Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Redirect link from search results

This is a discussion on Redirect link from search results within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category.


Reply
 
Thread Tools Search this Thread
Old 01-24-2011, 08:30 PM   #21
Registered Member
 
Join Date: Jan 2011
Posts: 15
OS: Vista



Everything seems to be running fine...

ComboFix 11-01-24.01 - Joey 01/24/2011 20:01:19.6.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.4446 [GMT -8:00]
Running from: c:\users\Joey\Desktop\ComboFix.exe
Command switches used :: c:\users\Joey\Desktop\CFScript.txt.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.
2011-01-25 04:25 . 2011-01-25 04:25 -------- d-----w- c:\users\Joey\AppData\Local\temp
2011-01-25 04:25 . 2011-01-25 04:25 -------- d-----w- c:\users\Shauntee\AppData\Local\temp
2011-01-25 04:25 . 2011-01-25 04:25 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-01-25 04:25 . 2011-01-25 04:25 -------- d-----w- c:\users\Mcx1.Joey-PC\AppData\Local\temp
2011-01-25 04:25 . 2011-01-25 04:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-23 01:16 . 2011-01-23 01:16 -------- d-----w- c:\program files (x86)\AnvSoft
2011-01-23 00:38 . 2011-01-23 00:45 -------- d-----w- c:\users\Joey\AppData\Local\FLVService
2011-01-23 00:38 . 2011-01-23 00:38 -------- d-----w- c:\windows\Freecorder
2011-01-19 06:50 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-08 16:33 . 2011-01-08 16:33 -------- d-----w- c:\users\Joey\AppData\Roaming\McAfee
2011-01-08 01:23 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-01-07 01:01 . 2011-01-12 17:36 -------- d-sh--w- c:\programdata\F673C52F4964B655BF988D87EC6BD273
2011-01-07 00:54 . 2011-01-07 01:17 -------- d-----w- c:\users\Joey\AppData\Roaming\FrostWire
2011-01-06 21:33 . 2011-01-06 21:33 -------- d-----w- c:\users\Joey\AppData\Local\Ares
2011-01-06 21:29 . 2011-01-06 21:29 -------- d-----w- c:\users\Joey\AppData\Roaming\WhiteSmokeSetup
2011-01-06 21:04 . 2011-01-08 04:28 -------- d-----w- c:\users\Joey\AppData\Roaming\uTorrent
2011-01-06 20:53 . 2011-01-06 21:03 -------- d-----w- c:\users\Joey\AppData\Roaming\Azureus
2011-01-06 20:52 . 2011-01-07 18:33 -------- d-----w- c:\program files (x86)\Microsoft
2011-01-06 20:32 . 2011-01-06 20:48 -------- dc-h--w- c:\programdata\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
2011-01-06 20:32 . 2011-01-06 20:32 -------- d-----w- c:\users\Joey\AppData\Local\PackageAware
2011-01-06 20:12 . 2011-01-06 20:12 -------- d-----w- c:\users\Joey\AppData\Roaming\Shareaza
2011-01-06 20:12 . 2011-01-06 20:12 -------- d-----w- c:\users\Joey\AppData\Local\Shareaza
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 02:08 . 2010-04-06 05:52 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 16:30 . 2010-12-10 16:30 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-13 02:53 . 2010-04-27 16:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-06 11:18 . 2010-12-15 02:54 500224 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:18 . 2010-12-15 02:54 655872 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 11:18 . 2010-12-15 02:54 410112 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 11:18 . 2010-12-15 02:54 855040 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 23:58 . 2010-12-15 02:54 267776 ----a-w- c:\windows\system32\taskeng.exe
2010-11-04 18:55 . 2010-12-15 02:54 352768 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-04 18:55 . 2010-12-15 02:54 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-04 16:34 . 2010-12-15 02:54 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 06:27 . 2010-12-15 02:54 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 06:24 . 2010-12-15 02:54 56832 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 06:23 . 2010-12-15 02:54 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 06:23 . 2010-12-15 02:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 06:23 . 2010-12-15 02:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 06:01 . 2010-12-15 02:54 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-02 05:57 . 2010-12-15 02:54 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 02:54 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 02:54 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2010-11-02 05:57 . 2010-12-15 02:54 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2010-11-02 05:25 . 2010-12-15 02:54 479232 ----a-w- c:\windows\system32\html.iec
2010-11-02 05:01 . 2010-12-15 02:54 385024 ----a-w- c:\windows\SysWow64\html.iec
2010-11-02 04:45 . 2010-12-15 02:54 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:44 . 2010-12-15 02:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:26 . 2010-12-15 02:54 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 02:54 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-10-28 16:29 . 2010-12-15 02:55 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 15:44 . 2010-12-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-28 14:05 . 2010-12-15 02:55 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:56 . 2010-12-15 02:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-28 13:27 . 2010-12-15 02:55 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-10-28 13:20 . 2010-12-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-01-18_05.37.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2011-01-24 17:04 68630 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-01-24 17:04 77630 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-07 19:26 . 2011-01-24 17:04 15128 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2779074688-2388615802-4117364774-1000_UserData.bin
- 2009-02-07 19:23 . 2011-01-17 16:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-07 19:23 . 2011-01-25 01:10 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-07 19:23 . 2011-01-17 16:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-07 19:23 . 2011-01-25 01:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-07 19:23 . 2011-01-17 16:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-07 19:23 . 2011-01-25 01:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-28 01:39 . 2011-01-17 16:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-28 01:39 . 2011-01-24 17:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-28 01:39 . 2011-01-17 16:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-28 01:39 . 2011-01-24 17:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-28 01:39 . 2011-01-17 16:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-28 01:39 . 2011-01-24 17:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-05 16:14 . 2011-01-24 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-05 16:14 . 2011-01-17 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-05 16:14 . 2011-01-24 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-05 16:14 . 2011-01-17 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-17 16:21 . 2011-01-17 16:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-24 17:02 . 2011-01-24 17:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-24 17:02 . 2011-01-24 17:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-17 16:21 . 2011-01-17 16:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-05 03:27 . 2011-01-17 16:34 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-04-05 03:27 . 2011-01-24 20:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-23 00:38 . 2011-01-23 00:38 473600 c:\windows\Freecorder\uninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Google Update"="c:\users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-16 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-21 53248]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-14 421160]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-12 113664]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-9-23 2109760]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-9-23 9085760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 0006831295917820mcinstcleanup;McAfee Application Installer Cleanup (0006831295917820);c:\windows\TEMP\000683~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 135664]
R2 MSDTC32;Distributed Transaction Coordinator ;c:\windows\system32\fwremotesvr32.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 94864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-10-16 50176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 75032]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 283360]
S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2010-11-24 101048]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-09-23 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 62800]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 441328]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464]

--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 04:20]
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 04:20]
2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2779074688-2388615802-4117364774-1000Core.job
- c:\users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 06:33]
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2779074688-2388615802-4117364774-1000UA.job
- c:\users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 06:33]
.
--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-04 6455840]
"Skytel"="Skytel.exe" [2008-08-04 1833504]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 203288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 167448]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1208&m=dx4710-09
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\gkui0crf.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-01-24 20:28:21
ComboFix-quarantined-files.txt 2011-01-25 04:28
ComboFix2.txt 2011-01-21 19:05
ComboFix3.txt 2011-01-21 18:29
ComboFix4.txt 2011-01-19 05:55
ComboFix5.txt 2011-01-25 03:56
Pre-Run: 365,214,572,544 bytes free
Post-Run: 365,232,291,840 bytes free
- - End Of File - - FB466330C3885D0F209F7C09519DCAAF

__________________
LakeShow is offline   Reply With Quote
Old 01-25-2011, 05:31 PM   #22
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



Log looks good. How is everything running??

__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 01-25-2011, 06:01 PM   #23
Registered Member
 
Join Date: Jan 2011
Posts: 15
OS: Vista



Quote:
Originally Posted by sjpritch25 View Post
Log looks good. How is everything running??
Cool. Thanks for your help. Everything is running good.
__________________
LakeShow is offline   Reply With Quote
Old 01-25-2011, 07:09 PM   #24
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter.

Your welcome
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 01-25-2011, 10:25 PM   #25
Registered Member
 
Join Date: Jan 2011
Posts: 15
OS: Vista



Quote:
Originally Posted by sjpritch25 View Post
Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter.

Your welcome
Tried that but it could not find the file. I saved combofix to my desktop. Would I need to uninstall it still? I did not see combofix under programs.
__________________
LakeShow is offline   Reply With Quote
Old 01-26-2011, 05:03 PM   #26
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



Do you still have the icon on the desktop?
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 01-26-2011, 05:08 PM   #27
Registered Member
 
Join Date: Jan 2011
Posts: 15
OS: Vista



Yes I do.
__________________
LakeShow is offline   Reply With Quote
Old 01-26-2011, 07:57 PM   #28
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



try copying and pasting this into the run box. ComboFix /uninstall
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 01-26-2011, 09:05 PM   #29
Registered Member
 
Join Date: Jan 2011
Posts: 15
OS: Vista



That worked. Thank you.

__________________
LakeShow is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 07:21 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts