1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser Redirect

Discussion in 'Virus & Other Malware Removal' started by tanusgreystar, Feb 26, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    My apologies for the delay. I have been very busy and forgot about your thread as I had unsubscribed. This post will automatically subscribe me again and I'll get to work on your log now.

    Thankyou for your patience.
     
  2. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    I gave you some advice about this in post #6 and also asked about your views on uninstalling the AVG products. I wouldn't actually be surprised if it was AVG causing your redirects.

    First of all, we need to disable Spybots Teatimer.

    Disable SpyBot Tea Timer
    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent some of our scanning tools from running properly.
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are declared clean.


    • Open Spybot Search & Destroy.
    • In the Mode menu click "Advanced mode" if not already selected.
    • Choose "Yes" at the Warning prompt.
    • Expand the "Tools" menu.
    • Click "Resident".
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    • In the File menu click "Exit" to exit Spybot Search & Destroy.


    ---------------------------------------------------------------------------------------------

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the box below into it:

    Code:
    Firefox::
    FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0 ... &sap=ku&q=
    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]


    Refering to the picture above, drag CFScript into ComboFix.exe

    Very Important! --> If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

    Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    ----------------------------------------------------------------------------------

    Extra Combofix Report


    • Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
    • Please copy and paste the following into the box


    Code:
    C:\Qoobox\Add-Remove Programs.txt
    • Click ok


    Copy and paste the report into this topic for me to review.
     
  3. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Ok I'll get to this within the next couple of days. I got rid of AVG using their removal tool but there may still be some of it left, like their toolbar. I'll try to get rid of that. I installed Avast and that seems to be ok so far. If I don't get to things right away, I work and go to school, so I may not get back to you as quickly as you would like. I apologize. Thanks.
     
  4. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    ComboFix 12-03-29.02 - Lyn 03/29/2012 15:23:52.2.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4345 [GMT -4:00]
    Running from: c:\users\Lyn\Desktop\ComboFix.exe
    Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-29 19:33 . 2012-03-29 19:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-03-29 19:33 . 2012-03-29 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-26 12:49 . 2012-03-26 12:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-26 12:49 . 2012-03-26 12:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-26 01:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-26 01:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-26 01:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-26 01:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-26 01:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-26 01:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-26 01:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-26 01:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-26 01:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\programdata\AVAST Software
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\program files\AVAST Software
    2012-03-11 14:27 . 2012-03-11 14:27 -------- d-----w- c:\programdata\Premium
    2012-03-11 14:25 . 2012-03-11 14:32 -------- d-----w- c:\programdata\InstallMate
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-26 21:05 . 2010-06-01 18:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-01-03 00:04 . 2012-01-03 00:04 6723368 ----a-w- c:\users\Public\InstallMyTomTomSA.exe
    2009-04-08 14:31 . 2009-04-08 14:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
    .
    [-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-26_01.14.50 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-03-29 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-03-29 19:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-03-29 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:29 . 2012-03-29 19:39 67058 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-29 19:39 49578 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-10-06 00:15 . 2012-03-29 19:39 15538 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-03-29 19:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-10-06 00:12 . 2012-03-29 19:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:12 . 2012-03-29 19:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-03-29 19:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:12 . 2012-03-29 19:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-29 19:36 . 2012-03-29 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-29 19:36 . 2012-03-29 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-12-13 00:47 . 2012-03-26 02:25 277808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2009-10-07 03:54 . 2012-03-28 22:30 349932 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:01 . 2012-03-29 19:36 401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-03-26 01:13 401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-02-06 04:55 . 2012-03-29 19:36 22641264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
    "chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-03-21 1049072]
    "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
    "Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
    "Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
    R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
    S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
    S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
    S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
    Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
    "datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
    57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
    "rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
    c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
    c:\program files (x86)\Razer\Salmosa\razertra.exe
    c:\program files (x86)\Razer\Salmosa\razerofa.exe
    c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-03-29 15:58:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-29 19:58
    ComboFix2.txt 2012-03-26 01:21
    .
    Pre-Run: 147,795,017,728 bytes free
    Post-Run: 148,084,473,856 bytes free
    .
    - - End Of File - - F2ECC7234BFD949E87B07190D09FE246

    7-Zip 4.65
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    Apple Application Support
    Apple Software Update
    ASUS CopyProtect
    ASUS Data Security Manager
    ASUS LifeFrame3
    ASUS Live Update
    ASUS MultiFrame
    ASUS SmartLogon
    ASUS Turbo Gear Enhanced VGA Driver
    ASUS Virtual Camera
    ATK Generic Function Service
    ATK Hotkey
    ATK Media
    ATKOSD2
    avast! Free Antivirus
    BitTorrent
    Canon Easy-WebPrint EX
    Canon MP Navigator EX 3.0
    Canon MP250 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    ControlDeck
    Direct Console 2.0
    Dragon Age II
    Dragon Age: Origins
    DriverTuner 3.1.0.0
    GetDislike
    GIMP 2.6.11
    Google Chrome
    Java Auto Updater
    Java(TM) 6 Update 31
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 11.0 (x86 en-US)
    MyTomTom 3.1.0.530
    NB Probe
    Net4Switch
    NetAssistant
    NetAssistant for Firefox
    Network Printer Wizard
    Networking USB Server
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenPaint
    QuickTime
    Razer Salmosa
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    SDFormatter
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    The Sims Medieval
    Turbo Gear Extreme
    UltraISO Premium V9.36
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb2410711)
    Visual Studio C++ 10.0 Runtime
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 2
    Wireless Console 3
     
  5. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    Please follow the instructions here to disable Windows Defender. Its not neccessary and may even cause conflicts with Avast.

    ---------------------------------------------------------------------------------------------

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the box below into it:

    Code:
    Driver::
    vToolbarUpdater10.2.0
    
    Folder::
    c:\program files (x86)\Common Files\AVG Secure Search
    
    DDS::
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]


    Refering to the picture above, drag CFScript into ComboFix.exe

    Very Important! --> If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

    Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    ----------------------------------------------------------------------------------

    I notice that you have Malwarebytes Antimalware (MBAM) installed
    I want you to run a scan for me.
    First I want you to update MBAM so we have the latest definitions onboard.....

    Please open Malwarebytes Antimalware
    Now click on the update tab
    Next - Click on the Check for updates button

    • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    -----------------------------------------------------------------------

    Download Security Check by screen317 from here or here.



    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  6. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Windows Defender doesn't appear on my programs list for some reason.

    LOGS

    ComboFix 12-03-29.02 - Lyn 03/31/2012 11:04:03.3.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4704 [GMT -4:00]
    Running from: c:\users\Lyn\Desktop\ComboFix.exe
    Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Common Files\AVG Secure Search
    c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\10.0.6\CommonInstaller.exe
    c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\10.2.0\CommonInstaller.exe
    c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\9.0.1\CommonInstaller.exe
    c:\program files (x86)\Common Files\AVG Secure Search\InstalledProducts.ini
    c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\10.0.6\ScriptHelper.exe
    c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\10.2.0\ScriptHelper.exe
    c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1\ScriptHelper.exe
    c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\10.0.6\toolband
    c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\10.2.0\toolband
    c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband
    c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\UpdaterConfig.ini
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\UpdaterConfig.ini
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_vToolbarUpdater10.2.0
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-31 15:14 . 2012-03-31 15:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-03-31 15:14 . 2012-03-31 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-26 12:49 . 2012-03-26 12:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-26 12:49 . 2012-03-26 12:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-26 01:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-26 01:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-26 01:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-26 01:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-26 01:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-26 01:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-26 01:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-26 01:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-26 01:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\programdata\AVAST Software
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\program files\AVAST Software
    2012-03-11 14:27 . 2012-03-11 14:27 -------- d-----w- c:\programdata\Premium
    2012-03-11 14:25 . 2012-03-11 14:32 -------- d-----w- c:\programdata\InstallMate
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-26 21:05 . 2010-06-01 18:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-01-03 00:04 . 2012-01-03 00:04 6723368 ----a-w- c:\users\Public\InstallMyTomTomSA.exe
    2009-04-08 14:31 . 2009-04-08 14:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
    .
    [-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-26_01.14.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-03-31 15:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-03-31 15:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-03-31 15:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:29 . 2012-03-29 19:39 67058 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-31 15:17 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-10-06 00:15 . 2012-03-31 11:19 15594 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
    + 2009-10-06 03:07 . 2012-03-29 20:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 03:07 . 2012-03-06 14:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 03:07 . 2012-03-29 20:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-10-06 03:07 . 2012-03-06 14:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-03-29 20:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-06 14:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:12 . 2012-03-31 15:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-03-31 15:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-10-06 00:12 . 2012-03-31 15:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-03-31 15:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-03-31 15:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-31 15:15 . 2012-03-31 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-03-31 15:15 . 2012-03-31 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-12-13 00:47 . 2012-03-26 02:25 277808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2009-10-07 03:54 . 2012-03-31 02:04 355190 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-08-03 17:13 . 2012-03-18 21:07 732750 c:\windows\system32\perfh019.dat
    + 2009-08-03 17:13 . 2012-03-31 13:35 732750 c:\windows\system32\perfh019.dat
    + 2009-07-14 02:36 . 2012-03-31 13:35 670178 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-03-18 21:07 670178 c:\windows\system32\perfh009.dat
    + 2009-08-03 17:13 . 2012-03-31 13:35 154362 c:\windows\system32\perfc019.dat
    - 2009-08-03 17:13 . 2012-03-18 21:07 154362 c:\windows\system32\perfc019.dat
    - 2009-07-14 02:36 . 2012-03-18 21:07 125322 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-03-31 13:35 125322 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-03-26 01:13 401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-03-31 15:14 401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:34 . 2012-03-29 21:11 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2012-03-15 13:15 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-02-06 04:55 . 2012-03-31 15:14 23000575 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [BU]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
    "chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-03-27 1224176]
    "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
    "Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
    "Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
    R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
    S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
    S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "combofix"="c:\combofix\CF2790.3XE" [2009-07-14 344576]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
    "datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
    57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
    "rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
    c:\program files (x86)\Razer\Salmosa\razertra.exe
    c:\program files (x86)\Razer\Salmosa\razerofa.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-31 11:32:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-31 15:32
    ComboFix2.txt 2012-03-29 19:58
    ComboFix3.txt 2012-03-26 01:21
    .
    Pre-Run: 146,155,274,240 bytes free
    Post-Run: 145,550,991,360 bytes free
    .
    - - End Of File - - 17AC041E8E740F2A79426D5619D0A81C
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.31.08

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Lyn :: LYN-PC [administrator]

    3/31/2012 11:33:53 AM
    mbam-log-2012-03-31 (11-33-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216476
    Time elapsed: 3 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    Results of screen317's Security Check version 0.99.32
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SpywareBlaster 4.6
    Spybot - Search & Destroy
    Java(TM) 6 Update 31
    Adobe Flash Player 11.1.102.55
    Adobe Reader 9 Adobe Reader out of date!
    Mozilla Firefox (11.0.)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````

    THANKS!!
     
  7. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    Ok, lets deal with that first.


    • Please press the [​IMG] + R key and copy/paste or type services.msc into the run dialogue box.
    • The services window should open. Check to see if Windows Defender is present in the list.
    • Assuming it is, right click Windows Defender and select properties.
    • Click the down arrow next to startup type and select disabled.
    • Let me know if you had any problems with this.


    ---------------------------------------------------------------------------------------------

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the box below into it:

    Code:
    Folder::
    c:\programdata\Premium
    c:\programdata\InstallMate
    c:\program files (x86)\AVG Secure Search
    
    Registry::
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
    [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]


    Refering to the picture above, drag CFScript into ComboFix.exe

    Very Important! --> If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

    Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    ----------------------------------------------------------------------------------
     
  8. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi, do you still require assistance?

    If you do not reply within 24 hours I will have to unsubscribe from this thread and wont be notified about any new replies.
     
  9. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Hi yes I still require assistance. Sorry I didn't get back to you sooner. I will do that tonight and reply. Thanks.
     
  10. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    ComboFix 12-04-05.09 - Lyn 04/05/2012 19:28:15.4.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4388 [GMT -4:00]
    Running from: c:\users\Lyn\Desktop\ComboFix.exe
    Command switches used :: c:\users\Lyn\Desktop\New folder\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\InstallMate
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setup.dll
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setupx.dll
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\0.ini
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120311102543.log
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.dat
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.ico
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\TsuDll.dll
    c:\programdata\Premium
    c:\users\Public\SecurityCheck.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-05 23:37 . 2012-04-05 23:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-05 23:37 . 2012-04-05 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-26 12:49 . 2012-03-26 12:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-26 12:49 . 2012-03-26 12:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-26 01:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-26 01:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-26 01:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-26 01:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-26 01:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-26 01:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-26 01:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-26 01:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-26 01:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\programdata\AVAST Software
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\program files\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-26 21:05 . 2010-06-01 18:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2009-04-08 14:31 . 2009-04-08 14:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
    .
    [-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-26_01.14.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-04-05 23:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-04-05 23:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-05 23:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:29 . 2012-04-05 23:40 67546 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-05 11:07 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-10-06 00:15 . 2012-04-05 11:07 15750 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
    + 2010-05-13 01:04 . 2010-04-24 09:00 28672 c:\windows\system32\spool\prtprocs\x64\1_CNMPD9W.DLL
    - 2009-10-06 03:07 . 2012-03-06 14:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 03:07 . 2012-04-03 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 03:07 . 2012-03-06 14:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-10-06 03:07 . 2012-04-03 12:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-03 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-06 14:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-04-05 23:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-10-06 00:12 . 2012-04-05 23:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:12 . 2012-04-05 23:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-04-05 23:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-04-05 23:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-05 23:38 . 2012-04-05 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-05 23:38 . 2012-04-05 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-12-13 00:47 . 2012-03-26 02:25 277808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2009-10-07 03:54 . 2012-04-03 16:31 356438 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-08-03 17:13 . 2012-03-18 21:07 732750 c:\windows\system32\perfh019.dat
    + 2009-08-03 17:13 . 2012-04-01 19:05 732750 c:\windows\system32\perfh019.dat
    - 2009-07-14 02:36 . 2012-03-18 21:07 670178 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-01 19:05 670178 c:\windows\system32\perfh009.dat
    + 2009-08-03 17:13 . 2012-04-01 19:05 154362 c:\windows\system32\perfc019.dat
    - 2009-08-03 17:13 . 2012-03-18 21:07 154362 c:\windows\system32\perfc019.dat
    + 2009-07-14 02:36 . 2012-04-01 19:05 125322 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-03-18 21:07 125322 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-04-05 23:37 401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-03-26 01:13 401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 02:34 . 2012-03-15 13:15 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-03-31 18:38 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-02-06 04:55 . 2012-04-05 23:37 29719066 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
    "chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-03-27 1224176]
    "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
    "Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
    "Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
    R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
    S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
    S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
    "datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
    57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
    "rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
    c:\program files (x86)\Razer\Salmosa\razertra.exe
    c:\program files (x86)\Razer\Salmosa\razerofa.exe
    c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-04-05 19:56:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-05 23:56
    ComboFix2.txt 2012-03-31 15:32
    ComboFix3.txt 2012-03-29 19:58
    ComboFix4.txt 2012-03-26 01:21
    .
    Pre-Run: 145,223,303,168 bytes free
    Post-Run: 145,032,863,744 bytes free
    .
    - - End Of File - - B8F13CCD549066BE423F9B490F3D3B42
     
  11. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    It looks like you didn't manage to disable Defender. Did you have problems?

    Your Internet Explorer is out of date. Even if you don't use the browser, it is very important that you have the latest version.
    Go here and download and install Internet Explorer 9.

    ---------------------------------------------------------------------------------------------------

    Your Adobe Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Adobe Reader is a large program and if you prefer a smaller program you can get Foxit 2.0 here.

    There is a newer version of Adobe Reader available.



    • Please go to this link Adobe Reader Download Link
    • Untick any program(s) you do not wish to include in the installation.
    • Click Download Now
    • Follow all on screen prompts




    When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

    ---------------------------------------------------------------------------------------------------

    One more scan to be sure theres nothing lurking.

    Go here to run an online scannner from ESET.
    • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic and also let me know how things are now.


    Also, please let me know how the system is running now.
     
  12. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
  13. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Apologies, I forgot you are running 64bit.

    The correct link >> http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=23332

    Regarding the redirecting, do you have a router? If you do, please let me know what make/model in your next post.
     
  14. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
    C:\Users\Lyn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-4f2203ce Java/TrojanDownloader.OpenStream.NCM trojan
    C:\Users\Lyn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6bb753eb-5a6923a2 Java/Agent.DR trojan
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe a variant of Win32/SoftonicDownloader.A application
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe a variant of Win32/SoftonicDownloader.A application
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe a variant of Win32/SoftonicDownloader.A application
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe a variant of Win32/SoftonicDownloader.A application
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe a variant of Win32/SoftonicDownloader.A application

    I have a Linksys E1000
     
  15. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the box below into it:

    Code:
    ClearJavaCache::
    
    http://forums.techguy.org/virus-other-malware-removal/1042798-browser-redirect.html
    
    suspect::[71]
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe
    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]


    Refering to the picture above, drag CFScript into ComboFix.exe

    Very Important! --> If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

    Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    ----------------------------------------------------------------------------------

    Softonic Downloader is obviously downloading files from dubious sources. I would advise you to cease using it. I actually struggled to find negative feedback about this but I did find some interesting reading here.

    I believe Microsoft Windows is perfectly capable of downloading software without the help of these so called download managers. I'm not sure how it is installed as I don't see anything in your logs so if you agree that you'd rather remove it, I need you to run this small tool.

    Please download SystemLook from one of the links below and save it to your Desktop.

    Download Mirror #1
    Download Mirror #2



    • Double-click SystemLook.exe to run it.
    • Copy the contents of the following codebox into the main textfield:

      Code:
      :filefind
      **softonic**
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    ---------------------------------------------------------------------------------

    As I said earlier, if you are still having redirect issues, it may be that your router has been hijacked so we need to reset it to factory defaults.


    • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
    • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
    • If you don’t know the router's default password, you can look it up. HERE
    • You also need to reconfigure any security settings you had in place prior to the reset.
    • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.


    Let me know if you are still being redirected.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1042798