Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser re-direct! In need of serious help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser re-direct! In need of serious help!

Unread postby loverjw » October 20th, 2009, 5:51 pm

I got tagged with a few viruses. Was able to fix most via AVG and MalwareBytes. But, the redirect is proving to be a bit more elusive.

I ran HijackThis. Report listed below. Can you please help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:15 PM, on 10/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flashmobrocks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
O1 - Hosts: 91.212.127.226 os-guardpro.com
O1 - Hosts: 91.212.127.226 www.os-guardpro.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4439577278
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {824b3c6a-dc66-4378-a47b-69fe13abb636} - C:\WINDOWS\batmeter16.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9511 bytes
loverjw
Active Member
 
Posts: 7
Joined: October 20th, 2009, 5:43 pm
Advertisement
Register to Remove

Re: Browser re-direct! In need of serious help!

Unread postby MWR 3 day Mod » October 25th, 2009, 4:07 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Browser re-direct! In need of serious help!

Unread postby loverjw » October 28th, 2009, 12:21 am

After thinking I got rid of the browser redirect, I'm still getting viruses popping up. So, I don't think I ever solved the problem in the first place. Here is an updated HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:28 PM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flashmobrocks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
O1 - Hosts: 91.212.127.226 os-guardpro.com
O1 - Hosts: 91.212.127.226 www.os-guardpro.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4439577278
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {824b3c6a-dc66-4378-a47b-69fe13abb636} - C:\WINDOWS\batmeter16.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9563 bytes
loverjw
Active Member
 
Posts: 7
Joined: October 20th, 2009, 5:43 pm

Re: Browser re-direct! In need of serious help!

Unread postby muppy03 » October 28th, 2009, 3:42 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
    O1 - Hosts: 91.212.127.226 os-guardpro.com
    O1 - Hosts: 91.212.127.226 http://www.os-guardpro.com <http://www.os-guardpro.com>
    O18 - Filter hijack: text/html - {824b3c6a-dc66-4378-a47b-69fe13abb636} - C:\WINDOWS\batmeter16.dll


Once selected close all windows except HJT an click on Fix Checked

GMER Rootkit Scanner
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please reply with:-
  • Uninstall list
  • GMER Log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser re-direct! In need of serious help!

Unread postby loverjw » October 28th, 2009, 12:51 pm

Uninstall List ------------


3ivx MPEG-4 5.0.3 (remove only)
ABBYY FineReader 6.0 Sprint
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Bonjour
Dell PC Fax
Dell Photo AIO Printer 966
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
iDump (Freeware) Build:29
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Iomega Automatic Backup
iTunes
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2000 Professional
Microsoft Office Outlook 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB954430)
Nero 8 Essentials
neroxml
NETGEAR Storage Central Manager Utility
Print to Fax
QuickTime
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SoundMAX
Suite Specific
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VCRedistSetup
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
XP Codec Pack



GMER LOG -------------------------------

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 11:48:30
Windows 5.1.2600 Service Pack 3
Running: 1wf9uwg6.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awwdrkob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


HJT log ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:08 AM, on 10/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flashmobrocks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4439577278
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {824b3c6a-dc66-4378-a47b-69fe13abb636} - C:\WINDOWS\batmeter16.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9381 bytes
loverjw
Active Member
 
Posts: 7
Joined: October 20th, 2009, 5:43 pm

Re: Browser re-direct! In need of serious help!

Unread postby muppy03 » October 28th, 2009, 7:55 pm

Please go to Virus Total <http://www.virustotal.com/> or Jotti
and upload C:\WINDOWS\batmeter16.dll for scanning.

For Virus Total
1. Please copy and paste C:\WINDOWS\batmeter16.dll in the text box next to the Browse button.
2. Click on Send File.

For Jotti
1. Please copy and paste C:\WINDOWS\batmeter16.dll in the text box next to the Browse button.
2. Click on Submit.


Please post back the results of the scan in your next post.


NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Please reply with:-
  • Virus Total or Jotti results
  • RSIT logs ( info.txt and log.txt)
  • update on how things are running?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser re-direct! In need of serious help!

Unread postby loverjw » October 28th, 2009, 10:43 pm

I am unable to locate the C:\WINDOWS\batmeter16.dll file. I have the folder options set to show hidden files, but I don't see a batmeter16.dll file in that folder.
loverjw
Active Member
 
Posts: 7
Joined: October 20th, 2009, 5:43 pm

Re: Browser re-direct! In need of serious help!

Unread postby muppy03 » October 28th, 2009, 11:13 pm

Thats ok, continue on and do the RSIT logs please :)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser re-direct! In need of serious help!

Unread postby loverjw » October 28th, 2009, 11:38 pm

log.txt



Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-10-28 22:36:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 430 GB (90%) free of 477 GB
Total RAM: 3062 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:16 PM, on 10/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flashmobrocks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4439577278
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {824b3c6a-dc66-4378-a47b-69fe13abb636} - C:\WINDOWS\batmeter16.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9445 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5EB36B48-E061-4477-9395-25A423B004BD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-10-02 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-17 2025752]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-07-09 570664]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
""= []
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2007-06-29 312560]
"dlcqmon.exe"=C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [2007-06-29 292080]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [2007-06-29 304368]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"DLCQCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16 []
"Iomega Automatic Backup 1.0.1"=C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe [2002-10-15 3014656]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Iomega Automatic Backup"=C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe [2002-10-15 3014656]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-10-02 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\dlcqcoms.exe"="C:\WINDOWS\system32\dlcqcoms.exe:*:Enabled:Dell 966 Server"
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04d73c32-b42c-11de-bd60-001111c9f796}]
shell\AutoRun\command - G:\Setup_FlipShare.exe
shell\Setup FlipShare\command - G:\Setup_FlipShare.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff8eb607-b043-11de-bd5f-001111c9f796}]
shell\AutoRun\command - I:\wd_windows_tools\setup.exe


======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-10-28 22:36:11 ----D---- C:\rsit
2009-10-20 16:16:50 ----D---- C:\Program Files\Trend Micro
2009-10-20 09:48:29 ----D---- C:\Program Files\Shared
2009-10-17 16:44:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-17 15:41:43 ----D---- C:\Program Files\bmtley
2009-10-15 13:17:57 ----D---- C:\Documents and Settings\Owner\Application Data\Iomega Automatic Backup
2009-10-15 12:56:05 ----D---- C:\Program Files\Iomega
2009-10-15 12:55:35 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-11 13:00:18 ----D---- C:\Program Files\iDump (Freeware)
2009-10-09 11:47:31 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-09 11:47:04 ----D---- C:\Program Files\3ivx
2009-10-08 16:11:50 ----A---- C:\WINDOWS\Free Best Bulk Email Software Uninstall Log.txt
2009-10-08 15:46:55 ----D---- C:\WINDOWS\Free Best Bulk Email Software
2009-10-08 15:46:55 ----D---- C:\Program Files\Free Best Bulk Email Software
2009-10-08 15:46:08 ----A---- C:\WINDOWS\Free Best Bulk Email Software Setup Log.txt
2009-10-07 19:53:36 ----D---- C:\Documents and Settings\Owner\Application Data\DellFaxCtr
2009-10-04 18:48:51 ----D---- C:\Program Files\Microsoft Money Plus
2009-10-04 16:29:00 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-04 16:00:05 ----D---- C:\Program Files\Dl_cats
2009-10-04 15:59:36 ----A---- C:\WINDOWS\system32\dlcqvs.dll
2009-10-04 15:59:29 ----A---- C:\WINDOWS\system32\dlcqcoin.dll
2009-10-04 15:59:10 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-10-04 15:59:07 ----A---- C:\WINDOWS\system32\dlcqdrs.dll
2009-10-04 15:59:07 ----A---- C:\WINDOWS\system32\dlcqcnv4.dll
2009-10-04 15:59:07 ----A---- C:\WINDOWS\system32\dlcqcaps.dll
2009-10-04 15:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-10-04 15:56:30 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-10-04 15:55:40 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2009-10-04 15:55:07 ----A---- C:\WINDOWS\system32\DLPRMON.DLL
2009-10-04 15:55:07 ----A---- C:\WINDOWS\system32\DLPMONUI.DLL
2009-10-04 15:54:47 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2009-10-04 15:54:47 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2009-10-04 15:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\DellFaxCtr
2009-10-04 15:54:23 ----D---- C:\Program Files\Dell PC Fax
2009-10-04 15:52:44 ----D---- C:\Program Files\Dell Photo AIO Printer 966
2009-10-04 15:52:32 ----A---- C:\WINDOWS\system32\DLCQinst.dll
2009-10-04 15:52:32 ----A---- C:\WINDOWS\system32\DLCQhcp.dll
2009-10-04 15:52:31 ----A---- C:\WINDOWS\system32\dlcqutil.dll
2009-10-04 15:52:31 ----A---- C:\WINDOWS\system32\dlcqusb1.dll
2009-10-04 15:52:31 ----A---- C:\WINDOWS\system32\dlcqinpa.dll
2009-10-04 15:52:31 ----A---- C:\WINDOWS\system32\dlcqiesc.dll
2009-10-04 15:52:30 ----A---- C:\WINDOWS\system32\dlcqserv.dll
2009-10-04 15:52:30 ----A---- C:\WINDOWS\system32\dlcqprox.dll
2009-10-04 15:52:30 ----A---- C:\WINDOWS\system32\dlcqpplc.dll
2009-10-04 15:52:30 ----A---- C:\WINDOWS\system32\dlcqpmui.dll
2009-10-04 15:52:29 ----A---- C:\WINDOWS\system32\dlcqlmpm.dll
2009-10-04 15:52:29 ----A---- C:\WINDOWS\system32\dlcqjswr.dll
2009-10-04 15:52:29 ----A---- C:\WINDOWS\system32\dlcqinsr.dll
2009-10-04 15:52:29 ----A---- C:\WINDOWS\system32\dlcqinsb.dll
2009-10-04 15:52:29 ----A---- C:\WINDOWS\system32\dlcqins.dll
2009-10-04 15:52:29 ----A---- C:\WINDOWS\system32\dlcqih.exe
2009-10-04 15:52:28 ----A---- C:\WINDOWS\system32\dlcqhbn3.dll
2009-10-04 15:52:28 ----A---- C:\WINDOWS\system32\dlcqgrd.dll
2009-10-04 15:52:28 ----A---- C:\WINDOWS\system32\dlcqgf.dll
2009-10-04 15:52:27 ----A---- C:\WINDOWS\system32\dlcqcur.dll
2009-10-04 15:52:27 ----A---- C:\WINDOWS\system32\dlcqcub.dll
2009-10-04 15:52:27 ----A---- C:\WINDOWS\system32\dlcqcu.dll
2009-10-04 15:52:27 ----A---- C:\WINDOWS\system32\dlcqcoms.exe
2009-10-04 15:52:27 ----A---- C:\WINDOWS\system32\dlcqcomm.dll
2009-10-04 15:52:27 ----A---- C:\WINDOWS\system32\dlcqcomc.dll
2009-10-04 15:52:26 ----A---- C:\WINDOWS\system32\dlcqcfg.exe
2009-10-04 15:52:26 ----A---- C:\WINDOWS\system32\DLCQcfg.dll
2009-10-04 15:36:51 ----D---- C:\Program Files\NETGEAR
2009-10-04 15:36:51 ----A---- C:\WINDOWS\system32\ZSANCoInst.dll
2009-10-04 15:36:36 ----A---- C:\WINDOWS\system32\NGRepairLog2B.txt
2009-10-04 15:36:28 ----A---- C:\WINDOWS\system32\NGRepairLog.txt
2009-10-04 15:21:37 ----D---- C:\WINDOWS\ShellNew
2009-10-04 15:11:56 ----D---- C:\Documents and Settings\Owner\Application Data\Leadertech
2009-10-03 12:36:43 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2009-10-03 12:35:57 ----D---- C:\Program Files\Common Files\Macromedia Shared
2009-10-03 12:35:53 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-10-03 12:35:53 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-10-03 12:35:53 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-10-03 12:35:38 ----D---- C:\Program Files\Common Files\Macromedia
2009-10-03 12:34:53 ----D---- C:\Program Files\Macromedia
2009-10-03 12:05:46 ----HD---- C:\$AVG8.VAULT$
2009-10-03 11:36:24 ----A---- C:\WINDOWS\system32\FileOps.exe
2009-10-03 11:36:23 ----D---- C:\WINDOWS\system32\Adobe
2009-10-03 10:44:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2009-10-03 10:42:44 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-10-03 10:42:35 ----D---- C:\Program Files\Common Files\Adobe
2009-10-03 10:42:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-03 10:42:34 ----D---- C:\Program Files\Adobe
2009-10-03 01:40:21 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-10-02 21:14:06 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-10-02 21:14:05 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-10-02 21:07:13 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-10-02 21:07:12 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-10-02 20:55:18 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2009-10-02 20:55:10 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-10-02 20:54:43 ----D---- C:\Program Files\iPod
2009-10-02 20:54:41 ----D---- C:\Program Files\iTunes
2009-10-02 20:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-02 20:54:29 ----D---- C:\Program Files\Bonjour
2009-10-02 20:54:09 ----D---- C:\Program Files\QuickTime
2009-10-02 20:54:08 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-02 20:53:50 ----D---- C:\Program Files\Apple Software Update
2009-10-02 20:53:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-02 20:53:45 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-10-02 20:53:15 ----D---- C:\Program Files\Common Files\Apple
2009-10-02 20:53:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-10-02 20:32:16 ----A---- C:\WINDOWS\ODBC.INI
2009-10-02 20:32:12 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-10-02 20:31:24 ----D---- C:\Program Files\Microsoft ActiveSync
2009-10-02 20:31:22 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-02 20:30:29 ----D---- C:\Program Files\Microsoft.NET
2009-10-02 20:30:29 ----D---- C:\Program Files\Microsoft Office
2009-10-02 20:29:17 ----RHD---- C:\MSOCache
2009-10-02 11:20:26 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-10-02 11:20:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-02 11:20:22 ----D---- C:\WINDOWS\VirtualEar
2009-10-02 11:20:22 ----D---- C:\Program Files\Analog Devices
2009-10-02 11:20:22 ----A---- C:\WINDOWS\system32\virtear.dll
2009-10-02 11:20:22 ----A---- C:\WINDOWS\system32\DSndUp.exe
2009-10-02 11:20:22 ----A---- C:\WINDOWS\system32\CleanUp.exe
2009-10-02 11:20:22 ----A---- C:\WINDOWS\system32\Audio3d.dll
2009-10-02 11:20:08 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-02 11:20:05 ----D---- C:\dell
2009-10-02 11:20:05 ----A---- C:\WINDOWS\system32\PostProc.dll
2009-10-02 11:20:05 ----A---- C:\WINDOWS\system32\Edcrypt.dll
2009-10-02 10:09:06 ----D---- C:\Program Files\MSXML 4.0
2009-10-02 10:01:50 ----SHD---- C:\RECYCLER
2009-10-02 09:59:53 ----D---- C:\Documents and Settings\Owner\Application Data\Nero
2009-10-02 09:59:26 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-10-02 09:59:23 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-10-02 09:58:43 ----D---- C:\Program Files\AVG
2009-10-02 09:58:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-10-02 09:56:45 ----D---- C:\Program Files\Nero
2009-10-02 09:56:45 ----D---- C:\Program Files\Common Files\Nero
2009-10-02 09:56:45 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-10-02 09:54:02 ----D---- C:\Program Files\Windows Defender
2009-10-02 09:53:55 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-10-02 09:53:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-02 09:53:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-02 09:53:50 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-02 09:53:50 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-10-02 09:53:13 ----D---- C:\Documents and Settings\Owner\Application Data\AVG8
2009-10-02 09:53:03 ----D---- C:\Program Files\XP Codec Pack
2009-10-02 09:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-10-02 09:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-10-02 09:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-10-02 09:42:50 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-10-01 18:55:56 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-10-01 18:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-01 18:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-01 18:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-01 18:52:27 ----D---- C:\WINDOWS\ie8updates
2009-10-01 18:52:12 ----D---- C:\WINDOWS\WBEM
2009-10-01 18:51:35 ----HDC---- C:\WINDOWS\ie8
2009-10-01 18:51:00 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-01 18:45:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-01 18:45:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-01 18:45:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-01 18:45:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-01 18:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-01 18:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-01 18:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-01 18:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-01 18:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-01 18:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-01 18:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-01 18:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-01 18:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-10-01 18:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-10-01 18:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-01 18:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-01 18:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-01 18:44:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-01 18:44:31 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-01 18:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-01 18:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-01 18:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-01 18:44:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-01 18:44:01 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-10-01 18:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-01 18:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-10-01 18:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-01 18:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-01 18:42:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-01 18:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-10-01 18:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-01 18:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-10-01 18:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2009-10-01 18:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-01 18:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-01 18:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-01 18:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-01 18:41:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-01 18:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-01 18:41:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-01 18:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-10-01 18:41:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-01 18:41:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-01 18:41:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-01 18:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-01 18:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-01 18:41:11 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-01 18:41:10 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-10-01 18:41:00 ----D---- C:\Program Files\Windows Media Connect 2
2009-10-01 18:40:54 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-10-01 18:40:31 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-10-01 18:40:19 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-01 18:40:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-10-01 18:39:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-01 18:38:53 ----RSD---- C:\WINDOWS\assembly
2009-10-01 18:38:53 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-01 18:38:52 ----D---- C:\WINDOWS\system32\URTTemp
2009-10-01 18:34:59 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-10-01 18:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-10-01 18:29:35 ----D---- C:\WINDOWS\system32\PreInstall
2009-10-01 18:29:34 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-10-01 18:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-10-01 18:29:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-01 18:27:39 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-10-01 18:27:39 ----A---- C:\WINDOWS\system32\wups2.dll
2009-10-01 18:27:39 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-10-01 18:27:39 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-10-01 18:27:39 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-10-01 18:26:07 ----A---- C:\WINDOWS\system32\wpa.bak
2009-10-01 17:50:30 ----D---- C:\Documents and Settings\Owner\Application Data\Identities
2009-10-01 17:50:28 ----HD---- C:\Program Files\Uninstall Information
2009-10-01 17:50:23 ----ASH---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2009-10-01 17:50:22 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-10-01 17:49:07 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-01 17:49:06 ----SD---- C:\WINDOWS\system32\Microsoft
2009-10-01 17:49:06 ----D---- C:\WINDOWS\Prefetch
2009-10-01 17:49:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-01 17:42:11 ----D---- C:\WINDOWS\system32\xircom
2009-10-01 17:42:11 ----D---- C:\Program Files\xerox
2009-10-01 17:42:11 ----D---- C:\Program Files\microsoft frontpage
2009-10-01 17:41:55 ----A---- C:\WINDOWS\control.ini
2009-10-01 17:41:55 ----A---- C:\AUTOEXEC.BAT
2009-10-01 17:41:45 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-01 17:41:42 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-10-01 17:40:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-01 17:40:59 ----RD---- C:\WINDOWS\Offline Web Pages
2009-10-01 17:40:59 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-01 17:40:53 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-01 17:40:50 ----HD---- C:\Program Files\WindowsUpdate
2009-10-01 17:40:33 ----D---- C:\WINDOWS\system32\DirectX
2009-10-01 17:40:28 ----A---- C:\WINDOWS\system32\atrace.dll
2009-10-01 17:40:26 ----A---- C:\WINDOWS\system32\desktop.ini
2009-10-01 17:40:26 ----A---- C:\WINDOWS\desktop.ini
2009-10-01 17:40:21 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-10-01 17:40:20 ----A---- C:\WINDOWS\system32\acctres.dll
2009-10-01 17:40:19 ----D---- C:\Program Files\Common Files\Services
2009-10-01 17:40:17 ----SD---- C:\WINDOWS\Tasks
2009-10-01 17:40:17 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-10-01 17:40:16 ----D---- C:\Program Files\Common Files\MSSoap
2009-10-01 17:40:13 ----D---- C:\WINDOWS\srchasst
2009-10-01 17:40:12 ----D---- C:\WINDOWS\system32\Macromed
2009-10-01 17:40:10 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-10-01 17:40:10 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-10-01 17:40:10 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-10-01 17:40:10 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\wups.dll
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-10-01 17:40:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-10-01 17:40:05 ----D---- C:\Program Files\Movie Maker
2009-10-01 17:39:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-10-01 17:39:49 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-10-01 17:39:49 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-10-01 17:39:49 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-10-01 17:39:45 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-10-01 17:39:45 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-10-01 17:39:44 ----D---- C:\WINDOWS\system32\Restore
2009-10-01 17:39:44 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-10-01 17:39:44 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-10-01 17:39:44 ----A---- C:\WINDOWS\system32\srclient.dll
2009-10-01 17:39:44 ----A---- C:\WINDOWS\system32\ils.dll
2009-10-01 17:39:43 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-10-01 17:39:43 ----A---- C:\WINDOWS\system32\msconf.dll
2009-10-01 17:39:43 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-10-01 17:39:43 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-10-01 17:39:43 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-10-01 17:39:39 ----D---- C:\Program Files\NetMeeting
2009-10-01 17:39:39 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-10-01 17:39:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-10-01 17:39:38 ----A---- C:\WINDOWS\system32\inetres.dll
2009-10-01 17:39:38 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-10-01 17:39:36 ----D---- C:\Program Files\Outlook Express
2009-10-01 17:39:36 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-10-01 17:39:36 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-10-01 17:39:36 ----A---- C:\WINDOWS\system32\mstask.dll
2009-10-01 17:39:35 ----A---- C:\WINDOWS\system32\isign32.dll
2009-10-01 17:39:35 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-10-01 17:39:35 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-10-01 17:39:35 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-10-01 17:39:30 ----D---- C:\Program Files\Common Files\System
2009-10-01 17:39:29 ----D---- C:\Program Files\Internet Explorer
2009-10-01 17:39:00 ----D---- C:\Program Files\ComPlus Applications
2009-10-01 17:38:59 ----A---- C:\WINDOWS\vbaddin.ini
2009-10-01 17:38:59 ----A---- C:\WINDOWS\vb.ini
2009-10-01 17:38:55 ----D---- C:\WINDOWS\Registration
2009-10-01 17:38:50 ----D---- C:\Program Files\Online Services
2009-10-01 17:38:49 ----D---- C:\Program Files\Windows Media Player
2009-10-01 17:38:44 ----D---- C:\Program Files\Messenger
2009-10-01 17:38:41 ----D---- C:\Program Files\MSN Gaming Zone
2009-10-01 17:38:41 ----A---- C:\WINDOWS\system32\write.exe
2009-10-01 17:38:34 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-10-01 17:38:33 ----A---- C:\WINDOWS\system32\winchat.exe
2009-10-01 17:38:33 ----A---- C:\WINDOWS\system32\hticons.dll
2009-10-01 17:38:33 ----A---- C:\WINDOWS\system32\avwav.dll
2009-10-01 17:38:33 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-10-01 17:38:33 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-10-01 17:38:28 ----A---- C:\WINDOWS\system32\getuname.dll
2009-10-01 17:38:27 ----A---- C:\WINDOWS\system32\winmine.exe
2009-10-01 17:38:27 ----A---- C:\WINDOWS\system32\sol.exe
2009-10-01 17:38:27 ----A---- C:\WINDOWS\system32\charmap.exe
2009-10-01 17:38:27 ----A---- C:\WINDOWS\system32\calc.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\tskill.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\tscon.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\shadow.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\reset.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\regini.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-10-01 17:38:26 ----A---- C:\WINDOWS\system32\freecell.exe
2009-10-01 17:38:25 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-10-01 17:38:25 ----A---- C:\WINDOWS\system32\msg.exe
2009-10-01 17:38:25 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-10-01 17:38:25 ----A---- C:\WINDOWS\system32\logoff.exe
2009-10-01 17:38:25 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-10-01 17:38:20 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-10-01 17:38:11 ----D---- C:\Program Files\MSN
2009-10-01 17:38:10 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-10-01 17:38:10 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-10-01 17:38:10 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-10-01 17:38:10 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-10-01 17:38:09 ----D---- C:\Program Files\Windows NT
2009-10-01 17:38:09 ----A---- C:\WINDOWS\system32\spider.exe
2009-10-01 17:38:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-10-01 17:38:09 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-10-01 17:38:08 ----D---- C:\WINDOWS\system32\en-US
2009-10-01 17:38:08 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-10-01 17:38:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-10-01 17:38:08 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-10-01 17:38:08 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-10-01 17:38:07 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-10-01 17:38:07 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-10-01 17:38:07 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-10-01 17:38:07 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-10-01 17:38:07 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-10-01 17:38:07 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-10-01 17:38:07 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-10-01 17:38:07 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-10-01 17:38:06 ----D---- C:\WINDOWS\system32\MsDtc
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-10-01 17:38:06 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-10-01 17:38:05 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-10-01 17:38:05 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-10-01 17:38:05 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-10-01 17:38:05 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-10-01 17:38:05 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-10-01 17:38:05 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-10-01 17:38:05 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-10-01 17:38:04 ----D---- C:\WINDOWS\system32\Com
2009-10-01 17:38:04 ----A---- C:\WINDOWS\system32\stclient.dll
2009-10-01 17:38:04 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-10-01 17:38:04 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-10-01 17:38:04 ----A---- C:\WINDOWS\system32\colbact.dll
2009-10-01 17:38:04 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-10-01 17:38:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-10-01 17:38:04 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-10-01 17:38:04 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-10-01 17:38:03 ----A---- C:\WINDOWS\system32\comuid.dll
2009-10-01 17:38:03 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-10-01 17:38:03 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-10-01 17:38:03 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-10-01 17:37:58 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-10-01 17:37:58 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-10-01 17:37:58 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-10-01 17:37:58 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-10-01 12:37:07 ----A---- C:\WINDOWS\system32\h323log.txt
2009-10-01 12:34:39 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-10-01 12:33:29 ----A---- C:\WINDOWS\system32\usbui.dll
2009-10-01 12:32:28 ----A---- C:\WINDOWS\imsins.BAK
2009-10-01 12:32:25 ----SHD---- C:\WINDOWS\Installer
2009-10-01 12:32:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-01 12:32:24 ----D---- C:\Program Files\Common Files\ODBC
2009-10-01 12:32:24 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-01 12:32:21 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-10-01 12:32:20 ----RD---- C:\Program Files
2009-10-01 12:32:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-01 12:32:20 ----D---- C:\Program Files\Common Files
2009-10-01 12:32:17 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-10-01 12:32:17 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-10-01 12:32:17 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-10-01 12:32:15 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-10-01 12:32:13 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-10-01 12:32:13 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-10-01 12:32:13 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-10-01 12:32:13 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-10-01 12:32:13 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-10-01 12:32:13 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-10-01 12:32:13 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-10-01 12:32:11 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-10-01 12:32:11 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-10-01 12:32:11 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-10-01 12:32:11 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-10-01 12:32:11 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-10-01 12:32:09 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-10-01 12:32:08 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-10-01 12:32:05 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-01 12:32:05 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-10-01 12:32:05 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-10-01 12:32:04 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-01 12:32:04 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-10-01 12:32:02 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-10-01 12:32:02 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-10-01 12:32:01 ----A---- C:\WINDOWS\system32\batt.dll
2009-10-01 12:32:01 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-10-01 12:32:00 ----A---- C:\WINDOWS\system32\storprop.dll
2009-10-01 12:31:53 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-10-01 12:31:49 ----RA---- C:\WINDOWS\SET8.tmp
2009-10-01 12:31:46 ----RA---- C:\WINDOWS\SET4.tmp
2009-10-01 12:31:45 ----RA---- C:\WINDOWS\SET3.tmp
2009-10-01 12:31:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-01 12:31:40 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-01 12:31:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-01 12:31:16 ----A---- C:\WINDOWS\setuplog.txt
2009-10-01 12:31:14 ----D---- C:\Documents and Settings
2009-10-01 12:31:13 ----SHD---- C:\System Volume Information
2009-10-01 12:30:18 ----SH---- C:\boot.ini
2009-10-01 12:24:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-01 12:24:54 ----RD---- C:\WINDOWS\Web
2009-10-01 12:24:54 ----D---- C:\WINDOWS\WinSxS
2009-10-01 12:24:54 ----D---- C:\WINDOWS\twain_32
2009-10-01 12:24:54 ----D---- C:\WINDOWS\Temp
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\wbem
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\usmt
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\ShellExt
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\Setup
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\scripting
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\oobe
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\npp
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\mui
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\IME
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\icsxml
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\ias
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\export
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\en
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\3com_dmi
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\3076
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\2052
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\1054
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\1042
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\1041
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\1037
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\1033
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\1031
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\1028
2009-10-01 12:24:54 ----D---- C:\WINDOWS\system32\1025
2009-10-01 12:24:54 ----D---- C:\WINDOWS\security
2009-10-01 12:24:54 ----D---- C:\WINDOWS\Resources
2009-10-01 12:24:54 ----D---- C:\WINDOWS\Provisioning
2009-10-01 12:24:54 ----D---- C:\WINDOWS\PeerNet
2009-10-01 12:24:54 ----D---- C:\WINDOWS\pchealth
2009-10-01 12:24:54 ----D---- C:\WINDOWS\Network Diagnostic
2009-10-01 12:24:54 ----D---- C:\WINDOWS\mui
2009-10-01 12:24:54 ----D---- C:\WINDOWS\msapps
2009-10-01 12:24:54 ----D---- C:\WINDOWS\msagent
2009-10-01 12:24:54 ----D---- C:\WINDOWS\Media
2009-10-01 12:24:54 ----D---- C:\WINDOWS\L2Schemas
2009-10-01 12:24:54 ----D---- C:\WINDOWS\java
2009-10-01 12:24:54 ----D---- C:\WINDOWS\ime
2009-10-01 12:24:54 ----D---- C:\WINDOWS\ehome
2009-10-01 12:24:54 ----D---- C:\WINDOWS\Driver Cache
2009-10-01 12:24:54 ----D---- C:\WINDOWS\Debug
2009-10-01 12:24:54 ----D---- C:\WINDOWS\Cursors
2009-10-01 12:24:54 ----D---- C:\WINDOWS\Connection Wizard
2009-10-01 12:24:54 ----D---- C:\WINDOWS\AppPatch
2009-10-01 12:24:54 ----D---- C:\WINDOWS\addins
2009-10-01 12:24:53 ----RSD---- C:\WINDOWS\Fonts
2009-10-01 12:24:53 ----HD---- C:\WINDOWS\inf
2009-10-01 12:24:53 ----D---- C:\WINDOWS\system32\wins
2009-10-01 12:24:53 ----D---- C:\WINDOWS\system32\spool
2009-10-01 12:24:53 ----D---- C:\WINDOWS\system32\ras
2009-10-01 12:24:53 ----D---- C:\WINDOWS\system32\drivers
2009-10-01 12:24:53 ----D---- C:\WINDOWS\system32\dhcp
2009-10-01 12:24:53 ----D---- C:\WINDOWS\system32\config
2009-10-01 12:24:53 ----D---- C:\WINDOWS\system32
2009-10-01 12:24:53 ----D---- C:\WINDOWS\system
2009-10-01 12:24:53 ----D---- C:\WINDOWS\repair
2009-10-01 12:24:53 ----D---- C:\WINDOWS\Help
2009-10-01 12:24:53 ----D---- C:\WINDOWS\Config
2009-10-01 12:24:53 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-10-02 20:32:01 ----A---- C:\WINDOWS\win.ini
2009-10-01 12:32:20 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-02 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-10-02 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices; C:\WINDOWS\system32\drivers\sfsz.sys [2007-08-14 345984]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 ZetBus;Zetera Virtual Bus; C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2007-08-08 15488]
R3 ZetMPD;ZetMPD; C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2007-08-08 5120]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2004-10-27 22144]
S3 awwdrkob;awwdrkob; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\awwdrkob.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-10-02 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-10-02 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 dlcq_device;dlcq_device; C:\WINDOWS\system32\dlcqcoms.exe [2006-12-12 537480]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-07-31 73728]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 Z-SANService;Z-SAN Service; C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [2007-08-08 376891]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-10-03 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-10-03 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []

-----------------EOF-----------------
loverjw
Active Member
 
Posts: 7
Joined: October 20th, 2009, 5:43 pm

Re: Browser re-direct! In need of serious help!

Unread postby loverjw » October 28th, 2009, 11:39 pm

info.txt logfile of random's system information tool 1.06 2009-10-28 22:36:18

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx MPEG-4 5.0.3 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 966-->C:\Program Files\Dell Photo AIO Printer 966\Install\x86\Uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iDump (Freeware) Build:29-->"C:\Program Files\iDump (Freeware)\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Iomega Automatic Backup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money Plus-->"C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Outlook 2003-->MsiExec.exe /I{901A0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Essentials-->MsiExec.exe /X{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR Storage Central Manager Utility-->"C:\Program Files\InstallShield Installation Information\{A3672E1B-021F-4F50-A891-609471CCF941}\setup.exe" -runfromtemp -l0x0009 -removeonly
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe

=====HijackThis Backups=====

O1 - Hosts: 91.212.127.226 www.os-guardpro.com [2009-10-28]
O1 - Hosts: 91.212.127.226 os-guardpro.com [2009-10-28]
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com [2009-10-28]
O18 - Filter hijack: text/html - {824b3c6a-dc66-4378-a47b-69fe13abb636} - C:\WINDOWS\batmeter16.dll [2009-10-28]
O18 - Filter hijack: text/html - {824b3c6a-dc66-4378-a47b-69fe13abb636} - C:\WINDOWS\batmeter16.dll [2009-10-28]

======Hosts File======

127.0.0.1 localhost
::1 localhost

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: LOCAL-C92A8AB82
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {EE7F1B1B-AC66-42FD-AC12-AC27612115A2}

User: LOCAL-C92A8AB82\Owner

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: driver:avg8emc

Alert Type: Unclassified software

Detection Type:

Record Number: 278
Source Name: WinDefend
Time Written: 20091002095847.000000-300
Event Type: warning
User:

Computer Name: LOCAL-C92A8AB82
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {5E0C8D9F-79F3-4E7A-8D6A-9AD7C2A55720}

User: LOCAL-C92A8AB82\Owner

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: service:AVG

Alert Type: Unclassified software

Detection Type:

Record Number: 277
Source Name: WinDefend
Time Written: 20091002095845.000000-300
Event Type: warning
User:

Computer Name: LOCAL-C92A8AB82
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {C585AF1C-DF19-4956-8001-2A489ACC2A3C}

User: LOCAL-C92A8AB82\Owner

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: contextmenu:HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension

Alert Type: Unclassified software

Detection Type:

Record Number: 276
Source Name: WinDefend
Time Written: 20091002095845.000000-300
Event Type: warning
User:

Computer Name: LOCAL-C92A8AB82
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {0D086F50-4843-4DBF-ACD1-3BA5B1E9992E}

User: LOCAL-C92A8AB82\Owner

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AVG8_TRAY

Alert Type: Unclassified software

Detection Type:

Record Number: 275
Source Name: WinDefend
Time Written: 20091002095845.000000-300
Event Type: warning
User:

Computer Name: MACHINENAME
Event Code: 12
Message: The device 'Secondary IDE Channel' (PCIIDE\IDEChannel\4&136d273d&0&1) disappeared from the system without first being prepared for removal.

Record Number: 4
Source Name: PlugPlayManager
Time Written: 20091001123444.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: LOCAL-C92A8AB82
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 15
Source Name: WinMgmt
Time Written: 20091001173923.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LOCAL-C92A8AB82
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 14
Source Name: WinMgmt
Time Written: 20091001173923.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LOCAL-C92A8AB82
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20091001173923.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LOCAL-C92A8AB82
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20091001173923.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LOCAL-C92A8AB82
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20091001173921.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
loverjw
Active Member
 
Posts: 7
Joined: October 20th, 2009, 5:43 pm

Re: Browser re-direct! In need of serious help!

Unread postby muppy03 » October 28th, 2009, 11:56 pm

Since I see you there :D Have you just done a clean install recently?

Please update me on how computer is performing or any issues once what is below is completed.


Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser re-direct! In need of serious help!

Unread postby Gary R » November 1st, 2009, 4:23 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware