Internet

Closed
Gervarod - Apr 26, 2010 at 05:48 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Apr 29, 2010 at 09:53 AM
hello im still directed to other websites such as this one.........http://top5-review.com/au/zdmsrndl12/search.php?keyword=why+im+getting+directed+to+another+site

but i tried to go to the main one which is this one...........http://www.geekstogo.com/forum/I-m-getting-redirected-whenever-I-click-link-t251971.html.....which is the main one i wanted to go to how do i end this virus i done a scan with Avira anit virus and a scan with Malwarebytes which wont pick it up at all it's really !@#$ing making me mad and angry which i can go to the website i want to go to. hope i get help with this thanks.

Gervarod

5 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 26, 2010 at 07:37 AM
Hi Gervarod,

Oh boy, here we go again!

Do you have a greenhouse where you grow theses viruses?:)))

Lets Hyjack this one, but I can promise you an answer until later today.

Catch you later alligator!
0
G'day Ambucias I've worked it out now i uninstalled Avira and Malwarebytes and just left Avast on it and now i get on it net i click on every link in google and i go to that sit now i think it was my anti virus programes not working together well. but if you want the Hijack this file done i will do it for ya mate.

Regards,Gervarod
0
here's the file for you Ambucias..........


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:49:20, on 27/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internode\mum.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Free YouTube MP3 Ripper\FreeYouTubeMP3Ripper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=15157&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SteamWatch - Douglas Marttinen - C:\Program Files\SteamWatch\SteamWatch.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 26, 2010 at 04:31 PM
Hello Gervarod

You log looks okay at first glance. Yet I would get rid of

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

It is risky yet useless.

Do you always get redirected to the same sites? I would think that there is Trojan Horse muffins in your registry and perhaps sys32.

It is difficult to check at a distance.

Lets try to things:

1. Download CCleaner and run both a temp file and registry clean.

https://ccm.net/downloads/security-and-maintenance/4555-ccleaner/

2. Run your Spybot
0
yer it evens happends if im in explorer too i will get back to ya asap
0
now what buttens do i push there is the Cleaner,Registry,Tools and Optiona on it and is there any thing i should not do with it. thanks Gervarod
0
i've done the clean up with the CClearner and done a spybot scan and tat picked up nofing

what do you want me to do next thnaks

Gervarod
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 27, 2010 at 05:42 AM
Hello Gervarod,

I think that you are marooned even doomed, let's erase your hardrive and start all over!

Come to think of it let's not...

I looked at the Top 5 review site, not nice at all!

Did you remove ?

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

1. Download link: http://live.sysinternals.com/procexp.exe
*2. Double-click to run it.
*3. Select Security Tool process from the list.
See if you can locate any unfamiliar processes such as numerical processes
press "Delete" button to end the process.
*4. Close Process Explorer.

5. Download
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
*Close all running applications
*Double click the installer and install it in its default location (C: Program files)
*Under Vista: Make a right-click the shortcut created and click "Run as Administrator"
*At the main menu select "S" (Start scan)
*A report will appear after scan the post it on the forum (it is also saved as C: Ad-Report-SCAN.log)
0
yer i did remove O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll so i got to reformat my computer again do i???
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 27, 2010 at 07:32 AM
No that was a joke, just to see your reaction, never mind my dark sense of humour.

Did the removal of the BHO help?

Have you run the apps I sent you?
0
here i just copied it to show you it which was the first file you told me to run is any thin i should delet???
thanks,Gervarod
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 27, 2010 at 07:52 AM
I cant see anything
0
so i should run the next tool you sent me which was....http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe . ???.

even removing the BHO has not helped me at all i still getting redirected to the sites again.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 27, 2010 at 08:48 AM
Only if the tool did not give you the option to fix,

Using explorer find and delete the following:

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com");

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("browser.search.order.1", "Ask.com");
C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.cbid", "UH");

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.l", "dis");

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1270706778485");

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.locale", "en_US");

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.o", "15154");

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.r", "2");

C:\Users\HomeComputer\..\hvyghk99.default\prefs.js - user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");

The reboot and report to me.

P.S. Do you know what the weather is like right now in Australia?
0
well tonight its freezing bloody cold and we are nearly near winter but some days its nice and sunny and warm but some are cold and windy and wet.

Why???
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 27, 2010 at 09:00 AM
Just wondered, for here, in Quebec, although we had balmy weather, today we have light melting snow, and I also wondered if you knew how I got to know that you are in Australia.
0
i cant even find them in the Process Explorer at all they ar edifferent names
0
well let me guess you looked at my Login info or my profile?

but dont say you are a hacker too??
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 27, 2010 at 09:16 AM
Yes, you got it!

So did the tool give you the option to fix or are you going to delete manually?
0

Didn't find the answer you are looking for?

Ask a question
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 27, 2010 at 10:14 AM
Allright then, we will administrate the ultimate, most powerfull medicinal compound.

Mind you we did clean a lot horse mamure.

Just a note aside, when I went to top5 review, when I saw the window asking "Why have been redirected to this site" anybody normal and quick on the mouse, would want to know. Bang you are infected! SOB's!

Type, type, type... I will just copy and paste but pretend I did type and take it personal.

To keep your system safe, you must follow the instructions hereunder to the letter:

1. Download Combofix to your desktop.

http://www.combofix.org/download.php

2.Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

Once you are done, paste the log here and report to me on how your system is behaving.

That should fic it for sure. When you find that you are no longer getting redirected, please make a new restore point.

I must now go off line, it is 11:15 AM, must run some errunds. Will return in 6 hours if not tomorrow morning, evening for you.

Good luck and don't do anything I wouldn't do.
0
Hell good if you told me combofix took a while to get started but it was done mate. heres the log file from it...............



ComboFix 10-04-26.05 - HomeComputer 28/04/2010 2:08.1.2 - x86
Microsoft® Windows Vista(TM) Home Premium 6.0.6001.1.1252.61.1033.18.3032.2013 [GMT 10:00]
Running from: c:\users\HomeComputer\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\HomeComputer\AppData\Roaming\inst.exe
c:\windows\system32\oem10.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 16:19 . 2010-04-27 16:20 -------- d-----w- c:\users\HomeComputer\AppData\Local\temp
2010-04-27 16:19 . 2010-04-27 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-27 16:19 . 2010-04-27 16:19 -------- d-----w- c:\users\April\AppData\Local\temp
2010-04-27 13:04 . 2010-04-27 14:44 -------- d-----w- C:\Ad-Remover
2010-04-27 03:06 . 2010-04-27 03:06 -------- d-----w- c:\program files\CCleaner
2010-04-26 16:48 . 2010-04-26 16:48 388096 ----a-r- c:\users\HomeComputer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-26 11:11 . 2010-04-26 11:11 -------- d-----w- c:\program files\BattleshipGame
2010-04-23 14:22 . 2010-04-23 14:22 -------- d-----w- c:\program files\Trend Micro
2010-04-23 11:25 . 2010-04-24 03:19 -------- d-----w- c:\programdata\fssg
2010-04-22 08:10 . 2010-04-27 14:15 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\mp3ripper
2010-04-22 08:10 . 2009-03-17 15:48 72704 ----a-w- c:\users\HomeComputer\AppData\Roaming\MSDLL\avutil-49.dll
2010-04-22 08:10 . 2009-03-17 15:48 694784 ----a-w- c:\users\HomeComputer\AppData\Roaming\MSDLL\avformat-52.dll
2010-04-22 08:10 . 2009-03-17 15:48 62976 ----a-w- c:\users\HomeComputer\AppData\Roaming\MSDLL\avfilter-0.dll
2010-04-22 08:10 . 2009-03-17 15:48 181760 ----a-w- c:\users\HomeComputer\AppData\Roaming\MSDLL\swscale-0.dll
2010-04-22 08:10 . 2009-03-17 15:48 10752 ----a-w- c:\users\HomeComputer\AppData\Roaming\MSDLL\avdevice-52.dll
2010-04-22 08:10 . 2008-08-29 07:58 321536 ----a-w- c:\users\HomeComputer\AppData\Roaming\MSDLL\SDL.dll
2010-04-22 08:10 . 2008-07-27 12:36 22528 ----a-w- c:\users\HomeComputer\AppData\Roaming\MSDLL\myutil.dll
2010-04-22 08:10 . 2010-04-22 08:10 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\MSDLL
2010-04-22 08:10 . 2010-04-22 08:10 -------- d-----w- c:\program files\Free YouTube MP3 Ripper
2010-04-22 08:10 . 2009-05-29 17:26 8346624 ----a-w- c:\users\HomeComputer\AppData\Roaming\MSDLL\avcodec-52.dll
2010-04-21 23:06 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-21 23:06 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-21 23:06 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-21 23:06 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-21 23:06 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-21 23:06 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-21 23:06 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-21 17:32 . 2010-04-21 23:06 -------- d-----w- c:\programdata\Alwil Software
2010-04-21 17:32 . 2010-04-21 17:32 -------- d-----w- c:\program files\Alwil Software
2010-04-21 15:46 . 2010-04-21 15:49 -------- d-----w- C:\ConverterOutput
2010-04-21 15:46 . 2004-10-12 04:42 262144 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2010-04-21 15:46 . 2004-10-05 06:16 395776 ----a-w- c:\windows\system32\libmplayer.dll
2010-04-21 15:46 . 2004-10-03 15:50 112640 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2010-04-21 15:46 . 2004-09-10 03:50 34820 ----a-w- c:\windows\system32\ffdshow.reg
2010-04-21 15:46 . 2004-10-12 04:40 2255360 ----a-w- c:\windows\system32\libavcodec.dll
2010-04-21 15:46 . 2010-04-21 15:46 -------- d-----w- c:\program files\Cucusoft
2010-04-21 15:41 . 2010-04-21 22:40 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\Vso
2010-04-21 15:41 . 2010-04-21 22:40 47360 ----a-w- c:\users\HomeComputer\AppData\Roaming\pcouffin.sys
2010-04-21 09:31 . 2010-04-21 09:31 -------- d-----w- c:\users\April\AppData\Local\Apple
2010-04-20 07:58 . 2010-04-20 07:58 -------- d-----w- c:\users\April\AppData\Local\WLDM
2010-04-19 17:02 . 2010-04-19 17:02 -------- d-----w- c:\windows\system32\EventProviders
2010-04-18 11:46 . 2010-04-18 11:46 -------- d-----w- c:\users\HomeComputer\AppData\Local\Apple Computer
2010-04-18 11:32 . 2010-04-18 11:33 -------- d-----w- c:\program files\QuickTime
2010-04-18 11:32 . 2010-04-18 11:32 -------- d-----w- c:\programdata\Apple Computer
2010-04-18 11:32 . 2010-04-18 11:32 -------- d-----w- c:\program files\Common Files\Apple
2010-04-18 11:31 . 2010-04-18 11:31 -------- d-----w- c:\users\HomeComputer\AppData\Local\Apple
2010-04-18 11:31 . 2010-04-18 11:31 -------- d-----w- c:\program files\Apple Software Update
2010-04-18 11:31 . 2010-04-18 11:31 -------- d-----w- c:\programdata\Apple
2010-04-18 10:25 . 2010-04-18 10:25 -------- d-----w- c:\users\HomeComputer\AppData\Local\WLDM
2010-04-18 06:47 . 2010-04-18 06:47 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-18 05:39 . 2010-04-18 05:39 -------- d-----w- c:\users\April\AppData\Roaming\DivX
2010-04-17 15:20 . 2010-04-27 14:34 -------- d-----w- c:\users\HomeComputer\Tracing
2010-04-17 15:20 . 2010-04-17 15:20 -------- d-----w- c:\program files\Microsoft
2010-04-17 15:20 . 2010-04-17 15:20 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-17 15:19 . 2010-04-18 10:25 -------- d-----w- c:\program files\Windows Live
2010-04-17 15:19 . 2010-04-17 15:19 -------- d-----w- c:\windows\PCHEALTH
2010-04-17 15:17 . 2010-04-17 15:17 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-16 10:01 . 2010-04-16 10:01 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\runic games
2010-04-16 09:57 . 2010-04-16 09:57 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-16 09:57 . 2010-04-16 09:57 85504 ----a-w- c:\users\HomeComputer\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-04-16 09:57 . 2010-04-16 09:57 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\SystemRequirementsLab
2010-04-16 00:01 . 2010-04-23 11:23 -------- d-----w- c:\programdata\F-Secure
2010-04-15 23:51 . 2010-04-15 23:51 -------- d-----w- c:\windows\Sun
2010-04-15 23:51 . 2010-04-15 23:51 -------- d-----w- c:\program files\Common Files\Java
2010-04-15 23:51 . 2010-04-15 23:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 23:50 . 2010-04-15 23:50 -------- d-----w- c:\program files\Java
2010-04-15 23:43 . 2010-04-15 23:43 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-15 23:43 . 2010-04-15 23:43 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-04-15 23:43 . 2010-04-15 23:43 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-15 23:43 . 2010-04-15 23:43 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-15 23:43 . 2010-04-15 23:43 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-15 23:43 . 2010-04-15 23:43 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-04-15 23:43 . 2010-04-15 23:43 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-04-15 23:43 . 2010-04-15 23:43 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-15 12:19 . 2010-04-15 12:19 -------- d-----w- c:\users\April\AppData\Local\Mozilla
2010-04-15 12:19 . 2010-04-20 08:04 -------- d-----w- c:\users\April\AppData\Roaming\vlc
2010-04-15 11:09 . 2010-04-15 11:09 -------- d-----w- c:\programdata\NCH Software
2010-04-15 11:09 . 2010-04-16 09:13 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\NCH Swift Sound
2010-04-15 03:28 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 03:28 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 03:28 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 03:28 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 03:28 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 03:28 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 03:28 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 03:28 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 03:28 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 03:28 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 03:28 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 18:01 . 2010-04-15 03:47 -------- d-----w- c:\program files\SpeedFan
2010-04-14 17:43 . 2010-04-14 17:43 -------- d-----w- c:\programdata\McAfee
2010-04-14 17:30 . 2010-04-14 17:30 -------- d-----w- c:\program files\Isotope244 Graphics
2010-04-14 05:53 . 2010-04-25 17:03 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\dvdcss
2010-04-11 09:19 . 2010-04-11 09:19 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\AVS4YOU
2010-04-11 09:19 . 2010-04-11 09:19 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-11 09:18 . 2008-08-13 00:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-04-11 09:18 . 2008-08-13 00:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-04-11 09:18 . 2008-08-13 00:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-04-11 09:18 . 2008-08-13 00:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-04-11 09:18 . 2008-08-13 00:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-11 09:18 . 2010-04-26 12:29 -------- d-----w- c:\program files\AVS4YOU
2010-04-11 09:18 . 2010-04-11 09:19 -------- d-----w- c:\programdata\AVS4YOU
2010-04-11 08:17 . 2010-04-11 08:17 -------- d-----w- c:\users\HomeComputer\AppData\Local\WMTools Downloaded Files
2010-04-11 08:11 . 2010-04-15 03:28 -------- d-----w- c:\program files\Movie Maker 2.6
2010-04-11 07:12 . 2010-04-11 07:12 -------- d-----w- c:\program files\IObit
2010-04-11 05:26 . 2010-04-26 13:02 -------- d-----w- c:\program files\Kioskea.exe
2010-04-09 16:16 . 2010-04-15 23:43 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-09 16:10 . 2010-04-09 16:15 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-09 16:10 . 2010-04-09 16:15 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-09 16:09 . 2010-04-15 23:43 -------- d-----w- c:\program files\DivX
2010-04-09 16:08 . 2010-04-15 23:42 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-09 16:08 . 2010-04-15 23:43 -------- d-----w- c:\programdata\DivX
2010-04-09 15:13 . 2007-12-27 03:33 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-04-09 15:13 . 2007-12-13 21:59 81920 ----a-w- c:\windows\system32\GkSui20.EXE
2010-04-09 15:13 . 2010-04-21 16:07 -------- d-----w- c:\program files\YouTube Movie Ripper V4.0.2
2010-04-09 13:30 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-04-09 13:13 . 2010-04-09 13:13 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\Canneverbe Limited
2010-04-09 13:13 . 2010-04-09 13:13 -------- d-----w- c:\programdata\Canneverbe Limited
2010-04-09 13:13 . 2009-11-12 04:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-04-09 13:13 . 2010-04-09 13:13 -------- d-----w- c:\program files\CDBurnerXP
2010-04-08 19:02 . 2010-04-08 01:07 -------- d-----w- c:\windows\Panther
2010-04-08 19:02 . 2010-04-08 19:02 -------- d-----w- C:\Boot
2010-04-08 19:01 . 2010-04-08 19:01 -------- d-----w- c:\windows\system32\OEM
2010-04-08 14:25 . 2010-04-08 14:25 -------- d-----w- c:\program files\Utherverse Digital Inc
2010-04-08 13:04 . 2010-04-08 13:06 -------- d-----w- c:\program files\Pristy Utils

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 23:43 . 2010-04-09 16:15 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-15 23:42 . 2010-04-09 16:15 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-15 12:17 . 2010-04-15 12:17 65800 ----a-w- c:\users\April\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-10 17:33 . 2010-04-09 16:15 -------- d-----w- c:\users\HomeComputer\AppData\Roaming\DivX
2010-04-09 16:15 . 2010-04-09 16:15 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-09 16:15 . 2010-04-09 16:15 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-09 16:15 . 2010-04-09 16:15 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-09 16:15 . 2010-04-09 16:15 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-09 16:15 . 2010-04-09 16:15 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-04-09 16:15 . 2010-04-09 16:15 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-04-09 16:15 . 2010-04-09 16:15 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-09 16:15 . 2010-04-09 16:15 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-09 16:15 . 2010-04-09 16:15 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-04-09 16:07 . 2010-04-09 16:15 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-08 08:27 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-08 04:42 . 2010-04-08 01:24 65800 ----a-w- c:\users\HomeComputer\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-08 03:17 . 2010-04-08 03:16 -------- d-----w- c:\program files\IDT
2010-04-08 03:13 . 2010-04-08 01:24 680 ----a-w- c:\users\HomeComputer\AppData\Local\d3d9caps.dat
2010-04-08 03:10 . 2010-04-08 03:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
2010-04-08 03:10 . 2010-04-08 03:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-04-08 01:06 . 2010-04-08 01:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-09 16:25 . 2010-04-08 07:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-04-08 07:26 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 16:03 . 2010-04-08 03:16 536576 ----a-w- c:\windows\system32\idtmini1.exe
2010-02-25 16:03 . 2010-04-08 03:16 3350528 ----a-w- c:\windows\system32\stlang.dll
2010-02-25 16:03 . 2010-04-08 03:16 945664 ----a-w- c:\windows\system32\stapo.dll
2010-02-25 16:03 . 2010-04-08 03:16 527360 ------w- c:\windows\system32\stapi32.dll
2010-02-25 16:03 . 2010-04-08 03:16 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-02-25 16:03 . 2010-04-08 03:16 405504 ----a-w- c:\windows\system32\stcplx.dll
2010-02-25 16:03 . 2010-04-08 03:16 175616 ----a-w- c:\windows\system32\st326272.dll
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Steam"="c:\program files\steam\steam.exe" [2010-04-27 1238352]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-08 319792]
"InternodeUsage"="c:\progra~1\INTERN~2\mum.exe" [2010-04-08 1363456]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-16 3810304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 274432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-25 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 150552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]
S2 SteamWatch;SteamWatch;c:\program files\SteamWatch\SteamWatch.exe [2008-03-24 13824]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-30 144128]

.
Contents of the 'Scheduled Tasks' folder

2010-04-10 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\HomeComputer\AppData\Roaming\Mozilla\Firefox\Profiles\hvyghk99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 02:19
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys >>UNKNOWN [0x875198C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a3a5322
\Driver\ACPI -> acpi.sys @ 0x80689d4c
\Driver\atapi -> ataport.SYS @ 0x822e09a8
\Driver\iaStor -> iaStor.sys @ 0x8224b592
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
Completion time: 2010-04-28 02:22:37
ComboFix-quarantined-files.txt 2010-04-27 16:22

Pre-Run: 226,310,823,936 bytes free
Post-Run: 226,276,245,504 bytes free

- - End Of File - - 6B1F698AA97357DF29961D4A20B29BE3
Hope it got rid of it for me thanks
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 27, 2010 at 05:07 PM
Hello Gervarod,

I almost missed your reply. Somehow the system had deleted it, probably because of word in the filter.

Anyhow it seems to me that your system is clean now.

However, PLEASE BE CAREFUL, if you use Flash drives or other removable USB memory devices, they may be infected. Please don't ask me how to disinfect your pendrive for I find it a pain to explain.

But let me know if you are still being redirected.
0
ok thanks for the help i will let you know if I'm getting directed. do you what i had on my system that keeping redirecting me at all???
0
it's still redirecting me even on internet Explorer what should i do delete them manually?????

i hate COMPUTERS VIRUSES
0
i think its just the internet FireFox that is not working right cos i did read up about it that it does it on it own sometimes.
0