Tech Support Forum banner
Cancel

Firefox google search redirects

968 Views 12 Replies 2 Participants Last post by  trevort
T
Hey, I'm using an HP laptop with Vista Home edition. I use Mozilla Firefox with Google as my homepage (I use google for everything!). I bought this computer 1.5 years ago and have never ever ever had a problem with it. That is until yesterday.

All of a sudden, when I did google searches as usual and clicked on the links, half the time it would bring me to the appropriate website but then sometimes it would redirect to some unrelated nonsense webpage. Also, occasionally a website would just pop up by itself in a new browser. Obviously I know this means my computer is infected by/with something.

So I've spent the past 2 days trying to fix the problem by myself through reading various support forums and advice given to people with similar problems. Don't worry, I didn't try to run any specialized tools or complex applications that didn't make sense to me. I just downloaded, installed and ran some basic programs: Ad-Aware, Malwarebytes, and Glary Utilities. All 3 said that they found some problems and fixed them.

But obviously the fact that I'm posting this thread means that my problem has not gone away. So could somebody please help me. Thank you very much!



DDS (Ver_10-03-17.01) - NTFSx86
Run by Trevor at 23:27:30.42 on 06/07/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3002.1654 [GMT -7:00]

AV: TELUS security services Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: TELUS security services Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
FW: TELUS security services Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\TELUS\TELUS security services\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\TELUS\TELUS security services\rps.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\System32\igfxpers.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TELUS\TELUS security services\Kav\Bin\ScanningProcess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Trevor\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\telus\telus security services\pkR.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\trevor\appdata\roaming\mozilla\firefox\profiles\juydslz7.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-5 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-12 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-12 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]
R3 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2008-10-9 111312]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

=============== Created Last 30 ================

2010-07-06 09:54:10 0 d-----w- c:\users\trevor\appdata\roaming\GlarySoft
2010-07-06 09:34:15 0 d-----w- c:\program files\Glary Utilities
2010-07-06 08:51:09 54156 ---ha-w- c:\windows\QTFont.qfn
2010-07-06 08:51:09 1409 ----a-w- c:\windows\QTFont.for
2010-07-06 07:46:27 0 d-----w- c:\programdata\LightScribe
2010-07-06 03:18:27 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-06 01:54:51 0 d-----w- c:\users\trevor\appdata\roaming\Malwarebytes
2010-07-05 23:44:52 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-05 23:40:41 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-07-05 23:40:09 0 d-----w- c:\programdata\Lavasoft
2010-07-05 23:40:09 0 d-----w- c:\program files\Lavasoft
2010-07-05 23:11:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 23:11:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 23:11:15 0 d-----w- c:\programdata\Malwarebytes
2010-07-05 23:11:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 21:16:57 50688 ----a-w- c:\windows\system32\ernel32.dll
2010-07-05 21:16:53 50688 ----a-w- c:\users\trevor\appdata\roaming\502d821c.exe
2010-07-05 20:47:46 0 d-----w- c:\users\trevor\appdata\roaming\Easy Duplicate Finder
2010-07-05 20:47:46 0 d-----w- c:\programdata\Easy Duplicate Finder
2010-07-05 20:47:41 0 d-----w- c:\program files\Easy Duplicate Finder
2010-07-05 11:32:36 0 d-----w- c:\users\trevor\appdata\roaming\JAM Software
2010-07-05 11:32:26 0 d-----w- c:\program files\JAM Software
2010-06-29 06:12:21 0 d-----w- c:\program files\Trend Micro
2010-06-28 21:49:03 0 d-----w- C:\Microgaming
2010-06-19 06:05:43 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-19 06:04:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-19 06:04:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-19 06:04:47 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:51:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat

==================== Find3M ====================

2010-07-07 05:57:18 675284 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-07 05:57:18 128422 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-07 05:36:50 1178449696 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-07-06 19:52:53 15771248 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-22 21:57:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-22 21:57:59 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-22 21:57:58 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-22 21:57:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-22 21:57:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-22 21:57:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 13:34:34 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-13 23:10:42 108296 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 00:17:59 55652 ----a-w- c:\windows\fonts\davidbd.ttf
2010-04-27 05:02:03 23113 ----a-w- c:\windows\hpqins15.dat
2010-04-27 04:56:37 77377 ----a-w- c:\windows\hpqins05.dat
2010-04-13 00:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2008-07-12 09:45:51 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-07-12 09:45:51 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-07-12 09:45:51 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-07-12 09:45:51 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-12-26 19:34:34 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-04-30 08:38:36 265465120 --sha-w- c:\windows\system32\drivers\fidbox(406).dat
2008-07-12 09:48:00 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:30:40.79 ===============

Attachments

See less See more
Save
Like
Status
Not open for further replies.
1 - 13 of 13 Posts
sjpritch25
Welcome to TSF :)

Do you still need assistance?
Save
Like
T
Yes, very much so! Just waiting patiently. :)
Save
Like
sjpritch25
Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
See less See more
Save
Like
T
Hey, I downloaded combofix but when I double click the exe nothing happens.
Save
Like
sjpritch25
How long have you waited? Did you disable your security programs?
Save
Like
T
Yup, definitely not working.
I restarted my computer, turned off everything, doubled clicked the exe on my desktop, went away for 5 minutes, came back and nothings happened.



Also, something totally unrelated which might not have anything to do with anything, but when I try to access certain websites (including techsupportforum), sometimes it will say Server Not Found and I'll have to refresh anywhere between 1-5 times before it works. I've only noticed this problem in the past few days so I'm guessing its related to my original problem.
Save
Like
sjpritch25
Please reboot your computer again, press F8 or Delete key to go to Advanced Options Menu. Scroll down and choose Safe Mode.

Try running ComboFix from there
Save
Like
T
Okay things keep getting stranger. I'll explain what happened but I would appreciate if someone would tell me WHY this is happening.

So I reboot into Safe Mode and run ComboFix, and it works, yeah! That is until it gets to the screen 'Preparing log file. Please do not run any programs until ComboFix has finished'. After a few seconds the window would just disappear and I wait and wait and nothing. So I tried restarting into Safe Mode about 4 times and everytime same thing happens. And there is no log file anywhere on my computer.

Then I restarted into Normal mode so that I could come onto these forums and post whats happened. First thing I notice is that there is an Internet Explorer icon on my desktop that shouldn't be there. Anyways, I open up Mozilla and it asks me if I would like to make this my default browser. That's strange, its been my default browser for the past 2 years.

Anyways, for some reason I decide to try ComboFix one more time. And wow, it works! So here it is:


ComboFix 10-07-08.02 - Trevor 10/07/2010 1:41.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3002.1789 [GMT -7:00]
Running from: c:\users\Trevor\Desktop\ComboFix.exe
AV: TELUS security services Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: TELUS security services Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: TELUS security services Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-10 08:57 . 2010-07-10 08:57 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-07-10 08:57 . 2010-07-10 08:57 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-07-10 08:57 . 2010-07-10 08:57 -------- d-----w- c:\users\Justin\AppData\Local\temp
2010-07-10 08:57 . 2010-07-10 08:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-10 08:57 . 2010-07-10 08:57 -------- d-----w- c:\users\Daryl\AppData\Local\temp
2010-07-10 08:30 . 2010-07-10 08:57 -------- d-----w- c:\users\Trevor\AppData\Local\temp
2010-07-07 09:56 . 2010-07-07 09:56 -------- d-----w- c:\users\Trevor\AppData\Roaming\HPAppData
2010-07-07 09:45 . 2009-05-13 21:54 685056 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report03079a8e\DivX.dll
2010-07-06 09:54 . 2010-07-06 09:54 -------- d-----w- c:\users\Trevor\AppData\Roaming\GlarySoft
2010-07-06 09:34 . 2010-07-06 09:34 -------- d-----w- c:\program files\Glary Utilities
2010-07-06 07:46 . 2010-07-06 07:46 -------- d-----w- c:\programdata\LightScribe
2010-07-06 07:35 . 2010-07-06 07:35 -------- d-----w- c:\users\Trevor\AppData\Local\Apple Computer
2010-07-06 04:51 . 2010-07-06 04:51 -------- d-----w- c:\users\Trevor\AppData\Local\Adobe
2010-07-06 03:18 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-06 01:54 . 2010-07-06 01:54 -------- d-----w- c:\users\Trevor\AppData\Roaming\Malwarebytes
2010-07-05 23:44 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-05 23:44 . 2010-07-05 23:44 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-05 23:40 . 2010-07-05 23:40 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-07-05 23:40 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-07-05 23:40 . 2010-07-05 23:44 -------- d-----w- c:\programdata\Lavasoft
2010-07-05 23:40 . 2010-07-05 23:40 -------- d-----w- c:\program files\Lavasoft
2010-07-05 23:11 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 23:11 . 2010-07-06 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 23:11 . 2010-07-05 23:11 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 23:11 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 21:07 . 2010-07-05 21:07 20992 ---ha-w- c:\users\Trevor\AppData\Roaming\Easy Duplicate Finder\edflib.dll
2010-07-05 20:47 . 2010-07-05 21:07 -------- d-----w- c:\users\Trevor\AppData\Roaming\Easy Duplicate Finder
2010-07-05 20:47 . 2010-07-05 20:47 -------- d-----w- c:\programdata\Easy Duplicate Finder
2010-07-05 20:47 . 2010-07-05 20:47 -------- d-----w- c:\program files\Easy Duplicate Finder
2010-07-05 11:32 . 2010-07-05 11:32 -------- d-----w- c:\users\Trevor\AppData\Roaming\JAM Software
2010-07-05 11:32 . 2010-07-05 11:32 -------- d-----w- c:\program files\JAM Software
2010-06-29 06:12 . 2010-06-29 06:12 388096 ----a-r- c:\users\Trevor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-29 06:12 . 2010-06-29 06:12 -------- d-----w- c:\program files\Trend Micro
2010-06-28 21:49 . 2010-06-28 21:49 -------- d-----w- C:\Microgaming
2010-06-22 00:05 . 2010-06-22 00:05 -------- d-----w- c:\program files\Common Files\Skype
2010-06-19 06:05 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-19 06:04 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-19 06:04 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-19 06:04 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:51 . 2010-06-16 05:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 08:58 . 2008-12-26 23:18 1184185888 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-07-10 08:52 . 2009-03-11 07:48 -------- d-----w- c:\users\Trevor\AppData\Roaming\DNA
2010-07-10 08:32 . 2009-03-11 07:48 -------- d-----w- c:\program files\DNA
2010-07-10 08:32 . 2009-01-10 01:36 720 ----a-w- c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-07-10 01:43 . 2008-12-26 23:18 15857024 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-07-09 23:52 . 2009-03-03 00:45 680 ----a-w- c:\users\Trevor\AppData\Local\d3d9caps.dat
2010-07-08 19:38 . 2008-07-12 09:46 675284 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-08 19:38 . 2008-07-12 09:46 128422 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-08 19:27 . 2009-05-27 18:04 -------- d-----w- c:\users\Trevor\AppData\Roaming\Creative
2010-07-07 05:36 . 2009-03-11 07:48 -------- d-----w- c:\users\Trevor\AppData\Roaming\BitTorrent
2010-07-06 08:18 . 2008-07-12 11:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 08:18 . 2008-07-12 12:26 -------- d-----w- c:\program files\CyberLink
2010-07-06 07:48 . 2009-08-28 06:48 -------- d-----w- c:\users\Trevor\AppData\Roaming\CyberLink
2010-07-06 07:00 . 2008-12-27 04:45 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-06 03:41 . 2008-12-27 04:45 -------- d-----w- c:\program files\World of Warcraft
2010-06-27 23:59 . 2008-12-26 19:16 -------- d-----w- c:\users\Trevor\AppData\Roaming\Skype
2010-06-27 23:02 . 2008-12-26 19:21 -------- d-----w- c:\users\Trevor\AppData\Roaming\skypePM
2010-06-22 00:05 . 2008-12-28 20:35 -------- d-----r- c:\program files\Skype
2010-06-22 00:04 . 2008-12-26 19:15 -------- d-----w- c:\programdata\Skype
2010-06-19 06:19 . 2010-02-16 12:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-19 06:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-26 22:24 . 2010-04-27 04:33 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-22 21:58 . 2010-05-22 21:58 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-22 21:57 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-22 21:57 . 2010-05-22 21:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-22 21:57 . 2010-05-22 21:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-22 12:08 . 2010-04-02 01:08 -------- d-----w- c:\program files\Heroes of Newerth
2010-05-21 21:14 . 2009-10-04 09:22 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 13:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-21 13:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-21 13:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-21 13:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-21 13:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-21 13:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-13 23:11 . 2010-05-13 23:11 -------- d-----w- c:\users\Justin\AppData\Roaming\HPAppData
2010-05-13 23:10 . 2010-05-13 23:10 108296 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-13 23:09 . 2008-12-28 07:37 8224 ----a-w- c:\users\Justin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-04 05:59 . 2010-06-19 06:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-19 06:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-19 06:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-19 06:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-27 06:18 . 2008-12-27 08:19 108296 ----a-w- c:\users\Trevor\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-27 05:02 . 2010-04-27 05:00 23113 ----a-w- c:\windows\hpqins15.dat
2010-04-27 04:56 . 2010-04-27 04:53 77377 ----a-w- c:\windows\hpqins05.dat
2010-04-16 01:49 . 2010-04-01 18:54 1335048 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-04-13 00:29 . 2010-05-01 00:22 411368 ----a-w- c:\windows\system32\deployJava1.dll
2008-12-26 19:34 . 2008-12-26 19:34 22 --sha-w- c:\windows\SMINST\HPCD.sys
2009-04-30 08:38 . 2008-12-26 23:18 265465120 --sha-w- c:\windows\System32\drivers\fidbox(406).dat
2008-07-12 09:48 . 2008-07-12 09:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2008-09-18 3228912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-31 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-31 169496]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-1-11 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5b,ec,54,b5,ec,f8,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2874754212-3996250518-2308262747-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2874754212-3996250518-2308262747-1002]
"EnableNotificationsRef"=dword:00000001

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1228208]
R3 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2009-09-01 111312]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 05:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-07-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-06 18:14]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\juydslz7.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\TELUS\TELUS security advisor\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 01:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2874754212-3996250518-2308262747-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
Nw� ÿ]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2874754212-3996250518-2308262747-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
Nw� ÿ\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2874754212-3996250518-2308262747-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*†NA*l*r*e*a*d*y*\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-10 02:02:15
ComboFix-quarantined-files.txt 2010-07-10 09:02

Pre-Run: 49,671,196,672 bytes free
Post-Run: 49,310,765,056 bytes free

- - End Of File - - 85DDA65C5C343D11976A38E0D2B3F01F
See less See more
Save
Like
sjpritch25
Are you still getting redirected?
Save
Like
T
Nope, its a miracle!

And my computer/internet in general seems a lot faster too.


Before closing this thread, can you please explain what the heck is going on...
Is my computer perfectly fine now?
Save
Like
sjpritch25
not really sure, ComboFix didn't detect anything, but it does reset quite a few settings. Could of been that.

Go to Start ---> Run ---> Type ComboFix /uninstall and press enter. ComboFix will be removed.
Save
Like
T
So is there anyway for me to find out what exactly (which virus/trojan/whatever) was infecting my computer and what combofix did to resolve this. And any other information I should know to keep my computer safe moving forward.

Whether or not you answer me questions, this will be my last post. Thanks a lot for the help. Feel free to terminate this thread. :)
Save
Like
1 - 13 of 13 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support

Top Contributors this Month

View All
spunk.funk
SpywareDr
Gary R
Recommended Communities
Community avatar for SkyscraperCity
SkyscraperCity
1M+ members
Community avatar for AVS Forum
AVS Forum
1M+ members
Community avatar for Climbing
Climbing
NEW!
30+ members
Top