880353-1699106330-520933104-1000Core.job
- c:\users\wolfe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 10:20]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-959880353-1699106330-520933104-1000UA.job
- c:\users\wolfe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 10:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF10929.cfxxe" [X]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-06-27 206208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\wolfe\AppData\Roaming\Mozilla\Firefox\Profiles\qxn2xggv.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
Toolbar-Locked - (no file)
AddRemove-Steam App 21940 - c:\program files (x86)\Steam\steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
.
**************************************************************************
.
Completion time: 2011-08-05 20:00:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-06 00:00
.
Pre-Run: 409,736,388,608 bytes free
Post-Run: 409,489,965,056 bytes free
.
- - End Of File - - F4CABF684E9EBDDDBE44CBBAE0FF79F9

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:11 PM, on 8/5/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-21-959880353-1699106330-520933104-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-959880353-1699106330-520933104-1001\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-959880353-1699106330-520933104-1001\..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-959880353-1699106330-520933104-1001\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-959880353-1699106330-520933104-1001\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-959880353-1699106330-520933104-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8523 bytes



it is now connecting links without redirecting. I hadnt noticed any other actions going on to give any more insight. So as for as i know, its foxed now.

 

[johnb35]

Thats good, just let me know if you still have issues. I skimmed through the log real quickly and didn't see anything that stood out but give me a day or so to thoroughly go through it. Just got done mowing so kinda tired right now too even think straight.