Author Topic: [In progress G]HijackThis log - Crazy Search Hijack Problem  (Read 2534 times)

0 Members and 1 Guest are viewing this topic.

Offline jillcatherine

  • Bronze Member
  • Posts: 11
[In progress G]HijackThis log - Crazy Search Hijack Problem
« on: November 08, 2011, 06:48:39 pm »
Ok, so I have the malware from the darkest places of the earth on my computer, and the wonderful woman at Dell Forums told me you guys were the folks to help.  :p

It has just about driven me batty. No scan can detect it, but it's taken over all of my browsers. It starts up new tabs (pop up search pages), blocks my access to websites that can help and therefore my own research on how to remove, it will not let me start my windows firewall, it will not let me install AVG, but I have run Webroot Spy Sweeper and Spybot.

Here is my Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:44:32 PM, on 11/6/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal
Running processes:
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfPro5Hook.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PDFHook] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe"
O4 - HKLM\..\Run: [PDF5 Registry Controller] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe"
O4 - HKLM\..\Run: [RUNUPDATER] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe"
O4 - HKLM\..\Run: [Dell 1355 MFP Launcher] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" /Run
O4 - HKLM\..\Run: [Dell 1355 MFP RUN] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe"
O4 - HKLM\..\Run: [StatusAutoRun] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" RUNSTART
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - Invalid registry found
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dell 1355cn Status Database (DLNADB) - Unknown owner - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Parental Controls  (WPCSvc32) - Unknown owner - C:\Windows\system32\qdvd32.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
« Last Edit: November 08, 2011, 07:07:32 pm by gahixon1 »



Offline gahixon1

  • Malware Removal Staff
  • Silver Member
  • Posts: 819
Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
« Reply #1 on: November 08, 2011, 07:10:20 pm »
Hello Jillcatherine and welcome to the Forums,

My name is George and I will be assisting you with your problem.
 
Please follow all my instructions carefully in the order that I give them. 

Please give a VERY clear description of the problem you are having. The more detailed, the quicker we will be able to work through the problem together.

Do not install any updates until I tell you to do so. Updating an infected computer can have disastrous effects.

Do not attempt any other fixes than what I give you here. Using other tools might interfere with the cleaning process. It may also damage your computer.

Please stick with me until the end. Just because your computer is no longer showing signs of malware, does not mean you are protected.

Either print or save to Notepad all the instructions that I give you. If there is anything you are unsure of or any instructions you feel lack clarity, please do not hesitate to ask.

Some of the logs I may ask for are very long and complex. As is analysing these logs. My responses to you may take longer than you would expect. I assure you that I will work through your problem and a solution as quick as I can.

Please be patient while I determine my first set of instructions.

Step 1
ATF Cleaner

Please download ATF Cleaner by Atribune.

This program is for Windows 98/ME/2K/XP and Vista

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

 Step 2
Run Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
    Step 3
    DDS
    We need to see some additional information about what is happening in your machine. 
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.  Save it to your desktop.
      • DDS.com
      • DDS.scr
      • DDS.pif

      • Double click on the DDS icon, allow it to run.
      • A small box will open, with an explanation about the tool.   
      • When done, DDS will open two (2) logs

               1. DDS.txt
               2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.

     
    • Instead of attaching, please copy/paste both logs into your next reply.

      Please note:  You may have to disable any script protection running if the scan fails to run.
      After downloading the tool, disconnect from the internet and disable all antivirus protection.
      Run the scan, enable your A/V and reconnect to the internet. 
      Information on A/V control HERE

      In your next reply can I have:
      DDS.txt
      Attach.txt
      The MBAM log and any issues you may have had.



    Graduate of SHA Academy

    Offline jillcatherine

    • Bronze Member
    • Posts: 11
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #2 on: November 09, 2011, 11:32:14 am »
    AWESOME. Will do. I am at your command!!!   :ty

    I will be working from home tomorrow and will be able to follow all of your steps, then will repost with my results and the files you requested!!

    Thanks again!!!

    Jill


    Offline gahixon1

    • Malware Removal Staff
    • Silver Member
    • Posts: 819
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #3 on: November 09, 2011, 01:04:48 pm »
    Thanks for the update,

    George
    Graduate of SHA Academy

    Offline jillcatherine

    • Bronze Member
    • Posts: 11
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #4 on: November 09, 2011, 04:55:37 pm »
    Hi George,

    I was able to get started early. Step 1 regarding ATF Cleaner... I have windows 7. Is there an alternative or do I skip that step? I look forward to hearing from you.

    Thanks,
    Jill

    PS: Most prevalent symptom right now... ANY search results must have the address to the site I wish to go to pasted directly into the address bar, otherwise I am redirected to famous search, marvelous search systems, etc.


    Offline gahixon1

    • Malware Removal Staff
    • Silver Member
    • Posts: 819
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #5 on: November 10, 2011, 07:22:46 am »
    Hi,

    That is the standard behaviour, of a search redirect hijacker. Don't worry we should be able to get the problem sorted. Please ignore the ATF instruction, and continue with the others.

    Thanks,

    George
    Graduate of SHA Academy

    Offline jillcatherine

    • Bronze Member
    • Posts: 11
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #6 on: November 10, 2011, 10:23:47 am »
    Ok, here is everything. Malwarebytes found nothing.  :h Thanks for your support. I greatly appreciate it!

    DDS.txt log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Jill at 8:16:09 on 2011-11-10
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3893.2452 [GMT -8:00]
    .
    AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
    SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfPro5Hook.exe
    C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
    C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1AW.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Awj.exe
    C:\Windows\system32\conhost.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
    uRun: [AdobeBridge]
    uRun: [SpybotSD TeaTimer] "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
    uRun: [Akamai NetSession Interface] C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun: [IndexSearch] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe"
    mRun: [PaperPort PTD] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe"
    mRun: [PDFHook] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe"
    mRun: [PDF5 Registry Controller] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe"
    mRun: [RUNUPDATER] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe"
    mRun: [Dell 1355 MFP Launcher] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" /Run
    mRun: [Dell 1355 MFP RUN] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe"
    mRun: [StatusAutoRun] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" RUNSTART
    mRun: [RIMBBLaunchAgent.exe] "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Jill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\Jill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    LSP: mswsock.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0BE3ACB9-3CE2-4458-8981-109DFDFDBDBC} : DhcpNameServer = 192.168.1.1
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64:     AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64:     SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun-x64: [IndexSearch] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe"
    mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe"
    mRun-x64: [PDFHook] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe"
    mRun-x64: [PDF5 Registry Controller] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe"
    mRun-x64: [RUNUPDATER] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe"
    mRun-x64: [Dell 1355 MFP Launcher] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" /Run
    mRun-x64: [Dell 1355 MFP RUN] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe"
    mRun-x64: [StatusAutoRun] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" RUNSTART
    mRun-x64: [RIMBBLaunchAgent.exe] "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-9 98208]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 DLNADB;Dell 1355cn Status Database;C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [2010-9-29 89920]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
    R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [2010-6-14 144672]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-15 1153368]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-9 705856]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-9 2320920]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]
    R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-9-15 1201640]
    R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-26 136176]
    S2 WPCSvc32;Parental Controls ;C:\Windows\system32\qdvd32.exe --> C:\Windows\system32\qdvd32.exe [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-26 136176]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-10 16:09:51   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-10 15:56:35   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF891DF7-1089-426C-B4D8-B62921B3AED5}\offreg.dll
    2011-11-10 00:01:18   --------   d-----w-   C:\Users\Jill\AppData\Local\Akamai
    2011-11-09 02:23:48   886784   ----a-w-   C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 02:23:47   708608   ----a-w-   C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 02:23:46   1897328   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 02:23:43   3141120   ----a-w-   C:\Windows\System32\win32k.sys
    2011-11-09 02:18:47   8570192   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF891DF7-1089-426C-B4D8-B62921B3AED5}\mpengine.dll
    2011-11-06 22:38:58   --------   d--h--w-   C:\ProgramData\Common Files
    2011-11-06 22:36:24   --------   d-----w-   C:\ProgramData\MFAData
    2011-11-03 21:41:07   --------   d-----w-   C:\Windows\System32\MpEngineStore
    2011-10-30 18:06:02   --------   d-----w-   C:\Users\Jill\AppData\Roaming\OpenOffice.org
    2011-10-30 17:59:13   --------   d-----w-   C:\Program Files (x86)\OpenOffice.org 3
    2011-10-26 22:03:15   6144   ----a-w-   C:\Program Files\Internet Explorer\iecompat.dll
    2011-10-26 22:03:15   6144   ----a-w-   C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2011-10-26 06:16:19   0   ----a-w-   C:\Windows\SysWow64\shoA1F9.tmp
    2011-10-25 05:45:51   --------   d-sh--w-   C:\Windows\System32\%APPDATA%
    2011-10-25 05:42:39   --------   d-----we   C:\Windows\system64
    2011-10-25 05:40:34   --------   d-sh--w-   C:\Users\Jill\AppData\Local\7f725c16
    .
    ==================== Find3M  ====================
    .
    2011-10-27 21:14:30   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-04 04:49:54   0   ----a-w-   C:\Windows\SysWow64\sho10BA.tmp
    2011-10-03 13:06:03   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
    2011-10-01 03:21:20   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
    2011-09-01 01:00:50   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
    2011-08-27 05:40:28   861184   ----a-w-   C:\Windows\System32\oleaut32.dll
    2011-08-27 05:40:28   331776   ----a-w-   C:\Windows\System32\oleacc.dll
    2011-08-27 04:43:07   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
    2011-08-20 05:45:20   1197568   ----a-w-   C:\Windows\System32\wininet.dll
    2011-08-20 05:41:16   57856   ----a-w-   C:\Windows\System32\licmgr10.dll
    2011-08-20 04:38:10   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
    2011-08-20 04:35:20   44544   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
    2011-08-20 04:20:23   482816   ----a-w-   C:\Windows\System32\html.iec
    2011-08-20 03:26:38   386048   ----a-w-   C:\Windows\SysWow64\html.iec
    2011-08-17 05:32:24   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
    2011-08-17 05:27:46   75776   ----a-w-   C:\Windows\System32\MSDvbNP.ax
    2011-08-17 05:27:46   288256   ----a-w-   C:\Windows\System32\MSNP.ax
    2011-08-17 05:27:46   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
    2011-08-17 05:27:46   104960   ----a-w-   C:\Windows\System32\Mpeg2Data.ax
    2011-08-17 04:26:02   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
    2011-08-17 04:22:23   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
    2011-08-17 04:22:23   72704   ----a-w-   C:\Windows\SysWow64\Mpeg2Data.ax
    2011-08-17 04:22:23   59904   ----a-w-   C:\Windows\SysWow64\MSDvbNP.ax
    2011-08-17 04:22:23   204288   ----a-w-   C:\Windows\SysWow64\MSNP.ax
    .
    ============= FINISH:  8:18:40.93 ===============

    Attach.txt log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/26/2010 6:15:41 PM
    System Uptime: 11/10/2011 7:53:15 AM (1 hours ago)
    .
    Motherboard: Dell Inc. |  | 08VFX1
    Processor: Intel(R) Core(TM) i3 CPU       M 370  @ 2.40GHz | U2E1 | 911/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 307.118 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Windows Firewall Authorization Driver
    Device ID: ROOT\LEGACY_MPSDRV\0000
    Manufacturer:
    Name: Windows Firewall Authorization Driver
    PNP Device ID: ROOT\LEGACY_MPSDRV\0000
    Service: mpsdrv
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: LogMeIn Kernel Information Provider
    Device ID: ROOT\LEGACY_LMIINFO\0000
    Manufacturer:
    Name: LogMeIn Kernel Information Provider
    PNP Device ID: ROOT\LEGACY_LMIINFO\0000
    Service: LMIInfo
    .
    ==== System Restore Points ===================
    .
    RP164: 10/31/2011 8:00:32 PM - Windows Backup
    RP165: 10/31/2011 9:11:54 PM - Windows Update
    RP166: 11/1/2011 2:37:14 PM - Windows Update
    RP167: 11/3/2011 2:56:35 PM - Windows Update
    RP168: 11/4/2011 8:50:42 AM - Windows Update
    RP169: 11/6/2011 3:05:19 PM - Installed Java(TM) 6 Update 29
    RP170: 11/7/2011 8:00:15 PM - Windows Backup
    RP171: 11/8/2011 6:17:12 PM - Windows Update
    RP172: 11/8/2011 8:00:38 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    3DVIA player 5.0
    ABBYY FineReader 6.0 Sprint
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 9.1.2
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    AIM 7
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AOL Messaging Toolbar
    Apple Application Support
    Apple Software Update
    Bing Bar
    BlackBerry Desktop Software 6.0.1
    BlackBerry Device Software Updater
    BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone
    Consumer In-Home Service Agreement
    Cozi
    Dell 1355cn/1355cnw Color MFP
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Toolbar
    Dell Webcam Central
    Download Updater (AOL LLC)
    EA Download Manager
    Google Chrome
    Google Update Helper
    GoToAssist 8.0.0.514
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 29
    Junk Mail filter update
    LeapFrog Connect
    LeapFrog Leapster2 Plugin
    LeapFrog Tag Plugin
    LoJack Factory Installer
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Choice Guard
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Nuance PaperPort 12
    Nuance PDF Viewer Plus
    OpenOffice.org 3.3
    PDF Settings CS5
    PxMergeModule
    Quicken 2008
    Quicken 2011
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Burn
    Scansoft PDF Professional
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Skype Toolbars
    Skype™ 4.2
    Spy Sweeper Core
    Spybot - Search & Destroy
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Late Night
    The Sims™ 3 World Adventures
    TurboTax 2010
    TurboTax 2010 wcaiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    Visual Studio 2008 x64 Redistributables
    Webroot AntiVirus with Spy Sweeper
    WildTangent Games
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2011 4:01:58 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error:  An instance of the service is already running.
    11/9/2011 4:01:57 PM, Error: Service Control Manager [7031]  - The Akamai NetSession Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
    11/6/2011 2:47:00 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The data is invalid.
    11/10/2011 7:56:12 AM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    11/10/2011 7:53:40 AM, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
    11/10/2011 7:53:37 AM, Error: Service Control Manager [7001]  - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:  Cannot create a file when that file already exists.
    11/10/2011 7:53:37 AM, Error: Service Control Manager [7000]  - The Windows Firewall Authorization Driver service failed to start due to the following error:  Cannot create a file when that file already exists.
    11/10/2011 7:53:33 AM, Error: Service Control Manager [7000]  - The Dock Login Service service failed to start due to the following error:  The system cannot find the file specified.
    .
    ==== End Of File ===========================

    MBAM Log:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8132

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/10/2011 8:13:31 AM
    mbam-log-2011-11-10 (08-13-31).txt

    Scan type: Quick scan
    Objects scanned: 199332
    Time elapsed: 2 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Offline gahixon1

    • Malware Removal Staff
    • Silver Member
    • Posts: 819
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #7 on: November 11, 2011, 11:05:41 am »
    Hi Jillcatherine,

    I'd like you to run this program next please.

    Step 3
    ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:


        * Double click on combofix.exe & follow the prompts.
        * XP Users ONLY - When prompted, please allow CF to install the Recovery Console.
        * When finished, it will produce a logfile located at C:\ComboFix.txt.
        * Post the contents of that log in your next reply with a new DDS log.

    Note: ComboFix will open a window which will detail its progress.  It may take several minutes to complete.  Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

    *Note: Combofix is an extremely powerful tool and should not be used unsupervised. If used inappropriately it can cause irreparable damage to your computer.*

    In your next reply:
    Combofix.txt
    Graduate of SHA Academy

    Offline jillcatherine

    • Bronze Member
    • Posts: 11
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #8 on: November 11, 2011, 07:38:08 pm »
    Thanks George.

    ComboFix 11-11-11.06 - Jill 11/11/2011  17:14:36.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3893.2361 [GMT -8:00]
    Running from: c:\users\Jill\Desktop\ComboFix.exe
    AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
    SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Chris\AppData\Roaming\Adobe\shed
    c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}
    c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\chrome.manifest
    c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\chrome\xulcache.jar
    c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\defaults\preferences\xulcache.js
    c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\install.rdf
    c:\users\Jill\Adobe_Creative_Suite_5_Master_Collection-AkamaiDLM.exe
    c:\users\Jill\FullTiltSetup.exe
    c:\windows\assembly\tmp\U
    c:\windows\assembly\tmp\U\000000c0.@
    c:\windows\assembly\tmp\U\000000cb.@
    c:\windows\assembly\tmp\U\000000cf.@
    c:\windows\assembly\tmp\U\80000000.@
    c:\windows\assembly\tmp\U\800000c0.@
    c:\windows\assembly\tmp\U\800000cb.@
    c:\windows\assembly\tmp\U\800000cf.@
    c:\windows\system32\consrv.dll
    c:\windows\System64
    .
    .
    (((((((((((((((((((((((((   Files Created from 2011-10-12 to 2011-11-12  )))))))))))))))))))))))))))))))
    .
    .
    2011-11-11 16:02 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBFC259C-66D4-404E-BC66-2C37D4EEB413}\mpengine.dll
    2011-11-10 16:09 . 2011-11-10 16:09   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-10 00:01 . 2011-11-11 16:02   --------   d-----w-   c:\users\Jill\AppData\Local\Akamai
    2011-11-09 02:23 . 2011-10-01 05:28   886784   ----a-w-   c:\program files\Common Files\System\wab32.dll
    2011-11-09 02:23 . 2011-10-01 04:43   708608   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 02:23 . 2011-09-29 16:24   1897328   ----a-w-   c:\windows\system32\drivers\tcpip.sys
    2011-11-09 02:23 . 2011-09-29 04:09   3141120   ----a-w-   c:\windows\system32\win32k.sys
    2011-11-06 23:14 . 2011-11-06 23:14   --------   d-----w-   c:\program files (x86)\Common Files\Java
    2011-11-06 22:38 . 2011-11-06 22:38   --------   d--h--w-   c:\programdata\Common Files
    2011-11-06 22:36 . 2011-11-06 22:39   --------   d-----w-   c:\programdata\MFAData
    2011-11-03 21:41 . 2011-11-03 19:47   --------   d-----w-   c:\windows\system32\MpEngineStore
    2011-10-30 18:06 . 2011-10-30 18:06   --------   d-----w-   c:\users\Jill\AppData\Roaming\OpenOffice.org
    2011-10-30 17:59 . 2011-10-30 17:59   --------   d-----w-   c:\program files (x86)\OpenOffice.org 3
    2011-10-26 23:40 . 2011-10-26 23:40   --------   d-----w-   c:\windows\system32\Macromed
    2011-10-26 22:03 . 2011-08-15 05:08   6144   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
    2011-10-26 22:03 . 2011-08-15 04:25   6144   ----a-w-   c:\program files (x86)\Internet Explorer\iecompat.dll
    2011-10-26 06:16 . 2011-10-26 06:16   0   ----a-w-   c:\windows\SysWow64\shoA1F9.tmp
    2011-10-25 05:45 . 2011-10-25 05:45   --------   d-sh--w-   c:\windows\system32\%APPDATA%
    2011-10-25 05:40 . 2011-10-25 05:40   --------   d-sh--w-   c:\users\Jill\AppData\Local\7f725c16
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-10 16:16 . 2011-04-26 10:29   159080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    2011-10-27 21:14 . 2011-07-26 20:47   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-04 04:49 . 2011-10-04 04:49   0   ----a-w-   c:\windows\SysWow64\sho10BA.tmp
    2011-10-03 13:06 . 2010-10-10 03:28   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
    2011-10-01 03:21 . 2011-10-11 21:58   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
    2011-10-01 02:59 . 2011-10-11 21:58   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
    2011-09-15 16:43 . 2011-09-15 16:43   388096   ----a-r-   c:\users\Jill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-01 01:00 . 2011-07-12 23:53   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2011-08-27 05:40 . 2011-10-11 21:58   331776   ----a-w-   c:\windows\system32\oleacc.dll
    2011-08-27 05:40 . 2011-10-11 21:58   861184   ----a-w-   c:\windows\system32\oleaut32.dll
    2011-08-27 04:43 . 2011-10-11 21:58   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:43 . 2011-10-11 21:58   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
    2011-08-20 05:45 . 2011-10-11 21:58   1197568   ----a-w-   c:\windows\system32\wininet.dll
    2011-08-20 05:41 . 2011-10-11 21:58   57856   ----a-w-   c:\windows\system32\licmgr10.dll
    2011-08-20 04:38 . 2011-10-11 21:58   981504   ----a-w-   c:\windows\SysWow64\wininet.dll
    2011-08-20 04:35 . 2011-10-11 21:58   44544   ----a-w-   c:\windows\SysWow64\licmgr10.dll
    2011-08-20 04:20 . 2011-10-11 21:58   482816   ----a-w-   c:\windows\system32\html.iec
    2011-08-20 03:26 . 2011-10-11 21:58   386048   ----a-w-   c:\windows\SysWow64\html.iec
    2011-08-17 05:32 . 2011-10-11 21:58   613888   ----a-w-   c:\windows\system32\psisdecd.dll
    2011-08-17 05:27 . 2011-10-11 21:58   288256   ----a-w-   c:\windows\system32\MSNP.ax
    2011-08-17 05:27 . 2011-10-11 21:58   108032   ----a-w-   c:\windows\system32\psisrndr.ax
    2011-08-17 05:27 . 2011-10-11 21:58   75776   ----a-w-   c:\windows\system32\MSDvbNP.ax
    2011-08-17 05:27 . 2011-10-11 21:58   104960   ----a-w-   c:\windows\system32\Mpeg2Data.ax
    2011-08-17 04:26 . 2011-10-11 21:58   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
    2011-08-17 04:22 . 2011-10-11 21:58   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
    2011-08-17 04:22 . 2011-10-11 21:58   72704   ----a-w-   c:\windows\SysWow64\Mpeg2Data.ax
    2011-08-17 04:22 . 2011-10-11 21:58   59904   ----a-w-   c:\windows\SysWow64\MSDvbNP.ax
    2011-08-17 04:22 . 2011-10-11 21:58   204288   ----a-w-   c:\windows\SysWow64\MSNP.ax
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
    @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
    [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
    2009-11-06 22:14   238968   ----a-w-   c:\program files (x86)\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
    "Akamai NetSession Interface"="c:\users\Jill\AppData\Local\Akamai\netsession_win.exe" [2011-11-11 3303000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "IndexSearch"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe" [2010-06-15 46368]
    "PaperPort PTD"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe" [2010-06-15 29984]
    "PDFHook"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe" [2010-03-06 636192]
    "PDF5 Registry Controller"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe" [2010-03-06 62752]
    "RUNUPDATER"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe" [2010-09-29 465728]
    "Dell 1355 MFP Launcher"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" [2010-09-29 920384]
    "Dell 1355 MFP RUN"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe" [2010-09-29 2481472]
    "StatusAutoRun"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" [2010-09-29 3789120]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys

    R2 WPCSvc32;Parental Controls ;c:\windows\system32\qdvd32.exe

    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys

    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

    S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
    S2 DLNADB;Dell 1355cn Status Database;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [2010-09-29 89920]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [2010-06-15 144672]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
    S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-09-15 1201640]
    S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys

    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys

    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys

    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai   REG_MULTI_SZ      Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 20:47]
    .
    2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 20:47]
    .
    2011-11-11 c:\windows\Tasks\wrSpySweeper_L4AB1FED886DF465B82B934EC9A5405B0.job
    - c:\program files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2011-09-15 22:19]
    .
    2011-11-11 c:\windows\Tasks\wrSpySweeper_L4AB1FED886DF465B82B934EC9A5405B0.job
    - c:\program files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2011-09-15 22:19]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "combofix"="c:\combofix\CF21472.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SYSTEM32\blank.htm
    IE: Open with PDF Viewer Plus - c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Notify-GoToAssist - (no file)
    Notify-igfxcui - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-QuickSet - c:\program files\Dell\QuickSet\QuickSet.exe
    HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
    c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files (x86)\Internet Explorer\IELowutil.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-11  17:35:04 - machine was rebooted
    ComboFix-quarantined-files.txt  2011-11-12 01:35
    .
    Pre-Run: 330,896,994,304 bytes free
    Post-Run: 330,864,975,872 bytes free
    .
    - - End Of File - - 9AFD23A2C8354716021DA15E8B44715A

    Offline gahixon1

    • Malware Removal Staff
    • Silver Member
    • Posts: 819
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #9 on: November 13, 2011, 09:17:55 pm »
    Hi jillcatherine,

    Apologies for my late reply, I have been away from my main computer for some time. As follows please

    Step 1

    1) Run Spybot-S&D
    2) Go to the Mode menu, and make sure "Advanced Mode" is selected
    3) On the left hand side, choose Tools -> Resident
    4) Uncheck "Resident TeaTimer" and OK any prompts
    5) Restart your computer.

    Step 2
    Please open Notepad and copy/paste this code into the notepad:

    Code: [Select]
    KillAll::
    ClearJavaCache::
    File::
    c:\users\Jill\AppData\Local\7f725c16
    c:\windows\SysWow64\sho10BA.tmp




    Save this as CFScript.txt and change the 'Save as type' to 'All Files' and place it on your desktop. Make sure your AV is disabled while we do this.


    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

    ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    In your next reply:
    Combofix.txt
    How is your computer running now?

    Graduate of SHA Academy

    Offline jillcatherine

    • Bronze Member
    • Posts: 11
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #10 on: November 14, 2011, 12:05:48 pm »
    Oh don't apologize! I appreciate all your help!

    Ok, so I folllowed your last set of instructions, and it looked like combo fix did something, but my computer did not reboot, and no log was produced, it just looked like it extracted the file and that was it.

    The computer is working great, otherwise though.  :t

    Offline jillcatherine

    • Bronze Member
    • Posts: 11
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #11 on: November 14, 2011, 12:30:46 pm »
    Wait... I guess I wasn't patient enough!!! here is the log:


    ComboFix 11-11-14.02 - Jill 11/14/2011  10:08:22.2.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3893.2422 [GMT -8:00]
    Running from: c:\users\Jill\Desktop\ComboFix.exe
    Command switches used :: c:\users\Jill\Desktop\CFScript.txt
    AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
    SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Jill\AppData\Local\7f725c16"
    "c:\windows\SysWow64\sho10BA.tmp"
    .
    .
    (((((((((((((((((((((((((   Files Created from 2011-10-14 to 2011-11-14  )))))))))))))))))))))))))))))))
    .
    .
    2011-11-14 18:20 . 2011-11-14 18:20   --------   d-----w-   c:\users\Default\AppData\Local\temp
    2011-11-14 18:20 . 2011-11-14 18:20   --------   d-----w-   c:\users\Chris\AppData\Local\temp
    2011-11-14 18:20 . 2011-11-14 18:20   --------   d-----w-   c:\users\Brendan\AppData\Local\temp
    2011-11-13 17:26 . 2011-11-13 17:26   --------   d-----w-   C:\My Designs - Embroidery Software 6
    2011-11-13 17:24 . 2009-05-09 05:28   137000   ----a-w-   c:\windows\SysWow64\MSMAPI32.OCX
    2011-11-13 17:24 . 2011-11-13 17:25   --------   d-----w-   c:\program files (x86)\BERNINA
    2011-11-13 17:24 . 2011-11-13 17:24   --------   d-----w-   c:\program files (x86)\Common Files\Wilcom
    2011-11-13 17:23 . 2005-04-04 07:00   63488   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
    2011-11-13 17:23 . 2005-04-04 07:00   184320   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2011-11-13 17:23 . 2005-04-04 07:01   274432   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2011-11-13 17:23 . 2011-11-13 17:23   331908   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2011-11-13 17:23 . 2011-11-13 17:23   200836   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2011-11-13 17:23 . 2005-04-04 07:02   753664   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2011-11-13 17:23 . 2005-04-04 07:02   69714   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2011-11-13 17:23 . 2005-04-04 06:59   5632   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2011-11-11 16:02 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBFC259C-66D4-404E-BC66-2C37D4EEB413}\mpengine.dll
    2011-11-10 16:09 . 2011-11-10 16:09   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-10 00:01 . 2011-11-12 14:57   --------   d-----w-   c:\users\Jill\AppData\Local\Akamai
    2011-11-09 02:23 . 2011-10-01 05:28   886784   ----a-w-   c:\program files\Common Files\System\wab32.dll
    2011-11-09 02:23 . 2011-10-01 04:43   708608   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 02:23 . 2011-09-29 16:24   1897328   ----a-w-   c:\windows\system32\drivers\tcpip.sys
    2011-11-09 02:23 . 2011-09-29 04:09   3141120   ----a-w-   c:\windows\system32\win32k.sys
    2011-11-06 23:14 . 2011-11-06 23:14   --------   d-----w-   c:\program files (x86)\Common Files\Java
    2011-11-06 22:38 . 2011-11-06 22:38   --------   d--h--w-   c:\programdata\Common Files
    2011-11-06 22:36 . 2011-11-06 22:39   --------   d-----w-   c:\programdata\MFAData
    2011-11-03 21:41 . 2011-11-03 19:47   --------   d-----w-   c:\windows\system32\MpEngineStore
    2011-10-30 18:06 . 2011-10-30 18:06   --------   d-----w-   c:\users\Jill\AppData\Roaming\OpenOffice.org
    2011-10-30 17:59 . 2011-10-30 17:59   --------   d-----w-   c:\program files (x86)\OpenOffice.org 3
    2011-10-26 23:40 . 2011-10-26 23:40   --------   d-----w-   c:\windows\system32\Macromed
    2011-10-26 22:03 . 2011-08-15 05:08   6144   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
    2011-10-26 22:03 . 2011-08-15 04:25   6144   ----a-w-   c:\program files (x86)\Internet Explorer\iecompat.dll
    2011-10-26 06:16 . 2011-10-26 06:16   0   ----a-w-   c:\windows\SysWow64\shoA1F9.tmp
    2011-10-25 05:45 . 2011-10-25 05:45   --------   d-sh--w-   c:\windows\system32\%APPDATA%
    2011-10-25 05:40 . 2011-10-25 05:40   --------   d-sh--w-   c:\users\Jill\AppData\Local\7f725c16
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-14 16:20 . 2011-04-26 10:29   159080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    2011-10-27 21:14 . 2011-07-26 20:47   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-04 04:49 . 2011-10-04 04:49   0   ----a-w-   c:\windows\SysWow64\sho10BA.tmp
    2011-10-03 13:06 . 2010-10-10 03:28   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
    2011-10-01 03:21 . 2011-10-11 21:58   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
    2011-10-01 02:59 . 2011-10-11 21:58   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
    2011-09-15 16:43 . 2011-09-15 16:43   388096   ----a-r-   c:\users\Jill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-01 01:00 . 2011-07-12 23:53   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2011-08-27 05:40 . 2011-10-11 21:58   331776   ----a-w-   c:\windows\system32\oleacc.dll
    2011-08-27 05:40 . 2011-10-11 21:58   861184   ----a-w-   c:\windows\system32\oleaut32.dll
    2011-08-27 04:43 . 2011-10-11 21:58   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:43 . 2011-10-11 21:58   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
    2011-08-20 05:45 . 2011-10-11 21:58   1197568   ----a-w-   c:\windows\system32\wininet.dll
    2011-08-20 05:41 . 2011-10-11 21:58   57856   ----a-w-   c:\windows\system32\licmgr10.dll
    2011-08-20 04:38 . 2011-10-11 21:58   981504   ----a-w-   c:\windows\SysWow64\wininet.dll
    2011-08-20 04:35 . 2011-10-11 21:58   44544   ----a-w-   c:\windows\SysWow64\licmgr10.dll
    2011-08-20 04:20 . 2011-10-11 21:58   482816   ----a-w-   c:\windows\system32\html.iec
    2011-08-20 03:26 . 2011-10-11 21:58   386048   ----a-w-   c:\windows\SysWow64\html.iec
    2011-08-17 05:32 . 2011-10-11 21:58   613888   ----a-w-   c:\windows\system32\psisdecd.dll
    2011-08-17 05:27 . 2011-10-11 21:58   288256   ----a-w-   c:\windows\system32\MSNP.ax
    2011-08-17 05:27 . 2011-10-11 21:58   108032   ----a-w-   c:\windows\system32\psisrndr.ax
    2011-08-17 05:27 . 2011-10-11 21:58   75776   ----a-w-   c:\windows\system32\MSDvbNP.ax
    2011-08-17 05:27 . 2011-10-11 21:58   104960   ----a-w-   c:\windows\system32\Mpeg2Data.ax
    2011-08-17 04:26 . 2011-10-11 21:58   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
    2011-08-17 04:22 . 2011-10-11 21:58   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
    2011-08-17 04:22 . 2011-10-11 21:58   72704   ----a-w-   c:\windows\SysWow64\Mpeg2Data.ax
    2011-08-17 04:22 . 2011-10-11 21:58   59904   ----a-w-   c:\windows\SysWow64\MSDvbNP.ax
    2011-08-17 04:22 . 2011-10-11 21:58   204288   ----a-w-   c:\windows\SysWow64\MSNP.ax
    .
    .
    (((((((((((((((((((((((((((((   SnapShot@2011-11-12_01.27.15   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2011-11-14 18:21   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-11-12 01:26   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-11-12 01:26   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-14 18:21   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-12 01:26   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-14 18:21   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-10-27 22:05 . 2011-11-14 18:22   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-10-27 22:05 . 2011-11-12 01:27   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2011-11-14 05:13   78720              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2010-10-27 22:05 . 2011-11-12 01:27   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-10-27 22:05 . 2011-11-14 18:22   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-10-27 22:05 . 2011-11-14 18:22   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-10-27 22:05 . 2011-11-12 01:27   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-10-27 01:29 . 2011-11-14 18:22   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-10-27 01:29 . 2011-11-12 01:27   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-10-27 01:29 . 2011-11-14 18:22   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-10-27 01:29 . 2011-11-12 01:27   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-11-12 01:26 . 2011-11-12 01:26   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-14 18:21 . 2011-11-14 18:21   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-11-12 01:26 . 2011-11-12 01:26   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-14 18:21 . 2011-11-14 18:21   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2010-10-28 02:05 . 2011-11-12 01:26   262144              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2010-10-28 02:05 . 2011-11-14 18:21   262144              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 02:36 . 2011-11-12 00:53   624412              c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-11-14 18:05   624412              c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-11-14 18:05   106756              c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-11-12 00:53   106756              c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2011-11-12 01:25   384436              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-11-14 18:20   384436              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2008-08-08 22:46 . 2008-08-08 22:46   242176              c:\windows\Installer\279362.msi
    - 2009-07-14 04:45 . 2011-11-11 19:38   3802522              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2011-11-13 17:30   3802522              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-05-12 10:16 . 2011-11-14 17:58   1055348              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4289127186-800932172-3693104646-1001-8192.dat
    - 2011-05-12 10:16 . 2011-11-06 22:58   1055348              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4289127186-800932172-3693104646-1001-8192.dat
    + 2010-04-21 22:34 . 2010-04-21 22:34   7217664              c:\windows\Installer\27935d.msi
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
    @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
    [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
    2009-11-06 22:14   238968   ----a-w-   c:\program files (x86)\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    "Akamai NetSession Interface"="c:\users\Jill\AppData\Local\Akamai\netsession_win.exe" [2011-11-12 3303000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "IndexSearch"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe" [2010-06-15 46368]
    "PaperPort PTD"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe" [2010-06-15 29984]
    "PDFHook"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe" [2010-03-06 636192]
    "PDF5 Registry Controller"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe" [2010-03-06 62752]
    "RUNUPDATER"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe" [2010-09-29 465728]
    "Dell 1355 MFP Launcher"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" [2010-09-29 920384]
    "Dell 1355 MFP RUN"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe" [2010-09-29 2481472]
    "StatusAutoRun"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" [2010-09-29 3789120]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
     [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
     [BU]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys

    R2 WPCSvc32;Parental Controls ;c:\windows\system32\qdvd32.exe

    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys

    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

    S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
    S2 DLNADB;Dell 1355cn Status Database;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [2010-09-29 89920]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [2010-06-15 144672]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S2 UniversalCommunicationServer;Universal Communication Server;c:\program files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe [2009-05-19 90112]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
    S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-09-15 1201640]
    S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys

    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys

    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys

    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai   REG_MULTI_SZ      Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 20:47]
    .
    2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 20:47]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [BU]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SYSTEM32\blank.htm
    IE: Open with PDF Viewer Plus - c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - ProfilePath - c:\users\Jill\AppData\Roaming\Mozilla\Firefox\Profiles\7ydf4w5e.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_dac4cfd.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
    c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-14  10:29:47 - machine was rebooted
    ComboFix-quarantined-files.txt  2011-11-14 18:29
    ComboFix2.txt  2011-11-12 01:35
    .
    Pre-Run: 331,956,912,128 bytes free
    Post-Run: 331,753,680,896 bytes free
    .
    - - End Of File - - 5A290EA8797842E8216C15D77A9892B7

    Offline gahixon1

    • Malware Removal Staff
    • Silver Member
    • Posts: 819
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #12 on: November 16, 2011, 10:19:56 am »
    Hi Jillcatherine,

    OK. That seems to have shifted the majority of the infection, let's check for any leftovers.

    Step 1
    ESET Scan

    ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here to run the scan.
      Quote
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

    Step 2
    Security Check

    • Download Security Check by screen317 from HERE or HERE
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    In your next reply:
    ESET.txt
    Checkup.txt
    Graduate of SHA Academy

    Offline jillcatherine

    • Bronze Member
    • Posts: 11
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #13 on: November 17, 2011, 06:31:49 pm »
    Will work on these scans probably tomorrow....Chuck E. Cheese caused a migraine.  :m

    Offline jillcatherine

    • Bronze Member
    • Posts: 11
    Re: [In progress G]HijackThis log - Crazy Search Hijack Problem
    « Reply #14 on: November 18, 2011, 02:33:32 pm »
    ESET.txt:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=5aaab1193767a142b00ec299707b1a76
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-11-17 07:13:27
    # local_time=2011-11-17 11:13:27 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=512 16777215 100 0 4530035 4530035 0 0
    # compatibility_mode=5893 16776573 100 94 0 73100074 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=25776
    # found=0
    # cleaned=0
    # scan_time=583
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=5aaab1193767a142b00ec299707b1a76
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-11-18 06:26:09
    # local_time=2011-11-18 10:26:09 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=512 16777215 100 0 4605078 4605078 0 0
    # compatibility_mode=5893 16776573 100 94 0 73175117 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=296388
    # found=9
    # cleaned=0
    # scan_time=9102
    C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe   a variant of Win32/HiddenStart.A application (unable to clean)   00000000000000000000000000000000   I
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A application (unable to clean)   00000000000000000000000000000000   I
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe   a variant of Win32/HiddenStart.A application (unable to clean)   00000000000000000000000000000000   I
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A application (unable to clean)   00000000000000000000000000000000   I
    C:\Qoobox\Quarantine\C\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\chrome.manifest.vir   Win32/TrojanDownloader.Tracur.F trojan (unable to clean)   00000000000000000000000000000000   I
    C:\Qoobox\Quarantine\C\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\chrome\xulcache.jar.vir   JS/Agent.NDJ trojan (unable to clean)   00000000000000000000000000000000   I
    C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir   Win64/Sirefef.D trojan (unable to clean)   00000000000000000000000000000000   I
    C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Default\ahllklnobfllbcikbgfjlbgpclclnnjn\contentscript.js   Win32/TrojanDownloader.Tracur.F trojan (unable to clean)   00000000000000000000000000000000   I
    C:\Users\Jill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jill\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\ahllklnobfllbcikbgfjlbgpclclnnjn\contentscript.js   Win32/TrojanDownloader.Tracur.F trojan (unable to clean)   00000000000000000000000000000000   I

    Checkup.txt:
     Results of screen317's Security Check version 0.99.28 
     Windows 7  x64 (UAC is enabled) 
     Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

     Windows Firewall Enabled! 
     Webroot AntiVirus with Spy Sweeper 
     WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

     Malwarebytes' Anti-Malware   
     Java(TM) 6 Update 29 
     Java(TM) 6 Update 22 
     Java version out of date!
      Adobe Flash Player (   10.3.181.34) Flash Player Out of Date! 
     Adobe Reader 9 (Adobe Reader out of date!)
     Mozilla Firefox (8.0.)
    ````````````````````````````````
    Process Check: 
    objlist.exe by Laurent

     Spybot Teatimer.exe is disabled!
    ``````````End of Log````````````