Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

browser hijacked-can't access google or yahoo search results

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

browser hijacked-can't access google or yahoo search results

Unread postby app1nag » April 12th, 2009, 8:54 pm

everytime I do a search the results are hijacked when I click on any of them....using Firefox or IE....google or yahoo....thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:16 PM, on 4/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\neil1\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\MSIMN.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 2809 bytes
app1nag
Active Member
 
Posts: 14
Joined: April 12th, 2009, 8:49 pm
Advertisement
Register to Remove

Re: browser hijacked-can't access google or yahoo search results

Unread postby peku006 » April 18th, 2009, 3:04 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - Download an Run GooredFix

Please download GooredFix and save it to your Desktop.

  • Double-click Goored.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply
      (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.

2 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1. the GooredLog.txt
2.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: browser hijacked-can't access google or yahoo search results

Unread postby app1nag » April 18th, 2009, 10:50 am

thanks---here are the results from step 1

GooredFix v1.92 by jpshortstuff
Log created at 10:50 on 18/04/2009 running Option #1 (neil1)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"
app1nag
Active Member
 
Posts: 14
Joined: April 12th, 2009, 8:49 pm

Re: browser hijacked-can't access google or yahoo search results

Unread postby app1nag » April 18th, 2009, 10:54 am

Logfile of random's system information tool 1.06 (written by random/random)

Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 7 GB (19%) free of 38 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:40 AM, on 4/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\neil1\Desktop\RSIT.exe
C:\Documents and Settings\neil1\Desktop\neil1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 3630 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\backup pre-virus.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2004-05-27 323584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-31 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bawindo]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPK]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe [2007-07-31 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\crzv.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DM_Server]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Key Logger]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gxqb]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\javadw.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-05-01 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\MSMSGS.EXE [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-04-09 648504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe [2003-11-10 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up Stopper]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-11-07 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Soap Pro]
C:\PROGRA~1\SYSTEM~1\soap.exe min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkey]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wersds.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogons.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
C:\Program Files\America Online 8.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^neil1^Start Menu^Programs^Startup^BJ Status Monitor Canon S520.lnk]
C:\DOCUME~1\neil1\CNMSSC~1.EXE USB001;Canon S520;cnmss Canon S520 (Local).exe;BJ Status Monitor Canon S520.lnk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^neil1^Start Menu^Programs^Startup^Resume Windows Update Installation.lnk]
C:\WINDOWS\WINDOW~1\ie6setup.exe [2004-02-08 490608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2
"mnmsrvc"=3
"lanmanserver"=2
"KodakCCS"=2
"iPodService"=3
"ImapiService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-31 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:Network access client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe"="C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe:*:Enabled:BRAdmin Light"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM"
"C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{415a8abb-e506-11dd-bbc0-000bdbba9915}]
shell\AutoRun\command - D:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-04-18 10:52:11 ----D---- C:\rsit
2009-04-18 00:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-18 00:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-18 00:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-18 00:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-18 00:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-18 00:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-17 18:36:59 ----D---- C:\WINDOWS\ie8updates
2009-04-17 18:28:29 ----HDC---- C:\WINDOWS\ie8
2009-04-17 18:27:02 ----D---- C:\Program Files\Microsoft Silverlight
2009-04-03 19:33:42 ----D---- C:\Program Files\Trend Micro
2009-04-01 07:49:43 ----D---- C:\WINDOWS\Prefetch
2009-03-31 22:16:17 ----A---- C:\WINDOWS\imsins.BAK
2009-03-31 22:09:44 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-03-31 22:09:34 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-03-31 22:08:05 ----N---- C:\WINDOWS\system32\oleaut32.dll
2009-03-31 22:08:05 ----N---- C:\WINDOWS\system32\format.com
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\locator.exe
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\localspl.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\ftp.exe
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\cmd.exe
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\cacls.exe
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\autochk.exe
2009-03-31 22:08:05 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\userinit.exe
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\untfs.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\ulib.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\smss.exe
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\services.exe
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\schannel.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\savedump.exe
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\samlib.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\rasman.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\printui.dll
2009-03-31 22:08:01 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-03-31 22:07:53 ----N---- C:\WINDOWS\system32\hal.dll
2009-03-31 22:07:53 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-03-31 22:07:53 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-03-31 21:18:57 ----HD---- C:\$AVG8.VAULT$
2009-03-31 21:16:39 ----D---- C:\Documents and Settings\neil1\Application Data\Malwarebytes
2009-03-31 21:16:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-31 21:16:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-31 20:50:06 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-31 20:49:01 ----D---- C:\Program Files\AVG
2009-03-31 20:48:57 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-31 18:44:38 ----HD---- C:\Config.msi
2009-03-30 22:44:00 ----A---- C:\WINDOWS\system32\mkghj.dll
2009-03-30 22:33:43 ----A---- C:\caavsetupLog.txt
2009-03-30 22:32:43 ----D---- C:\WINDOWS\rnapxs
2009-03-30 22:28:34 ----A---- C:\caisslog.txt
2009-03-30 22:17:57 ----D---- C:\Documents and Settings\neil1\Application Data\GetRightToGo
2009-03-25 18:11:07 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-23 21:59:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-23 21:58:46 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-23 21:58:46 ----D---- C:\Documents and Settings\neil1\Application Data\SUPERAntiSpyware.com
2009-03-22 22:44:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-22 22:05:59 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-03-22 13:52:36 ----N---- C:\WINDOWS\system32\_003865_.tmp.dll
2009-03-22 13:52:28 ----N---- C:\WINDOWS\system32\_003864_.tmp.dll
2009-03-22 13:50:49 ----N---- C:\WINDOWS\system32\_003862_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003857_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003856_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003855_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003854_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003853_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003850_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003849_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003848_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003847_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003845_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003844_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003842_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003840_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003835_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003834_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003833_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003831_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003826_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003822_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003821_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003809_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003806_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003801_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003800_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003782_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003779_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003778_.tmp.dll
2009-03-22 13:50:43 ----N---- C:\WINDOWS\system32\_003777_.tmp.dll
2009-03-15 21:03:19 ----D---- C:\Program Files\TaxCut08
2009-03-11 03:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 03:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-08 14:22:30 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-03-08 14:22:18 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-03-08 14:21:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-03-08 14:20:54 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-03-01 13:40:55 ----HD---- C:\BJPrinter
2009-02-25 04:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-22 19:53:43 ----D---- C:\Program Files\CCleaner
2009-02-22 15:13:28 ----D---- C:\Program Files\Canon
2009-02-16 04:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-05 23:30:54 ----D---- C:\Documents and Settings\neil1\Application Data\Yahoo!
2009-01-29 22:59:51 ----D---- C:\Documents and Settings\neil1\Application Data\U3
2009-01-25 15:50:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of files/folders modified in the last 3 months======

2009-04-18 10:51:49 ----D---- C:\WINDOWS\Temp
2009-04-18 08:08:58 ----D---- C:\Program Files\Mozilla Firefox
2009-04-18 07:58:29 ----D---- C:\WINDOWS
2009-04-18 03:01:10 ----SHD---- C:\WINDOWS\Installer
2009-04-18 00:21:46 ----D---- C:\WINDOWS\SYSTEM32
2009-04-18 00:21:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-18 00:16:28 ----D---- C:\WINDOWS\system32\WBEM
2009-04-18 00:16:28 ----D---- C:\WINDOWS\AppPatch
2009-04-18 00:14:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-18 00:11:00 ----HD---- C:\WINDOWS\INF
2009-04-18 00:10:54 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2009-04-18 00:08:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-18 00:07:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-17 19:01:43 ----D---- C:\WINDOWS\system32\en-US
2009-04-17 19:01:41 ----D---- C:\WINDOWS\Media
2009-04-17 19:01:41 ----D---- C:\WINDOWS\Help
2009-04-17 19:01:41 ----D---- C:\Program Files\Internet Explorer
2009-04-17 18:37:36 ----HD---- C:\WINDOWS\msdownld.tmp
2009-04-17 18:37:16 ----D---- C:\Program Files
2009-04-17 18:27:25 ----D---- C:\Program Files\msn
2009-04-17 17:14:29 ----D---- C:\WINDOWS\system32\DRIVERS
2009-04-17 17:08:00 ----D---- C:\WINDOWS\system32\Macromed
2009-04-15 15:11:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-14 08:54:39 ----A---- C:\WINDOWS\BRWMARK.INI
2009-04-11 15:58:16 ----RSH---- C:\boot.ini
2009-04-11 15:58:16 ----A---- C:\WINDOWS\WIN.INI
2009-04-11 15:58:16 ----A---- C:\WINDOWS\SYSTEM.INI
2009-04-06 07:57:26 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 21:33:26 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-02 19:44:52 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-04-02 19:44:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-01 07:59:42 ----D---- C:\Program Files\Messenger
2009-04-01 07:48:23 ----D---- C:\WINDOWS\system32\Setup
2009-04-01 07:48:06 ----RSD---- C:\WINDOWS\Fonts
2009-03-31 23:22:06 ----D---- C:\WINDOWS\ServicePackFiles
2009-03-31 23:05:40 ----D---- C:\WINDOWS\WinSxS
2009-03-31 23:05:30 ----D---- C:\WINDOWS\system32\bits
2009-03-31 23:02:58 ----D---- C:\WINDOWS\system32\USMT
2009-03-31 23:02:43 ----D---- C:\WINDOWS\system32\Restore
2009-03-31 23:02:42 ----D---- C:\WINDOWS\system32\OOBE
2009-03-31 23:02:41 ----D---- C:\WINDOWS\system32\NPP
2009-03-31 23:00:50 ----D---- C:\WINDOWS\system32\Com
2009-03-31 22:56:52 ----D---- C:\WINDOWS\SYSTEM
2009-03-31 22:56:52 ----D---- C:\WINDOWS\SRCHASST
2009-03-31 22:51:13 ----D---- C:\WINDOWS\PeerNet
2009-03-31 22:51:11 ----D---- C:\WINDOWS\network diagnostic
2009-03-31 22:51:09 ----D---- C:\WINDOWS\MSAGENT
2009-03-31 22:50:34 ----D---- C:\WINDOWS\IME
2009-03-31 22:50:03 ----D---- C:\Program Files\Windows Media Player
2009-03-31 22:50:02 ----D---- C:\Program Files\Outlook Express
2009-03-31 22:49:59 ----D---- C:\Program Files\NetMeeting
2009-03-31 22:49:57 ----D---- C:\Program Files\Movie Maker
2009-03-31 22:49:37 ----D---- C:\Program Files\Common Files\System
2009-03-31 22:47:25 ----D---- C:\WINDOWS\system32\scripting
2009-03-31 22:47:25 ----D---- C:\WINDOWS\system32\en
2009-03-31 22:47:20 ----D---- C:\WINDOWS\l2schemas
2009-03-31 22:47:05 ----SD---- C:\WINDOWS\Tasks
2009-03-31 22:22:31 ----D---- C:\WINDOWS\SECURITY
2009-03-31 22:16:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-31 22:07:07 ----D---- C:\WINDOWS\EHome
2009-03-31 20:50:20 ----D---- C:\Documents and Settings
2009-03-31 20:22:19 ----D---- C:\Program Files\CA
2009-03-31 20:11:15 ----D---- C:\WINDOWS\system32\NtmsData
2009-03-31 20:10:18 ----D---- C:\Program Files\Grisoft
2009-03-31 19:16:50 ----D---- C:\WINDOWS\Registration
2009-03-31 18:54:53 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-31 18:53:30 ----D---- C:\Program Files\Common Files\InstallShield
2009-03-31 18:49:00 ----D---- C:\Program Files\Common Files
2009-03-31 18:25:53 ----D---- C:\Program Files\Lavasoft
2009-03-31 18:25:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-31 07:48:09 ----D---- C:\Program Files\Yahoo!
2009-03-30 22:34:18 ----D---- C:\WINDOWS\Downloaded Installations
2009-03-30 22:28:00 ----RHD---- C:\Documents and Settings\All Users\Application Data\yahoo!
2009-03-30 22:03:34 ----D---- C:\WINDOWS\Debug
2009-03-29 09:09:08 ----D---- C:\Program Files\TaxCut05
2009-03-22 22:38:57 ----D---- C:\Program Files\DivX
2009-03-22 22:38:36 ----D---- C:\Program Files\Google
2009-03-22 22:36:55 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-03-15 21:09:06 ----D---- C:\Documents and Settings\neil1\Application Data\TaxCut
2009-03-15 21:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\TaxCut
2009-03-08 14:22:46 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-03-08 14:21:06 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-03-08 04:39:48 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll
2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-03-08 04:33:16 ----A---- C:\WINDOWS\system32\jscript.dll
2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-03-08 04:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll
2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll
2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll
2009-03-08 04:32:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-03-08 04:32:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll
2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-03-08 04:31:54 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\icardie.dll
2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe
2009-03-08 04:22:46 ----A---- C:\WINDOWS\system32\ieui.dll
2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-03-08 04:11:12 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-03-06 10:44:35 ----A---- C:\WINDOWS\system32\pdh.dll
2009-02-23 21:36:16 ----D---- C:\Program Files\WinRAR
2009-02-23 21:33:12 ----A---- C:\WINDOWS\Brownie.ini
2009-02-22 20:03:36 ----D---- C:\Program Files\Ahead
2009-02-22 20:03:33 ----D---- C:\Program Files\Common Files\Ahead
2009-02-22 19:58:51 ----D---- C:\Program Files\Amazon
2009-02-22 19:55:58 ----D---- C:\WINDOWS\Minidump
2009-02-22 12:31:14 ----D---- C:\Program Files\Panasonic
2009-02-22 12:20:49 ----D---- C:\My Download Files
2009-02-22 12:20:36 ----D---- C:\My Downloads
2009-02-16 04:21:42 ----D---- C:\WINDOWS\ie7updates
2009-02-09 06:20:34 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 06:19:34 ----N---- C:\WINDOWS\system32\_003772_.tmp.dll
2009-02-06 12:54:36 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-05 23:28:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-05 00:17:23 ----D---- C:\Program Files\AT&T Global Network Client
2009-02-03 16:08:52 ----A---- C:\WINDOWS\system32\secur32.dll
2009-01-30 04:02:19 ----SHD---- C:\System Volume Information
2009-01-29 23:20:06 ----D---- C:\Program Files\Adobe
2009-01-25 16:02:37 ----D---- C:\Program Files\TaxCut06
2009-01-25 15:57:19 ----D---- C:\Program Files\DeductionPro 2007
2009-01-25 15:54:57 ----D---- C:\Program Files\QWS3270 PLUS
2009-01-25 15:49:03 ----D---- C:\Documents and Settings\neil1\Application Data\Amazon
2009-01-19 23:35:04 ----D---- C:\LXKZ600

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-31 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-31 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-31 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-06-10 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-06-10 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-09-11 143834]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-09-11 206464]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2002-10-07 11027]
R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 34712]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-04-09 23992]
R2 PPCLASS;PPCLASS; C:\WINDOWS\system32\drivers\PPCLASS.sys [1997-04-09 85868]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-04-09 25272]
R3 ABVPN2K;Net Firewall Miniport Interface; C:\WINDOWS\System32\DRIVERS\abvpn2k.sys [2003-04-23 154240]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2002-09-03 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-10-29 1175536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2002-10-29 170499]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-09-11 30630]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-12-25 39488]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-10-29 604240]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S2 PPSCAN;PPSCAN; C:\WINDOWS\system32\drivers\PPSCAN.sys [1998-02-20 115136]
S2 UMAXPCLS;Print Port Scanner Driver; C:\WINDOWS\System32\DRIVERS\umaxpcls.sys [2001-08-17 22912]
S2 VRDVC10;Sony VRD-VC10 [Video Capture]; C:\WINDOWS\System32\Drivers\vrdvc10x.sys [2004-11-09 31104]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\System32\DRIVERS\avpnnic.sys [2003-04-04 13952]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-09-11 25898]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2002-09-03 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-03 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-31 298264]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 NetCfgSvr;Network Configuration Service; C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE [2003-05-05 94208]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-04-09 648504]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
app1nag
Active Member
 
Posts: 14
Joined: April 12th, 2009, 8:49 pm

Re: browser hijacked-can't access google or yahoo search results

Unread postby app1nag » April 18th, 2009, 10:55 am

info.txt logfile of random's system information tool 1.06 2009-04-18 10:52:44

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x9
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
AT&T Global Network Client-->C:\Program Files\AT&T Global Network Client\NetUN.exe
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom Management Programs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Brother BRAdmin Light 1.11-->C:\Program Files\InstallShield Installation Information\{DB75941E-30C4-4D97-B000-D17C764B998C}\Setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Brother HL-2170W-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{357C3E60-556A-4003-8D43-8ACC83F8B7BE}\SETUP.exe" -l0x9 -removeonly /uninst
Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon Digital Camera USB WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
Canon S520-->C:\WINDOWS\system32\CNMCP3m.exe "-PRINTERNAMECanon S520" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst2\cnmi0409.dll"
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant SmartHSFi V92 56K DF PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAO-->MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support-->MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Diskeeper Lite-->MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HijackThis 2.0.2-->"C:\Documents and Settings\neil1\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
Linksys EasyLink Advisor-->"C:\Program Files\InstallShield Installation Information\{7FE3214C-283E-40C6-A8D5-CB773110090C}\setup.exe" -runfromtemp -l0x0409 -removeonly
Linksys EasyLink Advisor-->MsiExec.exe /I{7FE3214C-283E-40C6-A8D5-CB773110090C}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manual CanoScan LiDE 25-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{838BC0FB-4F8F-47B9-847F-06AE4CCE4181}\setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Pdf995 (installed by TaxCut)-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SD Viewer for DSC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A8D3524-79DB-11D5-99D1-00010256D40E}\setup.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
TaxCut Deluxe 2005-->C:\PROGRA~1\TaxCut05\Program\removetc.exe
TaxCut New Jersey 2007-->MsiExec.exe /X{0FE55E01-5D5A-4823-A71E-F4F5E8BB473D}
TaxCut New Jersey 2008-->MsiExec.exe /X{C6141748-CA45-4F24-A519-2401F2CCA01D}
TaxCut New York 2007-->MsiExec.exe /X{58381EE3-A57D-448F-BC8E-FFC66987615E}
TaxCut New York 2008-->MsiExec.exe /X{4BAC29B6-145B-49D0-A2FC-A79AE4F606E5}
TaxCut Premium + State + Efile 2008-->MsiExec.exe /X{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}
TaxCut Premium + State 2007-->MsiExec.exe /X{663E217E-FC26-4249-9E8E-F190CD63E737}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Video Vault for PSP-->MsiExec.exe /X{BB7241B2-85AA-4CB3-A785-D9EDDA0C6AC0}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WildTangent Web Driver-->"C:\WINDOWS\wt\webdriver\uiwdnu.exe" /noupdater
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management client-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [2009-04-07]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-04-07]
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE [2009-04-07]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2009-04-07]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [2009-04-12]

======Hosts File======

127.0.0.1 www.myspace.com
127.0.0.1 myspace.com
127.0.0.1 home.myspace.com
127.0.0.1 www.meebo.com
127.0.0.1 www.myxer.com

======Security center information======

AV: AVG Anti-Virus Free (outdated)

======System event log======

Computer Name: NEIL
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 22119
Source Name: Ftdisk
Time Written: 20090315212647.000000-240
Event Type: warning
User:

Computer Name: NEIL
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 22117
Source Name: Ntfs
Time Written: 20090315212646.000000-240
Event Type: warning
User:

Computer Name: NEIL
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 22116
Source Name: Ftdisk
Time Written: 20090315212646.000000-240
Event Type: warning
User:

Computer Name: NEIL
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 22115
Source Name: Ftdisk
Time Written: 20090315212642.000000-240
Event Type: warning
User:

Computer Name: NEIL
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 22114
Source Name: Ftdisk
Time Written: 20090315212637.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: NEIL
Event Code: 2004
Message: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Record Number: 13563
Source Name: PerfNet
Time Written: 20080227230052.000000-300
Event Type: error
User:

Computer Name: NEIL
Event Code: 2004
Message: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Record Number: 13557
Source Name: PerfNet
Time Written: 20080226230053.000000-300
Event Type: error
User:

Computer Name: NEIL
Event Code: 2004
Message: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Record Number: 13551
Source Name: PerfNet
Time Written: 20080225230102.000000-300
Event Type: error
User:

Computer Name: NEIL
Event Code: 2004
Message: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Record Number: 13545
Source Name: PerfNet
Time Written: 20080224230054.000000-300
Event Type: error
User:

Computer Name: NEIL
Event Code: 2004
Message: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Record Number: 13539
Source Name: PerfNet
Time Written: 20080223230108.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperLite\
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Executive Software\DiskeeperLite\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------
app1nag
Active Member
 
Posts: 14
Joined: April 12th, 2009, 8:49 pm

Re: browser hijacked-can't access google or yahoo search results

Unread postby peku006 » April 18th, 2009, 12:20 pm

Hi app1nag

1 - Scan With ComboFix

Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX

IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

NOTE: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Image
  • Click on Yes, to continue scanning for malware.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Combofix should never take more that 20 minutes including the reboot if malware is detected.

2 - Status Check
Please reply with

the ComboFix log(C:\ComboFix.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: browser hijacked-can't access google or yahoo search results

Unread postby app1nag » April 18th, 2009, 7:13 pm

ComboFix 09-04-19.01 - neil1 04/18/2009 18:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1526 [GMT -4:00]
Running from: c:\documents and settings\neil1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cbqvn.dat
c:\windows\dwdjq.dat
c:\windows\ghksl.dat
c:\windows\gsofd.dat
c:\windows\hbups.dat
c:\windows\ipoaz.dat
c:\windows\lluty.dat
c:\windows\ouzkn.dat
c:\windows\prgso.dat
c:\windows\ramwd.dat
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003770_.tmp.dll
c:\windows\system32\_003771_.tmp.dll
c:\windows\system32\_003772_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003783_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003798_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003803_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\_003809_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003811_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003816_.tmp.dll
c:\windows\system32\_003817_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003826_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003828_.tmp.dll
c:\windows\system32\_003831_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003835_.tmp.dll
c:\windows\system32\_003840_.tmp.dll
c:\windows\system32\_003842_.tmp.dll
c:\windows\system32\_003844_.tmp.dll
c:\windows\system32\_003845_.tmp.dll
c:\windows\system32\_003847_.tmp.dll
c:\windows\system32\_003848_.tmp.dll
c:\windows\system32\_003849_.tmp.dll
c:\windows\system32\_003850_.tmp.dll
c:\windows\system32\_003853_.tmp.dll
c:\windows\system32\_003854_.tmp.dll
c:\windows\system32\_003855_.tmp.dll
c:\windows\system32\_003856_.tmp.dll
c:\windows\system32\_003857_.tmp.dll
c:\windows\system32\_003862_.tmp.dll
c:\windows\system32\_003864_.tmp.dll
c:\windows\system32\_003865_.tmp.dll
c:\windows\system32\_006248_.tmp.dll
c:\windows\system32\_006249_.tmp.dll
c:\windows\system32\_006250_.tmp.dll
c:\windows\system32\_006251_.tmp.dll
c:\windows\system32\_006259_.tmp.dll
c:\windows\system32\_006260_.tmp.dll
c:\windows\system32\_006261_.tmp.dll
c:\windows\system32\_006263_.tmp.dll
c:\windows\system32\_006264_.tmp.dll
c:\windows\system32\_006267_.tmp.dll
c:\windows\system32\_006268_.tmp.dll
c:\windows\system32\_006270_.tmp.dll
c:\windows\system32\_006271_.tmp.dll
c:\windows\system32\_006272_.tmp.dll
c:\windows\system32\_006274_.tmp.dll
c:\windows\system32\_006275_.tmp.dll
c:\windows\system32\_006276_.tmp.dll
c:\windows\system32\_006277_.tmp.dll
c:\windows\system32\_006278_.tmp.dll
c:\windows\system32\_006282_.tmp.dll
c:\windows\system32\_006283_.tmp.dll
c:\windows\system32\_006285_.tmp.dll
c:\windows\system32\_006287_.tmp.dll
c:\windows\system32\_006288_.tmp.dll
c:\windows\system32\_006290_.tmp.dll
c:\windows\system32\_006291_.tmp.dll
c:\windows\system32\_006292_.tmp.dll
c:\windows\system32\_006293_.tmp.dll
c:\windows\system32\_006294_.tmp.dll
c:\windows\system32\_006297_.tmp.dll
c:\windows\system32\_006298_.tmp.dll
c:\windows\system32\_006299_.tmp.dll
c:\windows\system32\_006300_.tmp.dll
c:\windows\system32\_006301_.tmp.dll
c:\windows\system32\_006306_.tmp.dll
c:\windows\system32\_006308_.tmp.dll
c:\windows\system32\_006309_.tmp.dll
c:\windows\system32\aijrv.dat
c:\windows\system32\cetnl.dat
c:\windows\system32\cvxju.dat
c:\windows\system32\drivers\fad.sys
c:\windows\system32\gkmkf.dat
c:\windows\system32\gzwgl.dat
c:\windows\system32\hptdv.dat
c:\windows\system32\ibvrc.dat
c:\windows\system32\ldszv.dat
c:\windows\system32\mkghj.dll
c:\windows\system32\nhoqi.dat
c:\windows\system32\sbyel.dat
c:\windows\system32\schhw.dat
c:\windows\system32\tfixl.dat
c:\windows\system32\twrqq.dat
c:\windows\system32\wmxch.dat
c:\windows\tdjua.dat
c:\windows\udgdr.dat
c:\windows\ulaiu.dat
c:\windows\xhlpe.dat

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 21:38 . 2009-04-18 21:38 26 ----a-w c:\windows\Zone.Identifier
2009-04-18 14:52 . 2009-04-18 14:52 -------- d-----w C:\rsit
2009-04-17 23:09 . 2009-04-17 23:09 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-17 23:03 . 2009-04-17 23:03 -------- d-sh--w c:\documents and settings\neil1\IETldCache
2009-04-17 22:36 . 2009-04-17 22:36 -------- d-----w c:\windows\ie8updates
2009-04-17 22:28 . 2009-04-17 22:34 -------- dc-h--w c:\windows\ie8
2009-04-17 21:58 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-17 16:27 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 16:27 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-17 16:27 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 16:27 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 16:27 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 16:27 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 16:27 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 16:27 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 16:27 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 16:26 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-07 01:26 . 1998-06-24 17:00 244024 ----a-w c:\windows\system32\MSFLXGRD.OCX
2009-04-01 02:16 . 2009-04-18 04:10 1374 ----a-w c:\windows\imsins.BAK
2009-04-01 02:08 . 2006-09-23 17:12 1022976 ----a-w c:\windows\system32\dllcache\browseui.dll
2009-04-01 02:07 . 2004-08-04 04:14 91776 ----a-w c:\windows\system32\drivers\ndiswan.sys
2009-04-01 01:18 . 2009-04-18 05:26 -------- d--h--w C:\$AVG8.VAULT$
2009-04-01 01:16 . 2009-04-01 01:16 -------- d-----w c:\documents and settings\neil1\Application Data\Malwarebytes
2009-04-01 01:16 . 2009-03-26 20:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 01:16 . 2009-03-26 20:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 01:16 . 2009-04-01 01:16 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 00:50 . 2009-04-01 00:50 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-01 00:49 . 2009-04-01 00:49 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-01 00:49 . 2009-04-18 20:44 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-01 00:49 . 2009-04-01 00:49 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-01 00:48 . 2009-04-18 20:58 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-31 23:24 . 2009-04-01 00:50 8192 ----a-w c:\documents and settings\Guest
2009-03-31 22:01 . 2009-03-31 22:01 -------- d-----w c:\documents and settings\neil1\Local Settings\Application Data\Qurb4
2009-03-31 02:32 . 2009-04-01 00:20 -------- d-----w c:\windows\rnapxs
2009-03-31 02:17 . 2009-04-01 00:28 -------- d-----w c:\documents and settings\neil1\Application Data\GetRightToGo
2009-03-24 01:59 . 2009-03-24 01:59 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-24 01:58 . 2009-03-31 02:20 -------- d-----w c:\documents and settings\neil1\Application Data\SUPERAntiSpyware.com
2009-03-23 02:44 . 2009-03-23 02:46 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-23 02:05 . 2009-03-31 22:25 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-22 17:50 . 2004-08-04 04:00 71040 ------w c:\windows\system32\drivers\_003753_.tmp.dll
2009-03-20 22:48 . 2009-04-01 03:01 54156 ---ha-w c:\windows\QTFont.qfn
2009-03-20 22:48 . 2009-03-20 22:48 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 22:27 . 2009-04-17 22:27 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-03 23:33 . 2009-04-03 23:33 -------- d-----w c:\program files\Trend Micro
2009-04-01 03:02 . 2009-04-01 03:02 9216 ----a-w c:\program files\n
2009-04-01 02:47 . 2002-09-03 16:50 250032 --sh--r C:\ntldr
2009-04-01 01:16 . 2009-04-01 01:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-01 00:22 . 2009-03-31 02:28 2599085 ----a-w C:\caisslog.txt
2009-04-01 00:22 . 2005-01-15 12:40 -------- d-----w c:\program files\CA
2009-03-31 22:54 . 2003-09-11 23:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-31 22:53 . 2003-09-11 23:28 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-31 22:25 . 2003-10-14 00:03 -------- d-----w c:\program files\Lavasoft
2009-03-31 11:48 . 2005-12-30 01:56 -------- d-----w c:\program files\Yahoo!
2009-03-31 02:33 . 2009-03-31 02:33 35891 ----a-w C:\caavsetupLog.txt
2009-03-31 02:28 . 2004-04-23 01:19 -------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2009-03-31 02:20 . 2009-03-24 01:58 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-29 13:09 . 2006-02-24 00:42 -------- d-----w c:\program files\TaxCut05
2009-03-25 22:15 . 2009-03-25 22:11 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-23 02:38 . 2003-10-02 03:49 -------- d-----w c:\program files\DivX
2009-03-23 02:38 . 2008-09-10 00:14 -------- d-----w c:\program files\Google
2009-03-23 02:36 . 2004-06-05 00:39 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-16 01:09 . 2008-03-20 00:35 -------- d-----w c:\documents and settings\neil1\Application Data\TaxCut
2009-03-16 01:07 . 2009-03-16 01:03 -------- d-----w c:\program files\TaxCut08
2009-03-16 01:04 . 2008-03-20 00:30 -------- d-----w c:\documents and settings\All Users\Application Data\TaxCut
2009-03-08 08:34 . 2002-09-03 17:12 914944 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-03-08 08:34 . 2002-09-03 16:39 43008 ----a-w c:\windows\SYSTEM32\licmgr10.dll
2009-03-08 08:33 . 2002-09-03 16:29 18944 ----a-w c:\windows\SYSTEM32\corpol.dll
2009-03-08 08:33 . 2002-09-03 17:09 420352 ----a-w c:\windows\SYSTEM32\vbscript.dll
2009-03-08 08:32 . 2002-09-03 16:26 72704 ----a-w c:\windows\SYSTEM32\admparse.dll
2009-03-08 08:32 . 2002-09-03 16:35 71680 ----a-w c:\windows\SYSTEM32\iesetup.dll
2009-03-08 08:31 . 2002-09-03 16:35 34816 ----a-w c:\windows\SYSTEM32\imgutil.dll
2009-03-08 08:31 . 2002-09-03 16:44 48128 ----a-w c:\windows\SYSTEM32\mshtmler.dll
2009-03-08 08:31 . 2002-09-03 16:44 45568 ----a-w c:\windows\SYSTEM32\mshta.exe
2009-03-08 08:22 . 2002-09-03 16:45 156160 ----a-w c:\windows\SYSTEM32\msls31.dll
2009-03-06 14:44 . 2002-09-03 16:51 283648 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-02-23 00:03 . 2004-12-29 05:28 -------- d-----w c:\program files\Ahead
2009-02-23 00:03 . 2004-12-29 05:28 -------- d-----w c:\program files\Common Files\Ahead
2009-02-22 23:58 . 2008-03-14 23:35 -------- d-----w c:\program files\Amazon
2009-02-22 23:53 . 2009-02-22 23:53 -------- d-----w c:\program files\CCleaner
2009-02-22 19:13 . 2009-02-22 19:13 -------- d-----w c:\program files\Canon
2009-02-22 16:31 . 2006-01-22 18:19 -------- d-----w c:\program files\Panasonic
2009-02-16 09:06 . 2009-01-17 21:06 274376 ------w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-09 10:20 . 2009-04-01 02:08 723456 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 10:20 . 2002-09-03 16:56 399360 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 10:20 . 2009-04-01 02:08 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 10:20 . 2009-04-01 02:08 616960 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 10:19 . 2009-04-01 02:08 1846272 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 10:19 . 2009-04-01 02:08 1846272 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-06 17:24 . 2009-04-01 02:07 2180480 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 17:14 . 2009-04-01 02:08 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 16:54 . 2002-09-03 16:58 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 16:49 . 2009-04-01 02:07 2057728 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-09-03 16:58 55808 ----a-w c:\windows\SYSTEM32\secur32.dll
2009-01-17 21:22 . 2003-09-20 00:11 57896 ------w c:\documents and settings\neil1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2003-09-26 02:27 . 2003-09-26 02:27 145 -c----w c:\documents and settings\All Users\Application Data\wc.dat
2002-09-05 14:00 . 2006-02-24 22:46 12800 ------w c:\documents and settings\LocalService\cnmss Canon S520 (Local).exe
2004-08-20 12:06 . 2004-08-20 12:06 11591 -csh--w c:\windows\aqlcb.dat
2004-08-20 11:50 . 2004-08-20 11:50 11591 -csh--w c:\windows\asfmz.dat
2004-09-11 20:22 . 2004-09-11 20:22 3063 --sh--w c:\windows\baolx.dat
2004-09-10 02:43 . 2004-09-10 02:43 11591 --sh--w c:\windows\ceypg.dat
2004-08-17 15:57 . 2004-08-17 15:57 3063 --sh--w c:\windows\cncdx.dat
2004-08-14 08:12 . 2004-08-14 08:12 11591 -csh--w c:\windows\djenu.dat
2004-06-05 16:05 . 2004-06-05 16:05 11592 --sh--w c:\windows\fmihi.dat
2004-09-04 11:16 . 2004-09-04 11:16 3063 --sh--w c:\windows\gjcaw.dat
2004-08-18 18:41 . 2004-08-18 18:41 3063 -csh--w c:\windows\gkymd.dat
2004-06-16 00:56 . 2004-06-16 00:56 11591 --sh--w c:\windows\grgqc.dat
2004-08-29 14:39 . 2004-08-29 14:39 11591 --sh--w c:\windows\hequa.dat
2004-06-12 14:26 . 2004-06-12 14:26 2814 --sh--w c:\windows\hluhg.dat
2004-09-24 11:28 . 2004-09-24 11:28 2814 --sh--w c:\windows\ilbtn.dat
2004-05-17 05:43 . 2004-05-17 05:43 2569 --sh--w c:\windows\kdwwd.dat
2004-07-30 00:29 . 2004-07-30 00:29 3063 -csh--w c:\windows\mgurn.dat
2004-08-21 14:42 . 2004-08-21 14:42 11591 -csh--w c:\windows\moavg.dat
2004-06-29 04:33 . 2004-06-29 04:33 11591 -csh--w c:\windows\npwqj.dat
2004-09-03 09:48 . 2004-09-03 09:48 11591 --sh--w c:\windows\opfyb.dat
2004-08-22 00:12 . 2004-08-22 00:12 11591 --sh--w c:\windows\semwg.dat
2004-08-15 14:36 . 2004-08-15 14:36 11591 -csh--w c:\windows\skwsq.dat
2004-06-20 05:22 . 2004-06-20 05:22 2814 -csh--w c:\windows\sqfhh.dat
2004-08-12 22:15 . 2004-08-12 22:15 11591 -csh--w c:\windows\tmcdj.dat
2004-07-31 06:40 . 2004-07-31 06:40 3063 --sh--w c:\windows\tvnjy.dat
2004-08-17 16:06 . 2004-08-17 16:06 3063 -csh--w c:\windows\umjay.dat
2004-07-26 17:49 . 2004-07-26 17:49 3063 -csh--w c:\windows\uynzw.dat
2004-09-01 22:11 . 2004-09-01 22:11 3063 --sh--w c:\windows\vwfkf.dat
2004-09-04 10:44 . 2004-09-04 10:44 11591 --sh--w c:\windows\wogmb.dat
2004-08-11 12:19 . 2004-08-11 12:19 3063 -csh--w c:\windows\xfcer.dat
2004-08-06 03:49 . 2004-08-06 03:49 11591 -csh--w c:\windows\SYSTEM32\bairr.dat
2004-06-15 06:34 . 2004-06-15 06:34 11591 -csh--w c:\windows\SYSTEM32\bkbbh.dat
2004-07-16 17:18 . 2004-07-16 17:18 3063 -csh--w c:\windows\SYSTEM32\bmnme.dat
2004-08-13 02:08 . 2004-08-13 02:08 11591 --sh--w c:\windows\SYSTEM32\cjlbl.dat
2004-09-08 23:52 . 2004-09-08 23:52 3063 --sh--w c:\windows\SYSTEM32\dhjmb.dat
2004-08-03 07:55 . 2004-08-03 07:55 3063 -csh--w c:\windows\SYSTEM32\dwypo.dat
2004-08-10 06:14 . 2004-08-10 06:14 3063 --sh--w c:\windows\SYSTEM32\eejsi.dat
2004-09-05 14:07 . 2004-09-05 14:07 11591 --sh--w c:\windows\SYSTEM32\fgjmj.dat
2004-06-28 16:20 . 2004-06-28 16:20 2814 -csh--w c:\windows\SYSTEM32\hcrmp.dat
2004-08-02 07:25 . 2004-08-02 07:25 11591 -csh--w c:\windows\SYSTEM32\hipvh.dat
2004-09-16 01:12 . 2004-09-16 01:12 3063 --sh--w c:\windows\SYSTEM32\hspvn.dat
2004-08-31 00:24 . 2004-08-31 00:24 11591 --sh--w c:\windows\SYSTEM32\ifiyw.dat
2004-08-15 13:06 . 2004-08-15 13:06 11591 --sh--w c:\windows\SYSTEM32\jahda.dat
2004-08-29 21:34 . 2004-08-29 21:34 3063 --sh--w c:\windows\SYSTEM32\jibuj.dat
2004-09-16 00:20 . 2004-09-16 00:20 11591 --sh--w c:\windows\SYSTEM32\kabwl.dat
2004-07-29 22:58 . 2004-07-29 22:58 3063 --sh--w c:\windows\SYSTEM32\lwfbg.dat
2004-08-30 10:06 . 2004-08-30 10:06 3063 --sh--w c:\windows\SYSTEM32\mwznj.dat
2004-08-31 09:05 . 2004-08-31 09:05 11591 --sh--w c:\windows\SYSTEM32\ojuid.dat
2004-06-25 15:36 . 2004-06-25 15:36 11591 -csh--w c:\windows\SYSTEM32\oqddq.dat
2004-09-19 20:08 . 2004-09-19 20:08 11591 --sh--w c:\windows\SYSTEM32\oybql.dat
2004-08-30 06:14 . 2004-08-30 06:14 3063 --sh--w c:\windows\SYSTEM32\pmeep.dat
2004-09-17 00:15 . 2004-09-17 00:15 3063 --sh--w c:\windows\SYSTEM32\quzpj.dat
2004-07-03 01:35 . 2004-07-03 01:35 11591 -csh--w c:\windows\SYSTEM32\rqhct.dat
2004-08-01 09:23 . 2004-08-01 09:23 11591 --sh--w c:\windows\SYSTEM32\rrcnl.dat
2004-05-06 22:43 . 2004-05-06 22:43 11591 -csh--w c:\windows\SYSTEM32\ryamx.dat
2004-06-04 02:24 . 2004-06-04 02:24 2814 -csh--w c:\windows\SYSTEM32\tlfsq.dat
2004-08-20 06:48 . 2004-08-20 06:48 11591 --sh--w c:\windows\SYSTEM32\ttuok.dat
2004-08-19 04:19 . 2004-08-19 04:19 3063 --sh--w c:\windows\SYSTEM32\uzcmd.dat
2004-06-28 12:17 . 2004-06-28 12:17 2814 -csh--w c:\windows\SYSTEM32\vgzae.dat
2004-09-03 07:53 . 2004-09-03 07:53 3063 --sh--w c:\windows\SYSTEM32\yzrjo.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-01 00:50 10520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^neil1^Start Menu^Programs^Startup^BJ Status Monitor Canon S520.lnk]
path=c:\documents and settings\neil1\Start Menu\Programs\Startup\BJ Status Monitor Canon S520.lnk
backup=c:\windows\pss\BJ Status Monitor Canon S520.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^neil1^Start Menu^Programs^Startup^Resume Windows Update Installation.lnk]
path=c:\documents and settings\neil1\Start Menu\Programs\Startup\Resume Windows Update Installation.lnk
backup=c:\windows\pss\Resume Windows Update Installation.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bawindo
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPK
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DM_Server
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Key Logger
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gxqb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkey
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"mnmsrvc"=3 (0x3)
"lanmanserver"=2 (0x2)
"KodakCCS"=2 (0x2)
"iPodService"=3 (0x3)
"ImapiService"=3 (0x3)
"avg8wd"=2 (0x2)
"LexBceS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AT&T Global Network Client\\NetClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 VOBID;VOBID; [x]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R2 PPSCAN;PPSCAN; [x]
R2 VRDVC10;Sony VRD-VC10 [Video Capture];c:\windows\system32\Drivers\vrdvc10x.sys [2004-11-09 15:02 31104]
R3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\DRIVERS\avpnnic.sys [2003-04-04 13952]
R4 avg8wd;AVG Free8 WatchDog; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-01 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-01 108552]
S2 mrtRate;mrtRate; [x]
S2 PPCLASS;PPCLASS; [x]
S3 ABVPN2K;Net Firewall Miniport Interface;c:\windows\system32\DRIVERS\abvpn2k.sys [2003-04-23 154240]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{415a8abb-e506-11dd-bbc0-000bdbba9915}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-01 c:\windows\Tasks\backup pre-virus.job
- c:\windows\system32\ntbackup.exe [2001-08-18 02:36]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)
MSConfigStartUp-crzv - (no file)
MSConfigStartUp-javadw - (no file)
MSConfigStartUp-wersds - (no file)
MSConfigStartUp-winlogons - (no file)


.
------- Supplementary Scan -------
.
IE: &Search
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\neil1\Application Data\Mozilla\Firefox\Profiles\default.bkq\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWTHost.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 18:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???h???????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1837100249-1492610749-268471591-1007\Software\Microsoft\Internet Explorer\Main]
@Denied: (Full) (Administrators)
@Denied: (Full) (S-1-5-21-1837100249-1492610749-268471591-1007)
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@SACL=
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="%SystemRoot%\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="res://mshp.dll/index.html#10213"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Page_URL"="www.yahoo.com"
"FullScreen"="no"
"AddToFavoritesExpanded"=dword:00000000
"FavoritesExportFile"="\\\\Greg\\c\\bookmarks.html"
"FavoritesImportFolder"="c:\\Documents and Settings\\neil1\\Favorites"
"Use FormSuggest"="no"
"FormSuggest PW Ask"="no"
"Error Dlg Displayed On Every Error"="no"
"Error Dlg Details Pane Open"="no"
"NotifyDownloadComplete"="yes"
"Search Bar"="www.yahoo.com"
"Default_Search_URL"="www.yahoo.com"
"Use Search Asst"="no"
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,00,83,ff,ff,00,83,
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,57,00,00,00,00,00,00,00,27,02,00,00,39,02,00,\
"SearchAssistent"="www.yahoo.com"
"SearchURL"="www.yahoo.com"
"Expand Alt Text"="no"
"Move System Caret"="no"
"NscSingleExpand"=dword:00000001
"NoWebJITSetup"=dword:00000000
"Page_Transitions"=dword:00000001
"FavIntelliMenus"="no"
"Enable Browser Extensions"="yes"
"UseThemes"=dword:00000001
"Force Offscreen Composition"=dword:00000000
"AllowWindowReuse"=dword:00000001
"Friendly http errors"="yes"
"ShowGoButton"="yes"
"SmoothScroll"=dword:00000001
"Enable AutoImageResize"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Play_Animations"="yes"
"Play_Background_Sounds"="yes"
"Display Inline Videos"="yes"
"Show image placeholders"=dword:00000000
"Print_Background"="no"
"HistoryViewType"=hex:08,00,66,63,03,00,00,00,00,00
"Save Directory"="c:\\Documents and Settings\\neil1\\Desktop\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\progra~1\AT&TGL~1\NetCfgSv.EXE
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe
.
**************************************************************************
.
Completion time: 2009-04-18 18:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 22:55

Pre-Run: 7,749,636,096 bytes free
Post-Run: 8,520,552,448 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

533 --- E O F --- 2009-04-18 07:01
app1nag
Active Member
 
Posts: 14
Joined: April 12th, 2009, 8:49 pm

Re: browser hijacked-can't access google or yahoo search results

Unread postby peku006 » April 19th, 2009, 2:12 am

Hi app1nag

1 - Run Malwarebytes' Anti-Malware
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Checked (ticked) all items except items in the System Volume Information folder and click on Remove Selected.

    Image
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

2 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: browser hijacked-can't access google or yahoo search results

Unread postby app1nag » April 19th, 2009, 11:37 am

looks clean to me----

Malwarebytes' Anti-Malware 1.36
Database version: 2009
Windows 5.1.2600 Service Pack 2

4/19/2009 11:36:53 AM
mbam-log-2009-04-19 (11-36-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 142022
Time elapsed: 1 hour(s), 34 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
app1nag
Active Member
 
Posts: 14
Joined: April 12th, 2009, 8:49 pm

Re: browser hijacked-can't access google or yahoo search results

Unread postby peku006 » April 19th, 2009, 12:00 pm

Hi app1nag

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKLM\software\microsoft\windows nt\currentversion\drivers32
     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: browser hijacked-can't access google or yahoo search results

Unread postby app1nag » April 19th, 2009, 3:14 pm

SystemLook v1.0 by jpshortstuff (14.04.09)
Log created at 15:13 on 19/04/2009 by neil1 (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"msacm.iac2"="iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="l3codecx.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"VIDC.WMV3"="wmv9vcm.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wave"="wdmaud.drv"
"wavemapper"="msacm32.drv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]


-=End Of File=-
app1nag
Active Member
 
Posts: 14
Joined: April 12th, 2009, 8:49 pm

Re: browser hijacked-can't access google or yahoo search results

Unread postby peku006 » April 19th, 2009, 3:47 pm

Hi app1nag

1 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

2 - F-Secure Online Scan

F-Secure Online Scan

  • Note: You will need to use Internet explorer for this scan
  • Go here to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new internet explorer window
  • It will require an activex control, please install it
  • Click Accept
  • Click Full System Scan
  • It will now download the scanner, this may take a while, please be patient
  • It will then start scanning, wait for the scan to finish
  • Click Automatic cleaning (recommended)
  • Wait for it finish the cleaning process
  • Click show report
  • This will open up a window with the results of the scan, copy and paste those results as a reply to this topic

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the F-Secure online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: browser hijacked-can't access google or yahoo search results

Unread postby app1nag » April 19th, 2009, 8:13 pm

things seem much better now---thanks---


Sunday, April 19, 2009 17:09:48 - 19:27:19
Computer name: NEIL
Scanning type: Scan system for malware, rootkits
Target: C:\

Result: 1 malware found
Trojan.Win32.Agent2.hgi (virus)
C:\PROGRAM FILES\N (Renamed & Submitted)

Statistics
Scanned:
Files: 35302
System: 4282
Not scanned: 7
Actions:
Disinfected: 0
Renamed: 1
Deleted: 0
None: 0
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\NEIL1\LOCAL SETTINGS\TEMP\ETILQS_HSGPCJFBDIO0QQ7SLFUT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:30 PM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\neil1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\neil1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Documents and Settings\neil1\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 2755 bytes
app1nag
Active Member
 
Posts: 14
Joined: April 12th, 2009, 8:49 pm

Re: browser hijacked-can't access google or yahoo search results

Unread postby peku006 » April 20th, 2009, 5:08 am

Hi app1nag

There is no sign of an antivirus installed on your system. There are several reasons for it. Either you have disabled your antivirus or there's no antivirus installed.

If you have disabled it, please re-enable it. If you have no antivirus installed, please get ONE antivirus and install it. Restart the computer for changes to take effect.

avast! 4 Home Edition
AntiVir Free Edition

it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Please post back a new HijackThis log after you have installed both
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: browser hijacked-can't access google or yahoo search results

Unread postby app1nag » April 20th, 2009, 8:22 pm

my router has a firewall built in, will that suffice? and I loaded AVAST after I sent you the latest status...
app1nag
Active Member
 
Posts: 14
Joined: April 12th, 2009, 8:49 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 17 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware