Solved Google Redirect Issue

quirkymac · 2010/03/27

"broni said: ↑

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns

Restart computer.
Click to expand...

the ipconfig /registerdns came back saying it requires elevation

quirkymac · 2010/03/27

just ran the cmd prompt as administrator and that did the trick....have restarted

broni · 2010/03/27

No redirections anymore?

quirkymac · 2010/03/28

Unfortunately the redirection is still happening.
I just did a search for great moments
the first in the list was www.greatmomentsinc.com but I got taken to
http://au.yahoo.com/?p=us instead

broni · 2010/03/28

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

quirkymac · 2010/03/28

Sorry I had got so frustrated last night I tried two scans - Microsoft One Care Scanner and AVG antivirus scanner (neither found anything).

Combofix report
ComboFix 10-03-28.01 - Milne Clan 29/03/2010 7:12.6.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.2006.1200 [GMT 11:00]
Running from: c:\users\Milne Clan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 20:16 . 2010-03-28 20:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-28 20:16 . 2010-03-28 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-28 20:11 . 2010-03-28 20:12 -------- d-----w- C:\32788R22FWJFW
2010-03-27 23:15 . 2010-03-27 23:15 -------- d-----w- c:\program files\AVG
2010-03-27 04:30 . 2010-03-27 05:12 -------- d-----w- c:\users\Milne Clan\DoctorWeb
2010-03-27 04:16 . 2010-03-27 20:10 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\GetRight
2010-03-26 09:46 . 2010-03-26 09:46 -------- d-----w- c:\users\Milne Clan\AppData\Local\Mozilla
2010-03-26 04:38 . 2010-03-26 04:38 -------- d-----w- c:\windows\Sun
2010-03-26 02:23 . 2010-03-26 02:23 -------- d-----w- C:\_OTL
2010-03-25 23:13 . 2010-03-25 23:13 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Malwarebytes
2010-03-25 23:13 . 2010-01-07 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 23:13 . 2010-03-25 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 23:13 . 2010-03-25 23:13 -------- d-----w- c:\programdata\Malwarebytes
2010-03-25 23:13 . 2010-01-07 05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 19:36 . 2010-03-28 20:17 -------- d-----w- c:\users\Milne Clan\AppData\Local\temp
2010-03-25 01:32 . 2010-03-25 01:32 -------- d-----w- c:\program files\Trend Micro
2010-03-24 20:48 . 2010-03-24 20:48 388096 ----a-r- c:\users\Milne Clan\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-24 20:48 . 2010-03-24 20:48 -------- d-----w- c:\program files\TrendMicro
2010-03-23 19:27 . 2010-03-23 19:27 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-23 19:27 . 2010-03-23 19:27 -------- d-----w- c:\programdata\Hitman Pro
2010-03-23 19:27 . 2010-03-23 19:27 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-03-18 12:18 . 2010-03-20 09:38 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\vlc
2010-03-18 12:18 . 2010-03-18 12:18 -------- d-----w- c:\program files\VideoLAN
2010-03-11 17:17 . 2010-03-11 17:17 -------- d-----w- c:\windows\system32\Wat
2010-03-11 17:16 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-03-11 17:16 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-11 17:16 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-03-11 17:16 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-11 17:16 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-03-11 17:16 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-11 17:16 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-11 17:16 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-11 17:16 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-11 17:16 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-11 17:16 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-09 06:48 . 2010-03-09 06:48 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\LEAPS
2010-03-09 06:46 . 2010-03-09 06:46 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Pegasys Inc
2010-03-09 06:43 . 2010-03-09 06:43 -------- d-----w- c:\program files\Pegasys Inc
2010-03-04 19:03 . 2010-03-04 19:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-03-04 19:03 . 2010-03-04 19:03 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 06:10 . 2010-02-09 11:54 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-28 02:28 . 2010-02-14 14:54 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Skype
2010-03-27 21:02 . 2010-02-14 19:05 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\skypePM
2010-03-26 02:31 . 2010-03-26 02:31 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-24 19:08 . 2010-02-05 20:47 -------- d-----w- c:\programdata\Lavasoft
2010-03-24 19:08 . 2010-01-06 07:12 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\uTorrent
2010-03-18 00:08 . 2010-01-07 09:01 1 ----a-w- c:\users\Milne Clan\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-11 16:02 . 2010-01-04 06:29 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-23 23:16 . 2010-01-04 06:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 20:46 . 2010-02-20 20:46 -------- d-----w- c:\program files\SPCA1528
2010-02-20 20:46 . 2010-01-04 06:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 20:53 . 2010-02-19 20:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-14 14:53 . 2010-02-14 14:53 -------- d-----w- c:\program files\Common Files\Skype
2010-02-14 14:53 . 2010-02-14 14:53 -------- d-----r- c:\program files\Skype
2010-02-14 14:53 . 2010-01-28 22:27 -------- d-----w- c:\programdata\Skype
2010-02-05 06:27 . 2010-01-04 05:54 61736 ----a-w- c:\users\Milne Clan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 06:27 . 2010-02-05 06:25 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 11:04 . 2010-02-02 03:03 -------- d-----w- c:\program files\FMS
2010-02-02 07:45 . 2010-02-24 08:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 02:47 . 2010-02-02 02:47 -------- d-----w- c:\program files\HeliSim
2010-02-01 04:11 . 2010-02-01 04:11 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Leawo
2010-01-31 01:54 . 2010-01-24 21:01 539 ----a-w- c:\users\Milne Clan\AppData\Local\CastleLinkProps.dat
2010-01-28 22:28 . 2010-01-28 22:28 -------- d-----w- c:\program files\Common Files\logishrd
2010-01-08 03:18 . 2010-02-10 05:19 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 05:19 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks "= "TpShocks.exe" [2009-07-08 337184]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV "= "c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-08 714016]
"TPHOTKEY "= "c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R "= "c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-19 62752]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-20 1093208]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-18 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [2008-12-16 516480]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [2008-06-27 11648]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-08 75040]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
R4 Vhdmhervm;Vhdmhervm;c:\windows\system32\diskraid.exe [2009-07-14 276480]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-14 62320]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4448)
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
Completion time: 2010-03-29 07:18:19
ComboFix-quarantined-files.txt 2010-03-28 20:18
ComboFix2.txt 2010-03-25 19:36

Pre-Run: 52,728,786,944 bytes free
Post-Run: 52,834,594,816 bytes free

- - End Of File - - EE8092E3ABFE6A624284483154039405

broni · 2010/03/28

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\programdata\ezsidmv.dat


Folder::
C:\32788R22FWJFW


Driver::
Vhdmhervm


Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

quirkymac · 2010/03/28

ComboFix 10-03-28.01 - Milne Clan 29/03/2010 8:00.7.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.2006.1265 [GMT 11:00]
Running from: c:\users\Milne Clan\Desktop\ComboFix.exe
Command switches used :: c:\users\Milne Clan\Desktop\cfscript.txt

FILE ::
"c:\programdata\ezsidmv.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\32788R22FWJFW
c:\32788r22fwjfw\EN-US\cmd.cfxxe.mui
c:\programdata\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Vhdmhervm

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 21:03 . 2010-03-28 21:05 -------- d-----w- c:\users\Milne Clan\AppData\Local\temp
2010-03-28 21:03 . 2010-03-28 21:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-28 21:03 . 2010-03-28 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-27 23:15 . 2010-03-27 23:15 -------- d-----w- c:\program files\AVG
2010-03-27 04:30 . 2010-03-27 05:12 -------- d-----w- c:\users\Milne Clan\DoctorWeb
2010-03-27 04:16 . 2010-03-27 20:10 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\GetRight
2010-03-26 09:46 . 2010-03-26 09:46 -------- d-----w- c:\users\Milne Clan\AppData\Local\Mozilla
2010-03-26 04:38 . 2010-03-26 04:38 -------- d-----w- c:\windows\Sun
2010-03-26 02:23 . 2010-03-26 02:23 -------- d-----w- C:\_OTL
2010-03-25 23:13 . 2010-03-25 23:13 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Malwarebytes
2010-03-25 23:13 . 2010-01-07 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 23:13 . 2010-03-25 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 23:13 . 2010-03-25 23:13 -------- d-----w- c:\programdata\Malwarebytes
2010-03-25 23:13 . 2010-01-07 05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 01:32 . 2010-03-25 01:32 -------- d-----w- c:\program files\Trend Micro
2010-03-24 20:48 . 2010-03-24 20:48 388096 ----a-r- c:\users\Milne Clan\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-24 20:48 . 2010-03-24 20:48 -------- d-----w- c:\program files\TrendMicro
2010-03-23 19:27 . 2010-03-23 19:27 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-23 19:27 . 2010-03-23 19:27 -------- d-----w- c:\programdata\Hitman Pro
2010-03-23 19:27 . 2010-03-23 19:27 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-03-18 12:18 . 2010-03-20 09:38 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\vlc
2010-03-18 12:18 . 2010-03-18 12:18 -------- d-----w- c:\program files\VideoLAN
2010-03-11 17:17 . 2010-03-11 17:17 -------- d-----w- c:\windows\system32\Wat
2010-03-11 17:16 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-03-11 17:16 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-11 17:16 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-03-11 17:16 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-11 17:16 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-03-11 17:16 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-11 17:16 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-11 17:16 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-11 17:16 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-11 17:16 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-11 17:16 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-09 06:48 . 2010-03-09 06:48 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\LEAPS
2010-03-09 06:46 . 2010-03-09 06:46 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Pegasys Inc
2010-03-09 06:43 . 2010-03-09 06:43 -------- d-----w- c:\program files\Pegasys Inc
2010-03-04 19:03 . 2010-03-04 19:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-03-04 19:03 . 2010-03-04 19:03 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 21:06 . 2010-03-28 21:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-28 21:06 . 2010-02-14 19:05 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\skypePM
2010-03-28 21:05 . 2010-02-14 14:54 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Skype
2010-03-28 06:10 . 2010-02-09 11:54 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-24 19:08 . 2010-02-05 20:47 -------- d-----w- c:\programdata\Lavasoft
2010-03-24 19:08 . 2010-01-06 07:12 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\uTorrent
2010-03-18 00:08 . 2010-01-07 09:01 1 ----a-w- c:\users\Milne Clan\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-11 16:02 . 2010-01-04 06:29 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-23 23:16 . 2010-01-04 06:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 20:46 . 2010-02-20 20:46 -------- d-----w- c:\program files\SPCA1528
2010-02-20 20:46 . 2010-01-04 06:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 20:53 . 2010-02-19 20:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-14 14:53 . 2010-02-14 14:53 -------- d-----w- c:\program files\Common Files\Skype
2010-02-14 14:53 . 2010-02-14 14:53 -------- d-----r- c:\program files\Skype
2010-02-14 14:53 . 2010-01-28 22:27 -------- d-----w- c:\programdata\Skype
2010-02-05 06:27 . 2010-01-04 05:54 61736 ----a-w- c:\users\Milne Clan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 06:27 . 2010-02-05 06:25 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 11:04 . 2010-02-02 03:03 -------- d-----w- c:\program files\FMS
2010-02-02 07:45 . 2010-02-24 08:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 02:47 . 2010-02-02 02:47 -------- d-----w- c:\program files\HeliSim
2010-02-01 04:11 . 2010-02-01 04:11 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Leawo
2010-01-31 01:54 . 2010-01-24 21:01 539 ----a-w- c:\users\Milne Clan\AppData\Local\CastleLinkProps.dat
2010-01-28 22:28 . 2010-01-28 22:28 -------- d-----w- c:\program files\Common Files\logishrd
2010-01-08 03:18 . 2010-02-10 05:19 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 05:19 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks "= "TpShocks.exe" [2009-07-08 337184]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV "= "c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-08 714016]
"TPHOTKEY "= "c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R "= "c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-19 62752]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-20 1093208]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-18 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [2008-12-16 516480]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [2008-06-27 11648]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-08 75040]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-14 62320]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2508)
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-03-29 08:08:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-28 21:08
ComboFix2.txt 2010-03-28 20:18
ComboFix3.txt 2010-03-25 19:36

Pre-Run: 51,306,766,336 bytes free
Post-Run: 51,176,595,456 bytes free

- - End Of File - - C202616573C0CF53F12F708F6156AC9B

quirkymac · 2010/03/28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:11 AM, on 29/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5362 bytes

broni · 2010/03/28

How is redirection?

quirkymac · 2010/03/28

Still being redirected.
Search for great moments
Same results. Clicked on first option which should have been www.greatmomentsinc.com

but got taken to

http://www.borders.com.au/book/great-australian-sporting-moments/2796558/

:-(

broni · 2010/03/28

Please download Sophos Anti-rootkit & save it to your desktop.

IMPORTANT!

Disconnect from the Internet or physically unplug you Internet cable connection.

Clean out your temporary files.

Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.

Temporarily disable your anti-virus and real-time anti-spyware protection.

After starting the scan, do not use the computer until the scan has completed.

When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.

Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.

A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now ". Click Yes.

Make sure the following are checked:

Running processes

Windows Registry

Local Hard Drives

Click Start scan.

Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.

When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results ". Click OK to continue.

Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.

Files tagged as Removable: No are not marked for removal and cannot be removed.

Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.

Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.

Select only items recommended for removal, then click "Clean up checked items ". You will be asked to confirm, click Yes.

A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.

After reboot, a dialog box displays the files you selected for removal and the action taken.

Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.

When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log

This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\

quirkymac · 2010/03/29

Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 29/03/2010 at 17:09:59 PM
User "Milne Clan" on computer "MILNECLAN-PC "
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 Win32
Info: Starting registry scan.
Stopped logging on 29/03/2010 at 17:11:12 PM

Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 29/03/2010 at 17:11:50 PM
User "Milne Clan" on computer "MILNECLAN-PC "
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 Win32
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Milne Clan\AppData\Roaming\Microsoft\Windows\Recent\Thomas And Friends(Join Thomas with his carriages Annie and Clarabelle, and friends James, Edward and Percy as they travel the tracks on the Island of Sodor, under the direction of the Fat Co.lnk
Stopped logging on 29/03/2010 at 17:32:35 PM

Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 29/03/2010 at 18:43:02 PM
User "Milne Clan" on computer "MILNECLAN-PC "
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 Win32
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Stopped logging on 29/03/2010 at 19:01:17 PM

Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 29/03/2010 at 19:13:41 PM
User "Milne Clan" on computer "MILNECLAN-PC "
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 Win32
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Stopped logging on 29/03/2010 at 19:33:37 PM

quirkymac · 2010/03/29

If you are not getting frustrated by now I will get frustrated for you!!

Still getting redirected and nothing was found in the Sophos scan.

quirkymac · 2010/03/29

There are another couple of symptoms. I cannot use windows update, I can't update windows security essentials or windows defender.
Plus some websites just seem to fail for no apparent reason.

quirkymac · 2010/03/29

I have been doing a lot of reading (and learning) during this process. One thing that I came across that was of interest was the possibility that my DNS lookup was mucked up. I have just manually changed the DNS addresses to that of my internet provider and as a result I am now able to update windows, update windows security essentials and even better am able to access the online scanners. I have gone back a few pages and am currently downloading the updates for the Kaspersky Online scanner. Please let me know if is still ok to run this at this time.

I don't know if it is unrelated but for the first time, I am not getting redirected either.
Is it possible that something went in and mucked up those DNS server addresses?

Food for thought.

quirkymac · 2010/03/29

FWIW the DNS Server addresses were set to Auto previously

broni · 2010/03/29

Is it possible that something went in and mucked up those DNS server addresses?
Click to expand...

Very possible.

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew

Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

quirkymac · 2010/03/29

ComboFix 10-03-28.03 - Milne Clan 30/03/2010 7:15.8.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.2006.1264 [GMT 11:00]
Running from: c:\users\Milne Clan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 20:20 . 2010-03-29 20:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-29 20:20 . 2010-03-29 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-29 20:14 . 2010-03-29 20:14 -------- d-----w- C:\32788R22FWJFW
2010-03-29 12:09 . 2010-03-29 12:09 -------- d-----w- c:\users\Milne Clan\Pavark
2010-03-29 11:38 . 2010-03-29 11:38 -------- d-----w- c:\programdata\F-Secure
2010-03-29 06:09 . 2010-03-29 06:09 -------- d-----w- c:\program files\Sophos
2010-03-28 21:03 . 2010-03-29 20:20 -------- d-----w- c:\users\Milne Clan\AppData\Local\temp
2010-03-27 23:15 . 2010-03-27 23:15 -------- d-----w- c:\program files\AVG
2010-03-27 04:30 . 2010-03-27 05:12 -------- d-----w- c:\users\Milne Clan\DoctorWeb
2010-03-27 04:16 . 2010-03-27 20:10 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\GetRight
2010-03-26 09:46 . 2010-03-26 09:46 -------- d-----w- c:\users\Milne Clan\AppData\Local\Mozilla
2010-03-26 04:38 . 2010-03-26 04:38 -------- d-----w- c:\windows\Sun
2010-03-26 02:23 . 2010-03-26 02:23 -------- d-----w- C:\_OTL
2010-03-25 23:13 . 2010-03-25 23:13 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Malwarebytes
2010-03-25 23:13 . 2010-01-07 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 23:13 . 2010-03-25 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 23:13 . 2010-03-25 23:13 -------- d-----w- c:\programdata\Malwarebytes
2010-03-25 23:13 . 2010-01-07 05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 01:32 . 2010-03-25 01:32 -------- d-----w- c:\program files\Trend Micro
2010-03-23 19:27 . 2010-03-29 12:51 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-23 19:27 . 2010-03-23 19:27 -------- d-----w- c:\programdata\Hitman Pro
2010-03-23 19:27 . 2010-03-23 19:27 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-03-18 12:18 . 2010-03-20 09:38 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\vlc
2010-03-18 12:18 . 2010-03-18 12:18 -------- d-----w- c:\program files\VideoLAN
2010-03-11 17:17 . 2010-03-11 17:17 -------- d-----w- c:\windows\system32\Wat
2010-03-11 17:16 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-03-11 17:16 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-11 17:16 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-03-11 17:16 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-11 17:16 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-03-11 17:16 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-11 17:16 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-11 17:16 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-11 17:16 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-11 17:16 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-11 17:16 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-09 06:48 . 2010-03-09 06:48 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\LEAPS
2010-03-09 06:46 . 2010-03-09 06:46 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Pegasys Inc
2010-03-09 06:43 . 2010-03-09 06:43 -------- d-----w- c:\program files\Pegasys Inc
2010-03-04 19:03 . 2010-03-04 19:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-03-04 19:03 . 2010-03-04 19:03 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 19:58 . 2010-02-14 14:54 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Skype
2010-03-29 19:50 . 2010-02-14 19:05 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\skypePM
2010-03-29 12:58 . 2010-02-09 11:54 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-28 21:06 . 2010-03-28 21:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-24 19:08 . 2010-02-05 20:47 -------- d-----w- c:\programdata\Lavasoft
2010-03-24 19:08 . 2010-01-06 07:12 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\uTorrent
2010-03-18 00:08 . 2010-01-07 09:01 1 ----a-w- c:\users\Milne Clan\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-11 16:02 . 2010-01-04 06:29 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-23 23:16 . 2010-01-04 06:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 20:46 . 2010-02-20 20:46 -------- d-----w- c:\program files\SPCA1528
2010-02-20 20:46 . 2010-01-04 06:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 20:53 . 2010-02-19 20:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-14 14:53 . 2010-02-14 14:53 -------- d-----w- c:\program files\Common Files\Skype
2010-02-14 14:53 . 2010-02-14 14:53 -------- d-----r- c:\program files\Skype
2010-02-14 14:53 . 2010-01-28 22:27 -------- d-----w- c:\programdata\Skype
2010-02-05 06:27 . 2010-01-04 05:54 61736 ----a-w- c:\users\Milne Clan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 06:27 . 2010-02-05 06:25 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 11:04 . 2010-02-02 03:03 -------- d-----w- c:\program files\FMS
2010-02-02 07:45 . 2010-02-24 08:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 02:47 . 2010-02-02 02:47 -------- d-----w- c:\program files\HeliSim
2010-02-01 04:11 . 2010-02-01 04:11 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\Leawo
2010-01-31 01:54 . 2010-01-24 21:01 539 ----a-w- c:\users\Milne Clan\AppData\Local\CastleLinkProps.dat
2010-01-28 22:28 . 2010-01-28 22:28 -------- d-----w- c:\program files\Common Files\logishrd
2010-01-08 03:18 . 2010-02-10 05:19 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 05:19 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-28_21.05.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-29 12:27 . 2010-02-18 07:25 64000 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.20647_none_bc3706ac223b0ec9\iecompat.dll
+ 2010-03-29 12:27 . 2010-02-18 07:26 64000 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.16532_none_bbb3385b0919d45b\iecompat.dll
+ 2010-01-04 17:15 . 2010-03-29 19:52 27520 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-03-29 19:52 39254 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-04 04:51 . 2010-03-29 13:04 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-04 04:51 . 2010-03-28 20:23 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-04 04:51 . 2010-03-29 13:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-04 04:51 . 2010-03-28 20:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-03-29 13:04 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-03-28 20:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-04 05:44 . 2010-03-28 21:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-04 05:44 . 2010-03-29 19:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-03-29 20:07 93984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-01-04 05:44 . 2010-03-28 21:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-04 05:44 . 2010-03-29 19:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-04 05:44 . 2010-03-29 19:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-04 05:44 . 2010-03-28 21:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-04 08:14 . 2010-03-28 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-04 08:14 . 2010-03-29 19:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-06 23:07 . 2010-03-28 20:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-06 23:07 . 2010-03-29 20:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-06 23:07 . 2010-03-28 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-01-06 23:07 . 2010-03-29 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-06 23:07 . 2010-03-28 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-06 23:07 . 2010-03-29 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-04 08:14 . 2010-03-28 21:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-04 08:14 . 2010-03-29 20:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-04 08:14 . 2010-03-29 19:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-04 08:14 . 2010-03-28 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-04 05:53 . 2010-03-29 19:52 6714 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4145999798-798303625-3923857219-1000_UserData.bin
- 2010-03-28 00:00 . 2010-03-28 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-29 19:50 . 2010-03-29 19:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-29 19:50 . 2010-03-29 19:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-28 00:00 . 2010-03-28 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-04 05:43 . 2010-03-29 19:38 263504 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:03 . 2010-03-28 20:59 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-03-29 20:07 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 04:34 . 2010-03-29 19:52 3934586 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2010-03-27 23:44 3934586 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-01-04 17:07 . 2010-03-28 00:00 2073840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-01-04 17:07 . 2010-03-29 19:46 2073840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 07:18 . 2010-03-29 12:25 16546262 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks "= "TpShocks.exe" [2009-07-08 337184]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV "= "c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-08 714016]
"TPHOTKEY "= "c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R "= "c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-19 62752]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-20 1093208]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-18 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [2008-12-16 516480]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [2008-06-27 11648]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FCF4.tmp [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-08 75040]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-14 62320]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {9B638304-CF75-4D9E-88E0-E351FAF05BFA} = 192.231.203.132,192.231.203.3
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath "= "\??\c:\windows\system32\FCF4.tmp "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3780)
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
Completion time: 2010-03-30 07:22:15
ComboFix-quarantined-files.txt 2010-03-29 20:22
ComboFix2.txt 2010-03-28 21:08
ComboFix3.txt 2010-03-28 20:18
ComboFix4.txt 2010-03-25 19:36

Pre-Run: 48,751,693,824 bytes free
Post-Run: 49,036,922,880 bytes free

- - End Of File - - 36B67B307A94DA1FE8203E8A137088D6

broni · 2010/03/29

No need for Combofix log. Nothing there.

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

Did you see my previous reply?
When you're done with those, please post fresh HJT log.

Log in or Sign up

Solved Google Redirect Issue

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Google Redirect Issue

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches