Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Search Engine Redirect

Unread postby cab2 » August 25th, 2009, 10:20 pm

Hello, again.

Allow me to attempt this again in the morn. Viruscan.org is down for a spell. I will report back in the AM USA CST with the steps completed.

Cheers.
cab2
Regular Member
 
Posts: 45
Joined: July 9th, 2009, 11:21 pm
Advertisement
Register to Remove

Re: Search Engine Redirect

Unread postby Bio-Hazard » August 26th, 2009, 12:14 am

Hello!

If you encounter any other problems please let me know.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Search Engine Redirect

Unread postby cab2 » August 26th, 2009, 12:42 pm

Hello!

Viruscan Results:
VirSCAN.org Scanned Report :
Scanned time : 2009/08/26 11:35:52 (CDT)
Scanner results: 11% Scanner(4/37) found malware!
File Name : winlogon.exe
File Size : 505856 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 481addbb21037489eacfcb308b1be2b0
SHA1 : 80312b7ff22809b0a1b286fddd213aa7391a4c09
Online report : http://virscan.org/report/b1d5831a74812 ... c4df2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090826020114 2009-08-26 0.44 Trojan.Win32.Patched!IK
AhnLab V3 2009.08.26.00 2009.08.26 2009-08-26 0.85 -
AntiVir 8.2.1.3 7.1.5.156 2009-08-24 7.02 -
Antiy 2.0.18 20090824.2730530 2009-08-24 0.12 -
Arcavir 2009 200908241822 2009-08-24 0.10 -
Authentium 5.1.1 200908252126 2009-08-25 2.34 W32/Swizzor-based.2!Maximus (Heuristic)
AVAST! 4.7.4 090826-0 2009-08-26 0.03 -
AVG 8.5.288 270.13.67/2326 2009-08-26 0.34 -
BitDefender 7.81008.3913987 7.27360 2009-08-26 3.44 -
CA (VET) 9.0.0.143 31.6.6699 2009-08-26 5.32 -
ClamAV 0.95.2 9740 2009-08-26 0.09 -
Comodo 3.10 2096 2009-08-25 0.73 -
CP Secure 1.3.0.5 2009.08.26 2009-08-26 0.10 -
Dr.Web 4.44.0.9170 2009.08.26 2009-08-26 5.24 -
F-Prot 4.4.4.56 20090824 2009-08-24 2.18 Possible W32/Swizzor-based.2!Maximus
F-Secure 7.02.73807 2009.08.24.10 2009-08-24 0.16 -
Fortinet 2.81-3.120 10.757 2009-08-25 0.33 -
GData 19.7384/19.452 20090825 2009-08-25 4.68 -
ViRobot 20090825 2009.08.25 2009-08-25 0.41 -
Ikarus T3.1.01.68 2009.08.26.73357 2009-08-26 3.73 Trojan.Win32.Patched
JiangMin 11.0.800 2009.08.25 2009-08-25 4.05 -
Kaspersky 5.5.10 2009.08.25 2009-08-25 0.10 -
KingSoft 2009.2.5.15 2009.8.25.21 2009-08-25 0.49 -
McAfee 5.3.00 5720 2009-08-25 3.17 -
Microsoft 1.4903 2009.08.26 2009-08-26 5.84 -
Norman 6.01.09 6.01.00 2009-08-26 4.01 -
Panda 9.05.01 2009.08.25 2009-08-25 1.91 -
Trend Micro 8.700-1004 6.392.02 2009-08-24 0.10 -
Quick Heal 10.00 2009.08.25 2009-08-25 1.21 -
Rising 20.0 21.44.24.00 2009-08-26 0.87 -
Sophos 2.89.1 4.44 2009-08-26 3.35 -
Sunbelt 5353 5353 2009-08-24 1.43 -
Symantec 1.3.0.24 20090825.004 2009-08-25 0.06 -
nProtect 20090825.02 5133461 2009-08-25 6.06 -
The Hacker 6.3.4.3 v00388 2009-08-25 0.67 -
VBA32 3.12.10.10 20090826.1222 2009-08-26 2.03 -
VirusBuster 4.5.11.10 10.112.15/1802658 2009-08-24 2.33 -
cab2
Regular Member
 
Posts: 45
Joined: July 9th, 2009, 11:21 pm

Re: Search Engine Redirect

Unread postby cab2 » August 26th, 2009, 1:28 pm

Combo Log:

ComboFix 09-08-22.06 - Clarence Booth 08/26/2009 11:48.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1439 [GMT -5:00]
Running from: c:\documents and settings\Clarence Booth\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Clarence Booth\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Clarence Booth\My Documents\LimeWire
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\(Dmx)_-_It's_Dark_And_Hell_Is_Hot_-_01_-_Intro.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\01-rick_ross-mafia_music_(50_cent_diss).mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\02 - State of Grace.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\02 Rick Ross-mafia music 50 CENT Diss.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\07 Rick Ross - Mafia Music.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\18 - The Convo.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\22. Musiq - So Beautiful-MF.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\DMX - Damien.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\DMX - It's Dark And Hell Is Hot - 05 - Look Thru My Eyes.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\DMX - Let Me Fly.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\F.L.Y.- I'm Swaggin I'm Surfin.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\Gucci Mane - Wilt Chamberlain Pt. 5 - 14 - I Think I Love Her(1).mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\Jack Black - Her Gently.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\Lil' Kim - La Bella Mafia.jpg
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\loves gonna last by jeffrey.wma
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\Niggas Done Started Something.m4a
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\Seal - System - 10 - Immaculate.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\SEAL STATE OF GRACE.wma
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\Spaccanapoli- Vesuvio.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\spaccanapoli vesuvio.wma
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\The Dells- Stay In My Corner.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\The Intruders - United.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\Timberland Ft. Keri Hilson & Nicole Scherzinger - Scream.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\Vicky Leandros - L'Amour est bleu.mp3
c:\documents and settings\Clarence Booth\My Documents\LimeWire\Saved\vicky leandros lamour est bleu.wma

.
((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-26 15:56 . 2009-08-26 15:56 -------- d-----w- c:\windows\LastGood
2009-08-23 03:43 . 2009-08-23 03:43 -------- d-----w- c:\windows\ServicePackFiles
2009-08-23 03:34 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-22 04:28 . 2009-08-22 04:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-22 04:28 . 2009-08-22 04:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-13 01:05 . 2009-08-13 01:10 14448680 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\SetupGamesClient.exe
2009-08-13 01:05 . 2009-08-13 01:05 -------- d-----w- c:\documents and settings\Clarence Booth\Application Data\WildTangent
2009-08-13 01:00 . 2009-08-13 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-08-13 01:00 . 2009-08-13 01:00 -------- d-----w- c:\program files\WildGames
2009-08-12 23:16 . 2009-08-12 23:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-12 23:14 . 2009-08-12 23:14 -------- d-sh--w- c:\documents and settings\Clarence Booth\PrivacIE
2009-08-12 22:45 . 2009-08-12 22:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-12 22:44 . 2009-08-12 22:44 -------- d-sh--w- c:\documents and settings\Clarence Booth\IETldCache
2009-08-12 22:39 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-12 22:39 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-12 22:38 . 2009-08-12 22:38 -------- d-----w- c:\windows\ie8updates
2009-08-12 22:38 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-08-12 22:36 . 2009-08-12 22:37 -------- dc-h--w- c:\windows\ie8
2009-08-10 15:58 . 2009-08-10 15:58 -------- d-----w- C:\_OTM
2009-08-10 15:55 . 2009-08-10 15:55 -------- d-----w- c:\program files\ERUNT
2009-07-29 04:53 . 2009-07-29 04:53 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:53 . 2009-07-29 04:53 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 19:08 . 2009-07-28 19:08 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 15:03 . 2009-06-08 20:39 -------- d-----w- c:\documents and settings\Clarence Booth\Application Data\U3
2009-08-24 06:04 . 2008-10-29 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-23 03:46 . 2006-04-30 06:14 -------- d-----w- c:\program files\Microsoft Works
2009-08-22 01:23 . 2007-01-16 09:43 6372 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-22 01:23 . 2007-01-16 09:43 88 --sh--r- c:\windows\system32\F3B240C50D.sys
2009-08-19 15:29 . 2006-05-06 00:14 33794 ----a-w- c:\documents and settings\Clarence Booth\Application Data\wklnhst.dat
2009-08-19 15:06 . 2009-06-19 20:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 15:06 . 2009-06-19 20:34 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 15:06 . 2009-06-19 20:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-18 01:32 . 2006-06-20 20:10 -------- d-----w- c:\documents and settings\Clarence Booth\Application Data\Skype
2009-08-12 23:15 . 2009-06-19 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-29 04:53 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2005-08-16 09:18 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 04:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 00:25 . 2009-06-20 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 00:24 . 2009-07-14 00:24 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 18:36 . 2009-06-20 16:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:36 . 2009-06-20 16:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 17:06 . 2006-04-30 06:11 -------- d-----w- c:\program files\Trend Micro
2009-07-12 20:09 . 2009-07-09 22:04 -------- d-----w- c:\program files\NOS
2009-07-12 20:09 . 2009-07-09 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-03 17:09 . 2005-08-16 09:18 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 18:36 . 2005-08-16 09:18 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2005-08-16 09:18 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2005-08-16 09:18 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2005-08-16 09:18 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2005-08-16 09:18 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2005-08-16 09:18 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2005-08-16 09:18 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2005-08-16 09:18 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:36 . 2005-08-16 09:18 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2005-08-16 09:18 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2005-08-16 09:18 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2005-08-16 09:18 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-22 11:49 . 2005-08-16 09:18 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2005-08-16 09:18 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2005-08-16 09:18 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2005-08-16 09:18 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-19 20:34 . 2009-06-19 20:34 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-14 21:07 . 2009-06-19 20:36 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-12 11:50 . 2005-08-16 09:18 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2005-08-16 09:18 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-12 00:07 . 2009-06-12 00:07 152576 ----a-w- c:\documents and settings\Clarence Booth\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 22:39 . 2009-06-11 22:39 152576 ----a-w- c:\documents and settings\Clarence Booth\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-06-10 18:42 . 2009-06-10 18:42 1300 ----a-w- c:\windows\mozver.dat
2009-06-05 07:42 . 2005-08-16 09:37 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 21:50 . 2009-02-04 03:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2006-08-05 15:12 . 2006-08-05 15:12 251 ----a-w- c:\program files\wt3d.ini
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2008-08-14 14:43 505856 481ADDBB21037489EACFCB308B1BE2B0 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-08-23_23.10.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-26 02:28 . 2009-08-26 02:28 16384 c:\windows\Temp\Perflib_Perfdata_84.dat
+ 2009-06-12 11:50 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 02:13 . 2006-10-27 02:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 01:55 . 2006-10-27 01:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2009-08-23 23:24 . 2009-08-23 23:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
- 2009-08-23 23:06 . 2009-08-23 23:06 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2008-10-29 01:39 . 2009-08-24 06:04 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2006-10-27 20:16 . 2006-10-27 20:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2009-08-23 23:24 . 2009-08-23 23:24 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
- 2009-08-23 23:06 . 2009-08-23 23:06 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-08-23 23:15 . 2009-08-23 23:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
- 2009-08-23 23:05 . 2009-08-23 23:06 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
- 2009-08-23 23:06 . 2009-08-23 23:06 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
- 2009-08-23 23:06 . 2009-08-23 23:06 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
- 2009-08-23 23:06 . 2009-08-23 23:06 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-05-04 12:46 . 2009-05-04 12:46 8299008 c:\windows\Installer\17baa3c.msp
+ 2008-10-29 01:39 . 2009-08-24 06:04 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-29 01:39 . 2009-08-24 06:04 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-29 01:39 . 2009-08-23 03:47 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-08-23 23:24 . 2009-08-23 23:24 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-08-23 23:24 . 2009-08-23 23:24 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
- 2009-08-23 23:06 . 2009-08-23 23:06 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-08-23 23:23 . 2009-08-23 23:23 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
- 2009-08-23 23:06 . 2009-08-23 23:06 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
- 2009-08-23 23:06 . 2009-08-23 23:06 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-08-23 23:22 . 2009-08-23 23:22 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-08-23 23:14 . 2009-08-23 23:14 1939968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ca3c895d092d2ed315b77639404296a1\Microsoft.Build.Engine.ni.dll
+ 2009-05-04 12:49 . 2009-05-04 12:49 10955776 c:\windows\Installer\17baa77.msp
+ 2009-08-23 23:23 . 2009-08-23 23:23 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-06-12 20002856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-19 2007832]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-09-10 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-30 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 15:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/19/2009 3:34 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/19/2009 3:34 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/19/2009 3:33 PM 297752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com\online
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 11:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-08-26 11:56
ComboFix-quarantined-files.txt 2009-08-26 16:56
ComboFix2.txt 2009-08-23 23:16

Pre-Run: 26,306,887,680 bytes free
Post-Run: 26,487,767,040 bytes free

328 --- E O F --- 2009-08-24 06:04
cab2
Regular Member
 
Posts: 45
Joined: July 9th, 2009, 11:21 pm

Re: Search Engine Redirect

Unread postby cab2 » August 26th, 2009, 4:35 pm

Kasperky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 26, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 26, 2009 17:54:52
Records in database: 2689889
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 80854
Threats found: 4
Infected objects found: 14
Suspicious objects found: 0
Scan duration: 02:06:53


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\Qoobox\Quarantine\C\WINDOWS\svchast.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dddesot.dll.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ix 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\desot.exe.vir Infected: not-a-virus:FraudTool.Win32.Antivirus2008pro.bq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETebxvjxdl.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETqgodpsbo.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP10\A0004875.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP10\A0004876.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP10\A0004883.exe Infected: not-a-virus:FraudTool.Win32.Antivirus2008pro.bq 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP10\A0004884.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ix 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP11\A0004912.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP11\A0004914.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP11\A0004916.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ix 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP11\A0004917.exe Infected: not-a-virus:FraudTool.Win32.Antivirus2008pro.bq 1

Selected area has been scanned.

Hi Jack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:17, on 8/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resourc ... den-us.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9468 bytes
cab2
Regular Member
 
Posts: 45
Joined: July 9th, 2009, 11:21 pm

Re: Search Engine Redirect

Unread postby Bio-Hazard » August 27th, 2009, 9:47 am

Hello!

We are making good process.

I'd like you to check (a file/some files) for Viruses.
c:\windows\system32\winlogon.exe

  • Copy/Paste file into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Copy and Paste results in your next reply.



Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason it's extremely important that you keep the program up to date and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.
  • Go to HERE
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 16
  • Click the Download button to the right
  • From the dropdown menu choose your platform. Which is Windows
  • Dont change the language box.
  • Click on the radio button to Accept License Agreement and after that click continue
  • Click on Windows Offline Installation Multi-language and save the downloaded file to your computer
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file and follow the on-screen instructions.
  • Reboot your computer


Update Adobe Reader

Your version of Adobe Reader is out-of-date. There are known security issues with older versions of Adobe Reader. It is strongly suggested that you update to the current version. Please uninstall older version of Adobe Reader before installing the latest version.

If you are using a FULL featured, purchased version of Adobe Acrobat Reader.
These instructions will remove the current version of Adobe Reader and replace it with the limited feature FREE version. If you want to replace the paid for version with the free version, then continue, otherwise DO NOT perform these steps!

  • Click Start
  • Control Panel
  • Double clicking on Add/Remove Programs
  • Locate older version of Adobe Reader and click on Change/Remove to uninstall it
  • Click HERE to download the latest version of Adobe Reader.
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.

If you don't like Adobe Reader, you can download Foxit PDF Reader from HERE. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.




Optional Fix

This is a optional fix, please read the information carefully. If you are happy to uninstall Wild Tangent, please follow the instructions below.
I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it is not technically considered spyware, it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version Location that the Web Driver was installed from
  • It is also a MAJOR resource hog.
For more information,see WildTangent Removal Instructions and HelpandInside Wild Tangent-Delivering High-End 3-D Content To A Web SiteNear You.

Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent:

To uninstall Wild Tangent:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight Wild Tangent, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.


Optional Fix

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself.

To uninstall the the Viewpoint components :
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.


    How to prevent it from being recreated every time you run the AOL software:
    • Open AOL
    • Go to Help on the toolbar
    • Select About AOL
    • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.



Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Jotti and Virustotal results
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Search Engine Redirect

Unread postby cab2 » August 27th, 2009, 6:49 pm

Jotti's Scan:
This file has been scanned before. The results for this previous scan are listed below.
--------------------------------------------------------------------------------

Filename: winlogon.exe
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Thu 27 Aug 2009 13:20:55 (CET) Permalink
--------------------------------------------------------------------------------
Additional info
File size: 507904 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: ed0ef0a136dec83df69f04118870003e
SHA1: f77a7cd78877527023ebfb35e83b75ef59d3df07

Scanners
2009-08-27 Found nothing 2009-08-27 Found nothing
2009-08-27 Found nothing 2009-08-27 Found nothing
2009-08-26 Found nothing 2009-08-27 Found nothing
2009-08-27 Found nothing 2009-08-27 Found nothing
2009-08-27 Found nothing 2009-08-26 Found nothing
2009-08-27 Found nothing 2009-08-26 Found nothing
2009-08-27 Found nothing 2009-08-27 Found nothing
2009-08-27 Found nothing 2009-08-27 Found nothing
2009-08-27 Found nothing 2009-08-26 Found nothing
2009-08-26 Found nothing 2009-08-26 Found nothing
2009-08-27 Found nothing

VirusTOTAL:
<table border="1"><tr><td colspan="4">File winlogon.exe received on 2009.08.27 22:34:32 (UTC)</td></tr><tr><td>Antivirus</td><td>Version</td><td>Last Update</td><td>Result</td</tr><tr><td>a-squared</td><td>4.5.0.24</td><td>2009.08.28</td><td>-</td</tr><tr><td>AhnLab-V3</td><td>5.0.0.2</td><td>2009.08.27</td><td>-</td</tr><tr><td>AntiVir</td><td>7.9.1.7</td><td>2009.08.27</td><td>-</td</tr><tr><td>Antiy-AVL</td><td>2.0.3.7</td><td>2009.08.24</td><td>-</td</tr><tr><td>Authentium</td><td>5.1.2.4</td><td>2009.08.27</td><td>-</td</tr><tr><td>Avast</td><td>4.8.1335.0</td><td>2009.08.27</td><td>-</td</tr><tr><td>AVG</td><td>8.5.0.406</td><td>2009.08.27</td><td>-</td</tr><tr><td>BitDefender</td><td>7.2</td><td>2009.08.28</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2009.08.27</td><td>-</td</tr><tr><td>ClamAV</td><td>0.94.1</td><td>2009.08.27</td><td>-</td</tr><tr><td>Comodo</td><td>2116</td><td>2009.08.28</td><td>-</td</tr><tr><td>DrWeb</td><td>5.0.0.12182</td><td>2009.08.28</td><td>-</td</tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2009.08.27</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>31.6.6705</td><td>2009.08.27</td><td>-</td</tr><tr><td>F-Prot</td><td>4.5.1.85</td><td>2009.08.27</td><td>-</td</tr><tr><td>F-Secure</td><td>8.0.14470.0</td><td>2009.08.27</td><td>-</td</tr><tr><td>Fortinet</td><td>3.120.0.0</td><td>2009.08.27</td><td>-</td</tr><tr><td>GData</td><td>19</td><td>2009.08.28</td><td>-</td</tr><tr><td>Ikarus</td><td>T3.1.1.68.0</td><td>2009.08.27</td><td>-</td</tr><tr><td>Jiangmin</td><td>11.0.800</td><td>2009.08.27</td><td>-</td</tr><tr><td>K7AntiVirus</td><td>7.10.829</td><td>2009.08.27</td><td>-</td</tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2009.08.27</td><td>-</td</tr><tr><td>McAfee</td><td>5722</td><td>2009.08.27</td><td>-</td</tr><tr><td>McAfee+Artemis</td><td>5722</td><td>2009.08.27</td><td>-</td</tr><tr><td>McAfee-GW-Edition</td><td>6.8.5</td><td>2009.08.27</td><td>-</td</tr><tr><td>Microsoft</td><td>1.4903</td><td>2009.08.27</td><td>-</td</tr><tr><td>NOD32</td><td>4375</td><td>2009.08.28</td><td>-</td</tr><tr><td>Norman</td><td></td><td>2009.08.27</td><td>-</td</tr><tr><td>nProtect</td><td>2009.1.8.0</td><td>2009.08.27</td><td>-</td</tr><tr><td>Panda</td><td>10.0.2.2</td><td>2009.08.27</td><td>-</td</tr><tr><td>PCTools</td><td>4.4.2.0</td><td>2009.08.27</td><td>-</td</tr><tr><td>Prevx</td><td>3.0</td><td>2009.08.28</td><td>-</td</tr><tr><td>Rising</td><td>21.44.11.00</td><td>2009.08.25</td><td>-</td</tr><tr><td>Sophos</td><td>4.45.0</td><td>2009.08.27</td><td>-</td</tr><tr><td>Sunbelt</td><td>3.2.1858.2</td><td>2009.08.27</td><td>-</td</tr><tr><td>Symantec</td><td>1.4.4.12</td><td>2009.08.27</td><td>-</td</tr><tr><td>TheHacker</td><td>6.3.4.3.389</td><td>2009.08.27</td><td>-</td</tr><tr><td>TrendMicro</td><td>8.950.0.1094</td><td>2009.08.27</td><td>-</td</tr><tr><td>VBA32</td><td>3.12.10.10</td><td>2009.08.27</td><td>-</td</tr><tr><td>ViRobot</td><td>2009.8.27.1905</td><td>2009.08.27</td><td>-</td</tr><tr><td>VirusBuster</td><td>4.6.5.0</td><td>2009.08.27</td><td>-</td</tr><tr><td colspan="4">&nbsp;</td></tr><tr><td colspan="4">Additional information</td></tr><tr><td colspan="4">File size: 507904 bytes</td></tr><tr><td colspan="4">MD5...: ed0ef0a136dec83df69f04118870003e</td></tr><tr><td colspan="4">SHA1..: f77a7cd78877527023ebfb35e83b75ef59d3df07</td></tr><tr><td colspan="4">SHA256: 45377cb8e9f0120f836fc8261c711f7dbf7199117afb3652ebf100d5f0429b1e</td></tr><tr><td colspan="4">ssdeep: 6144:kNZlxEdL5RvGlcHF37newMLao6nMnKHOD13XRnCfOVSePfLtisgZYl:jdz+<BR>lcDKao6nSKHsRqOMgxZg<BR></td></tr><tr><td colspan="4">PEiD..: -</td></tr><tr><td colspan="4">PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x3e5e1<BR>timedatestamp.....: 0x48027549 (Sun Apr 13 21:04:09 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x70991 0x70a00 6.82 39d0278af55c2446adf638b9f0236aff<BR>.data 0x72000 0x4e70 0x2000 6.28 44bd27282514b5e3a27b570106930d8d<BR>.rsrc 0x77000 0x9020 0x9200 3.62 8b50f3590d97bb27639f10bacbc53187<BR><BR>( 20 imports ) <BR>&gt; ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<BR>&gt; AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<BR>&gt; CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<BR>&gt; GDI32.dll: RemoveFontResourceW, AddFontResourceW<BR>&gt; KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree<BR>&gt; msvcrt.dll: wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<BR>&gt; NDdeApi.dll: -, -, -, -<BR>&gt; ntdll.dll: RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject<BR>&gt; PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<BR>&gt; PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<BR>&gt; REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<BR>&gt; RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<BR>&gt; Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess<BR>&gt; SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<BR>&gt; USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<BR>&gt; USERENV.dll: -, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW<BR>&gt; VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<BR>&gt; WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon<BR>&gt; WINTRUST.dll: CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<BR>&gt; WS2_32.dll: -, -, getaddrinfo<BR><BR>( 0 exports ) <BR></td></tr><tr><td colspan="4">RDS...: NSRL Reference Data Set<BR>-</td></tr><tr><td colspan="4">pdfid.: -</td></tr><tr><td colspan="4">ThreatExpert info: &lt;a href='http://www.threatexpert.com/report.aspx?md5=ed0ef0a136dec83df69f04118870003e' target='_blank'&gt;http://www.threatexpert.com/report.aspx?md5=ed0ef0a136dec83df69f04118870003e&lt;/a&gt;</td></tr><tr><td colspan="4">trid..: Win64 Executable Generic (80.9%)<BR>Win32 Executable Generic (8.0%)<BR>Win32 Dynamic Link Library (generic) (7.1%)<BR>Generic Win/DOS Executable (1.8%)<BR>DOS Executable Generic (1.8%)</td></tr></table>
cab2
Regular Member
 
Posts: 45
Joined: July 9th, 2009, 11:21 pm

Re: Search Engine Redirect

Unread postby cab2 » August 27th, 2009, 7:44 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:15, on 8/27/2009
HiJack This Log:
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resourc ... den-us.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9794 bytes
cab2
Regular Member
 
Posts: 45
Joined: July 9th, 2009, 11:21 pm

Re: Search Engine Redirect

Unread postby Bio-Hazard » August 27th, 2009, 10:56 pm

Hello!

How is your computer running?
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Search Engine Redirect

Unread postby cab2 » August 30th, 2009, 6:29 pm

Hello!

I'm sorry, I was traveling since last I posted.

My computer seems to be working very well. Since using ComboFix many of the malware threats and redirecting of the web browser has ceased.

Many thanks to you and Carolyn for your help. And I am especially grateful for your follow up and precise instruction.

I do have two questions for you:

1. Are all antispyware software programs created equal? Can you recommend one that performs well at preventing infection?
2. What can I do or what actions can I perform routinely to ensure my computer remains relatively malware/virus free?

I appreciate your input.
cab2
Regular Member
 
Posts: 45
Joined: July 9th, 2009, 11:21 pm

Re: Search Engine Redirect

Unread postby Bio-Hazard » August 31st, 2009, 5:13 am

1. Are all antispyware software programs created equal? Can you recommend one that performs well at preventing infection?


All the programs has their faulst. So layered protection is best way to go. So have good firewall, antivirus and a antispyware program. For antispyware programs i recommenr Malwarebytes Antimalware and Superantispyware.

2. What can I do or what actions can I perform routinely to ensure my computer remains relatively malware/virus free?


Underneath are some information.


Your log now appears to be clean. Congratulations!

You can get rid of the tools we used:
  • Hostexpert - (You can just delete the exe file from your desktop)
  • Gooredfix - (You can just delete the exe file from your desktop)
  • ERUNT - (You can uninstall it from Add/Remove Programs)


    Delete ComboFix and Clean Up
    Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
    Image
    Please advise if this step is missed for any reason as it performs some important actions.

    OTC

    Download OTC by Old Timer and save it to your Desktop.

    • Double-click OTC.exe
    • Click the CleanUp! button
    • Select Yes when the Begin cleanup Process? Prompt appears
    • If you are prompted to Reboot during the cleanup, select Yes
    • The tool will delete itself once it finishes, if not delete it by yourself

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.
    • Make Internet Explorer More Secure
      You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
    • Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide and Malwarebytes' Anti-Malware Scanning Guide.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera or Google Chrome

Here is a great article by miekiemoes How to prevent Malware.

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Search Engine Redirect

Unread postby cab2 » August 31st, 2009, 1:09 pm

Hi, Bio Hazard:

Thank you again. I have downloaded the removal tools as instructed.

Thank you for the recommendations as I have begun downloading those tools.

I will be sure to post a formal complaint at my earliest in the specified forum.

Thank You Much for all your help!

cab2
cab2
Regular Member
 
Posts: 45
Joined: July 9th, 2009, 11:21 pm

Re: Search Engine Redirect

Unread postby Gary R » August 31st, 2009, 2:45 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware