Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search page redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search page redirection

Unread postby epidemik » May 14th, 2010, 12:37 am

I am having problems with webpage redirections when using search engines like google. More often than not, when I click on the search results, I get redirected to various ad sites. I have run AdAware, Malwarebytes' Anti-Malware, IObit Security 360 and McAfee Security Center....All of which do not identify any malicious files.

Below is the HiJackThis and Unistall_list log files.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:55 PM, on 05/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files Cont\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files Cont\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files Cont\IObit\Advanced SystemCare 3\AWC.exe
E:\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files Cont\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files Cont\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files Cont\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IObit Security 360] "E:\Program Files Cont\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "E:\Program Files Cont\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Mozilla Firefox.lnk = E:\Mozilla Firefox\firefox.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4173151577
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\windows\system32\hogayapu.dll biyupufe.dll c:\windows\system32\pitorewe.dll
O21 - SSODL: voluwedag - {3cf68e15-5f23-49ec-91f4-0a1f7986dcc6} - (no file)
O21 - SSODL: zelovulon - {be37bcda-7d3c-4a1d-aa8f-70a4e808aecf} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: jugezatag - {3cf68e15-5f23-49ec-91f4-0a1f7986dcc6} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {be37bcda-7d3c-4a1d-aa8f-70a4e808aecf} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - E:\Program Files Cont\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11509 bytes

----------------------------------------------
Uninstall List

Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.3.2
Advanced SystemCare 3
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AusLogics Disk Defrag
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Creative WaveStudio
DivX Web Player
D-Link Wireless N USB Adapter DWA-130
Download Accelerator Plus
DVDFab Decrypter 3.0.5.0
EVEREST Home Edition v2.20
Fiesta Download Manager
FoxyTunes for Firefox
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
Huffyuv AVI lossless video codec (Remove Only)
IObit Security 360
iPod Agent
iTunes
Java(TM) 6 Update 20
JCreator LE 2.50
K-Lite Codec Pack 2.10 Full
LimeWire 5.3.6
Logitech iTouch Software
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Windows Journal Viewer
Mozilla Firefox (3.6)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 6 Ultra Edition
NeroVision Express 3
Norton Password Manager
Norton Password Manager (Symantec Corporation)
NPM_DRM_COLLECTION
Nuclear Coffee - DiscRipper
NVIDIA Display Driver
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OGA Notifier 2.0.0048.0
Picasa 3
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Sound Blaster Live!
SpeedFan (remove only)
System Requirements Lab
TDK Digital MixMaster
Ulead Data-Add 2.0
Ulead DVD MovieFactory 3.5 Suite Deluxe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WIBU-KEY Setup (WIBU-KEY Remove)
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Xvid 1.1.3 final uninstall
epidemik
Active Member
 
Posts: 9
Joined: May 14th, 2010, 12:20 am
Advertisement
Register to Remove

Re: Search page redirection

Unread postby MWR 3 day Mod » May 17th, 2010, 12:39 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Search page redirection

Unread postby askey127 » May 18th, 2010, 6:33 am

epidemik,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112
As a condition of receiving our help, I have included the P2P program Limewire in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [IObit Security 360] "E:\Program Files Cont\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 3] "E:\Program Files Cont\IObit\Advanced SystemCare 3\AWC.exe" /startup
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O20 - AppInit_DLLs: c:\windows\system32\hogayapu.dll biyupufe.dll c:\windows\system32\pitorewe.dll
O21 - SSODL: voluwedag - {3cf68e15-5f23-49ec-91f4-0a1f7986dcc6} - (no file)
O21 - SSODL: zelovulon - {be37bcda-7d3c-4a1d-aa8f-70a4e808aecf} - (no file)
O22 - SharedTaskScheduler: jugezatag - {3cf68e15-5f23-49ec-91f4-0a1f7986dcc6} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {be37bcda-7d3c-4a1d-aa8f-70a4e808aecf} - (no file)
O23 - Service: IS360service - IObit - E:\Program Files Cont\IObit\IObit Security 360\IS360srv.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Ad-Aware
IObit Security 360
Advanced SystemCare 3
Download Accelerator Plus
LimeWire 5.3.6

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Run Temp File Cleaner
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista)
If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search page redirection

Unread postby epidemik » May 19th, 2010, 2:31 am

Thank you for your help.

I was able to do everything as directed except for removing the Download Accelerator Plus application using the Add/Remove Program utility. When I try to run the uninstaller, I get the message "Could not open INSTALL.LOG file", and I cannot go any further.

Below is the HiJackThis Log and List of Installed programs

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:06 PM, on 05/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program Files Cont\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files Cont\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files Cont\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Mozilla Firefox.lnk = E:\Mozilla Firefox\firefox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4173151577
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9185 bytes

----------------------------------Installed Programs---------------------------------
Adobe AIR
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.3.2
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AusLogics Disk Defrag
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Creative WaveStudio
DivX Setup
D-Link Wireless N USB Adapter DWA-130
Download Accelerator Plus
DVDFab Decrypter 3.0.5.0
EVEREST Home Edition v2.20
Fiesta Download Manager
FoxyTunes for Firefox
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
Huffyuv AVI lossless video codec (Remove Only)
iPod Agent
iTunes
Java(TM) 6 Update 20
JCreator LE 2.50
K-Lite Codec Pack 2.10 Full
Logitech iTouch Software
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Windows Journal Viewer
Mozilla Firefox (3.6)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 6 Ultra Edition
NeroVision Express 3
Norton Password Manager
Norton Password Manager (Symantec Corporation)
NPM_DRM_COLLECTION
Nuclear Coffee - DiscRipper
NVIDIA Display Driver
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OGA Notifier 2.0.0048.0
Picasa 3
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Sound Blaster Live!
SpeedFan (remove only)
System Requirements Lab
TDK Digital MixMaster
Ulead Data-Add 2.0
Ulead DVD MovieFactory 3.5 Suite Deluxe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WIBU-KEY Setup (WIBU-KEY Remove)
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Xvid 1.1.3 final uninstall
epidemik
Active Member
 
Posts: 9
Joined: May 14th, 2010, 12:20 am

Re: Search page redirection

Unread postby askey127 » May 19th, 2010, 6:19 am

epidemik,
------------------------------------------------------------
Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Disable ALL antivirus/antimalware programs before proceeding!
  • Something like this should work for McAfee:
    DISABLE MCAFEE SECURITY CENTER
    Please navigate to the system tray and double-click the taskbar icon to open Security Center.
    • Click Advanced Menu (bottom mid-left).
    • Click Configure (left).
    • Click Computer & Files (top left).
    • VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.
    • Do the same via Internet & Network for Firewall Plus.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it.
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Reenable your protection software and post the log in your next reply
A copy of the log will be located here -> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

So we will be looking for the contents of Gmer.txt and Combofix.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search page redirection

Unread postby epidemik » May 20th, 2010, 4:37 pm

askey127,

I have downloaded and run GMER Rootkit Scanner and Combofix. For GMER, I was not able to fully complete the scan because my computer would reboot before finishing. I attempted to run it multiple times with the same result. However, I was able to save the GMER log file up to the point where the computer would reboot. I will try to run the GMER scan again later tonight and repost the log file upon successful completion.


-------------------GMER log -----------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-19 19:02:37
Windows 5.1.2600 Service Pack 3
Running: e19ogmgd.exe; Driver: C:\DOCUME~1\bryan\LOCALS~1\Temp\axtdqpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB76A878A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB76A8738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB76A874C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB76A87CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB76A8710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB76A8724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB76A879E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB76A8776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB76A8762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB76A87F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB76A87E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB76A87B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80515A92 7 Bytes JMP B76A87B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8057C328 5 Bytes JMP B76A878E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8057CFC0 5 Bytes JMP B76A8766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057DEF1 5 Bytes JMP B76A87E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057E369 7 Bytes JMP B76A87CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80581702 5 Bytes JMP B76A8714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581889 7 Bytes JMP B76A87A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP B76A8750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058E695 5 Bytes JMP B76A87FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B0470 5 Bytes JMP B76A873C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 805E1941 5 Bytes JMP B76A8728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8063597F 5 Bytes JMP B76A877A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF7491780]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE00A1
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0FAC
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE007A
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0069
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE003D
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00D4
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE00C3
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F56
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00F9
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0F45
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0058
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0000
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE00B2
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE002C
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE001B
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F71
.text C:\WINDOWS\System32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F8A
.text C:\WINDOWS\System32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FB9
.text C:\WINDOWS\System32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FCA
.text C:\WINDOWS\System32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930047
.text C:\WINDOWS\System32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FE5
.text C:\WINDOWS\System32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930036
.text C:\WINDOWS\System32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930025
.text C:\WINDOWS\System32\svchost.exe[736] msvcrt.dll!_wsystem 77C2931E 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920022
.text C:\WINDOWS\System32\svchost.exe[736] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920011
.text C:\WINDOWS\System32\svchost.exe[736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FAB
.text C:\WINDOWS\System32\svchost.exe[736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FD2
.text C:\WINDOWS\System32\svchost.exe[736] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[736] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[736] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FD4
.text C:\WINDOWS\System32\svchost.exe[736] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900025
.text C:\WINDOWS\System32\svchost.exe[736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0007007D
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F92
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070FA3
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700B5
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F6D
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700DA
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F4B
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700EB
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070098
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F5C
.text C:\WINDOWS\system32\services.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0006005B
.text C:\WINDOWS\system32\services.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FBE
.text C:\WINDOWS\system32\services.exe[944] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050049
.text C:\WINDOWS\system32\services.exe[944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050038
.text C:\WINDOWS\system32\services.exe[944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C000BC
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C000A1
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00FC7
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00084
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00058
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C000F4
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00FAC
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00131
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00116
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00142
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00069
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C000CD
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00047
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C00105
.text C:\WINDOWS\system32\lsass.exe[956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\lsass.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF005B
.text C:\WINDOWS\system32\lsass.exe[956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\lsass.exe[956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\lsass.exe[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\lsass.exe[956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\lsass.exe[956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\lsass.exe[956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\lsass.exe[956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0040
.text C:\WINDOWS\system32\lsass.exe[956] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FAB
.text C:\WINDOWS\system32\lsass.exe[956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\lsass.exe[956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FBC
.text C:\WINDOWS\system32\lsass.exe[956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FD7
.text C:\WINDOWS\system32\lsass.exe[956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024E000A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 024E0F9C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 024E0091
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 024E0076
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 024E005B
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 024E002F
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024E00AC
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024E0F64
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024E00D1
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024E0F38
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 024E00EC
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 024E004A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 024E0FEF
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024E0F81
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 024E0FCD
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 024E0FDE
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 024E0F49
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024D0FAF
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024D0058
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024D0FC0
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024D0FE5
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 024D0047
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 024D0000
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 024D0036
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 024D001B
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024C006C
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 024C0FD7
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024C0022
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024C0000
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024C003D
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024C0011
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02450000
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0076
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0F81
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED005B
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0FB9
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED00AE
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0091
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F29
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED0F3A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00DD
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0040
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0014
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0F66
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0025
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F4B
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0FCA
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC005B
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0025
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0F9E
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0FB9
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0036
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0FC8
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB005D
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0FE3
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0042
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB001D
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0FE5
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0371000A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03710089
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03710078
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03710067
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03710FA8
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0371004A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 037100AB
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0371009A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03710F23
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 037100BC
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 037100D7
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03710FB9
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0371001B
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03710F79
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03710FDE
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03710FEF
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03710F3E
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0370002C
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0370007D
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03700FDB
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03700011
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0370006C
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03700000
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03700FC0
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [90, 8B]
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03700047
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02BA0F92
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!system 77C293C7 5 Bytes JMP 02BA0FAD
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02BA0FC8
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02BA0FEF
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02BA001D
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02BA000C
.text C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B90FEF
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02B80FE5
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02B8000A
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02B80FD4
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02B80FC3
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00940FE5
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00940F88
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0094007D
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0094006C
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0094005B
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00940025
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009400BA
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009400A9
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00940F4D
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009400E6
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00940F28
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00940040
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00940FD4
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00940098
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00940FB9
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009400D5
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930036
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093006C
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0093001B
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930FAF
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FC0
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930047
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920066
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FDB
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0092003A
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920055
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092001D
.text C:\WINDOWS\System32\svchost.exe[1292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FE5
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9004F
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F5A
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90F6B
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B9001E
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90F97
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90F11
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F2E
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900AA
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B9008F
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90EEC
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F7C
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F3F
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FA8
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B9006A
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80062
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80025
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80051
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80000
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B80040
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80FC3
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FC1
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70FD2
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B7001D
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70038
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B7000C
.text C:\WINDOWS\System32\svchost.exe[1328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02C20FEF
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02C2007A
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02C20069
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02C2004E
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02C20F91
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02C2002C
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02C200B2
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02C20F6A
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02C20F2D
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02C20F3E
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02C20F12
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02C2003D
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02C20000
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02C2008B
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02C2001B
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02C20FCA
.text C:\WINDOWS\Explorer.EXE[1936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02C20F59
.text C:\WINDOWS\Explorer.EXE[1936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 021F001B
.text C:\WINDOWS\Explorer.EXE[1936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 021F0F83
.text C:\WINDOWS\Explorer.EXE[1936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 021F0FCA
.text C:\WINDOWS\Explorer.EXE[1936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 021F0FE5
.text C:\WINDOWS\Explorer.EXE[1936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 021F0F9E
.text C:\WINDOWS\Explorer.EXE[1936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 021F0000
.text C:\WINDOWS\Explorer.EXE[1936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 021F0040
.text C:\WINDOWS\Explorer.EXE[1936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 021F0FB9
.text C:\WINDOWS\Explorer.EXE[1936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 021E0FB2
.text C:\WINDOWS\Explorer.EXE[1936] msvcrt.dll!system 77C293C7 5 Bytes JMP 021E0FC3
.text C:\WINDOWS\Explorer.EXE[1936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 021E0033
.text C:\WINDOWS\Explorer.EXE[1936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 021E0FEF
.text C:\WINDOWS\Explorer.EXE[1936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 021E0FDE
.text C:\WINDOWS\Explorer.EXE[1936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 021E0018
.text C:\WINDOWS\Explorer.EXE[1936] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 021C0000
.text C:\WINDOWS\Explorer.EXE[1936] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 021C001B
.text C:\WINDOWS\Explorer.EXE[1936] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 021C0036
.text C:\WINDOWS\Explorer.EXE[1936] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 021C0FDB
.text C:\WINDOWS\Explorer.EXE[1936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 021D000A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B007D
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F88
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00BA
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00A9
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F57
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00E6
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F3C
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0098
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[2884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00D5
.text C:\WINDOWS\system32\wuauclt.exe[2884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F9E
.text C:\WINDOWS\system32\wuauclt.exe[2884] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[2884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\system32\wuauclt.exe[2884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0029
.text C:\WINDOWS\system32\wuauclt.exe[2884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B004A
.text C:\WINDOWS\system32\wuauclt.exe[2884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[2884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F8D
.text C:\WINDOWS\system32\wuauclt.exe[2884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[2884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0F9E
.text C:\WINDOWS\system32\wuauclt.exe[2884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\wuauclt.exe[2884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE005B
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0F66
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0F83
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0040
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE002F
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0F2E
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0F49
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE00A2
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE0F13
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE00BD
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0FA8
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE0000
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0076
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0FB9
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\System32\svchost.exe[3008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE0091
.text C:\WINDOWS\System32\svchost.exe[3008] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0FDB
.text C:\WINDOWS\System32\svchost.exe[3008] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD006F
.text C:\WINDOWS\System32\svchost.exe[3008] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD002C
.text C:\WINDOWS\System32\svchost.exe[3008] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD001B
.text C:\WINDOWS\System32\svchost.exe[3008] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0FA8
.text C:\WINDOWS\System32\svchost.exe[3008] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0000
.text C:\WINDOWS\System32\svchost.exe[3008] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CD0FB9
.text C:\WINDOWS\System32\svchost.exe[3008] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ED, 88]
.text C:\WINDOWS\System32\svchost.exe[3008] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\System32\svchost.exe[3008] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC003D
.text C:\WINDOWS\System32\svchost.exe[3008] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC002C
.text C:\WINDOWS\System32\svchost.exe[3008] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FC6
.text C:\WINDOWS\System32\svchost.exe[3008] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0FE3
.text C:\WINDOWS\System32\svchost.exe[3008] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0011
.text C:\WINDOWS\System32\svchost.exe[3008] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\SearchIndexer.exe[3392] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027D0000
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 027D0F80
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 027D007F
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 027D0FA5
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 027D0FB6
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 027D0051
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027D0F52
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027D0F6F
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027D0F2D
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027D00C6
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 027D00E1
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 027D0062
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 027D001B
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 027D009A
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 027D0036
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 027D0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 027D00AB
.text C:\WINDOWS\system32\wuauclt.exe[3952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 027B0042
.text C:\WINDOWS\system32\wuauclt.exe[3952] msvcrt.dll!system 77C293C7 5 Bytes JMP 027B0FB7
.text C:\WINDOWS\system32\wuauclt.exe[3952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 027B0FE3
.text C:\WINDOWS\system32\wuauclt.exe[3952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 027B0000
.text C:\WINDOWS\system32\wuauclt.exe[3952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 027B0FD2
.text C:\WINDOWS\system32\wuauclt.exe[3952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 027B001D
.text C:\WINDOWS\system32\wuauclt.exe[3952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 027C0033
.text C:\WINDOWS\system32\wuauclt.exe[3952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 027C0F94
.text C:\WINDOWS\system32\wuauclt.exe[3952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 027C0022
.text C:\WINDOWS\system32\wuauclt.exe[3952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 027C0011
.text C:\WINDOWS\system32\wuauclt.exe[3952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 027C0FA5
.text C:\WINDOWS\system32\wuauclt.exe[3952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 027C0000
.text C:\WINDOWS\system32\wuauclt.exe[3952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 027C0FB6
.text C:\WINDOWS\system32\wuauclt.exe[3952] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9C, 8A]
.text C:\WINDOWS\system32\wuauclt.exe[3952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 027C0FC7
.text C:\WINDOWS\system32\wuauclt.exe[3952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 027A0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\atapi \Device\Ide\IdePort0 [F7484B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [F7484B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7484B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7484B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F7484B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F7484B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)



--------------------Combofix Log---------------------------------
ComboFix 10-05-19.02 - bryan 05/19/2010 19:27:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2053 [GMT -7:00]
Running from: c:\documents and settings\bryan\Desktop\zzz.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\bryan\Application Data\iniasd.txt
c:\documents and settings\bryan\Application Data\MBSCGPlugin2509.dll
c:\documents and settings\bryan\Application Data\MBSIconPlugin2510.dll
c:\documents and settings\bryan\Application Data\MBSMainPlugin2510.dll
c:\documents and settings\bryan\Application Data\MBSPicturePlugin2510.dll
c:\documents and settings\bryan\Application Data\MBSRegistrationPlugin2455.dll
c:\documents and settings\bryan\Application Data\MBSWindowPlugin2510.dll
c:\documents and settings\bryan\Application Data\MBSWinPlugin2510.dll
c:\windows\system32\system
c:\windows\system32\system\msxml4.dll
c:\windows\system32\system\msxml4r.dll
c:\windows\Tasks.\sypcsnzi.job
c:\windows\Tasks.\sypcsnzi.job . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IAS
-------\Legacy_ICF
-------\Legacy_IPRIP
-------\Service_Ias


((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-15 02:04 . 2010-05-15 02:04 -------- d-----w- c:\program files\iPod
2010-05-15 02:03 . 2010-05-15 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-15 01:54 . 2010-05-15 01:54 -------- d-----w- c:\program files\Bonjour
2010-05-14 05:28 . 2010-05-14 05:28 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-14 05:27 . 2010-05-14 05:23 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-14 05:27 . 2010-05-14 05:22 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-14 05:27 . 2007-05-20 22:38 70602 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe
2010-05-14 05:27 . 2010-05-14 05:27 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-14 05:27 . 2010-05-14 05:27 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-14 05:27 . 2010-05-14 05:27 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-14 05:27 . 2010-05-14 05:27 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-14 05:25 . 2010-05-14 05:25 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-14 05:25 . 2010-05-14 05:25 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-14 05:25 . 2010-05-14 05:25 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-14 05:25 . 2010-05-14 05:25 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-14 05:25 . 2010-05-14 05:25 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-14 05:25 . 2010-05-14 05:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-14 05:25 . 2010-05-14 05:25 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-14 05:23 . 2010-05-14 05:23 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-14 05:23 . 2010-05-14 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-14 04:18 . 2010-05-14 04:18 388096 ----a-r- c:\documents and settings\bryan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-13 05:11 . 2010-05-13 05:11 96512 ----a-w- c:\windows\system32\drivers\whnivetk.sys
2010-05-11 05:16 . 2010-05-11 05:16 256 ----a-w- c:\windows\system32\pool.bin
2010-05-11 05:16 . 2010-05-11 05:16 -------- d-----w- c:\documents and settings\bryan\Application Data\Research In Motion
2010-05-11 05:15 . 2010-05-11 05:15 -------- d-----w- c:\program files\Research In Motion
2010-05-11 05:15 . 2009-01-09 23:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-05-11 05:14 . 2010-05-11 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-05-11 05:14 . 2010-05-11 05:14 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-05-11 05:13 . 2010-05-11 05:14 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-05 05:53 . 2010-05-05 05:53 503808 ------w- c:\documents and settings\bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6090b25d-n\msvcp71.dll
2010-05-05 05:53 . 2010-05-05 05:53 499712 ------w- c:\documents and settings\bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6090b25d-n\jmc.dll
2010-05-05 05:53 . 2010-05-05 05:53 348160 ------w- c:\documents and settings\bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6090b25d-n\msvcr71.dll
2010-05-05 05:53 . 2010-05-05 05:53 61440 ------w- c:\documents and settings\bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32164bef-n\decora-sse.dll
2010-05-05 05:53 . 2010-05-05 05:53 12800 ------w- c:\documents and settings\bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32164bef-n\decora-d3d.dll
2010-05-05 05:52 . 2010-05-05 05:52 -------- d-----w- c:\program files\Common Files\Java
2010-05-05 05:52 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-05 05:41 . 2010-05-05 05:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-05 05:40 . 2010-05-05 05:40 86016 ------w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-05 05:39 . 2010-05-14 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-01 18:39 . 2010-05-01 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-01 14:42 . 2010-05-01 14:42 96512 ----a-w- c:\windows\system32\drivers\djznojba.sys
2010-05-01 08:16 . 2010-05-13 05:11 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-30 07:01 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-28 22:45 . 2010-04-28 22:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 02:39 . 2003-10-15 07:22 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80611102}.dat
2010-05-20 02:39 . 2003-10-15 07:22 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80611102}.dat
2010-05-19 06:15 . 2005-04-26 23:40 -------- d-----w- c:\program files\DAP
2010-05-19 06:08 . 2008-05-23 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-15 02:53 . 2004-05-03 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-15 02:04 . 2007-07-24 03:37 -------- d-----w- c:\program files\Common Files\Apple
2010-05-14 05:27 . 2007-05-20 22:38 -------- d-----w- c:\program files\DivX
2010-05-14 05:26 . 2010-05-14 05:26 -------- d-----w- c:\documents and settings\bryan\Application Data\DivX
2010-05-14 05:26 . 2010-05-14 05:26 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-14 05:26 . 2010-05-14 05:26 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-14 05:26 . 2010-05-14 05:26 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-14 05:26 . 2010-05-14 05:26 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-14 05:26 . 2010-05-14 05:26 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-14 05:26 . 2010-05-14 05:26 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-14 05:26 . 2010-05-14 05:26 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-03-31 01:58 . 2004-09-07 17:33 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-10 06:15 . 2003-10-08 03:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 06:24 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 02:01 . 2009-10-31 20:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-10-10 06:53 . 2009-10-10 06:53 17810 ------w- c:\program files\Common Files\mimo.dat
2009-10-10 06:53 . 2009-10-10 06:53 14813 ------w- c:\program files\Common Files\exyga.inf
2009-10-10 06:53 . 2009-10-10 06:53 13187 ------w- c:\program files\Common Files\qatutec.vbs
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AcctMgr"="c:\program files\Norton Password Manager\AcctMgr.exe" [2004-08-18 586896]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-01-14 892928]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-03 24576]
"nwiz"="nwiz.exe" [2005-04-01 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"QuickTime Task"="e:\program files cont\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="e:\program files cont\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-13 110592]
Mozilla Firefox.lnk - e:\mozilla firefox\firefox.exe [2006-10-25 910296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files Cont\\limewire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcods.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files Cont\\iTunes\\iTunes.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [02/10/2010 12:19 AM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [01/10/2007 9:09 PM 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 lkbdhlpr;Logitech Keyboard Class Helper Driver;c:\windows\system32\Drivers\lkbdhlpr.sys --> c:\windows\system32\Drivers\lkbdhlpr.sys [?]
S3 LinksysFVNETusbl(AR)(R);Linksys FVNETusbl(AR)(R) Service for Instant Wireless USB Network Adapter ver.2.6;c:\windows\system32\drivers\vnetusbl.sys [03/09/2004 7:48 PM 108032]
S3 Ndisusb;GeneLink Network Driver;c:\windows\system32\drivers\genelan.sys [01/31/2010 4:44 PM 11328]
S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [07/15/2004 4:41 PM 72704]
S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-10 20:22]

2010-02-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-10 20:22]

2010-05-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]

2010-05-18 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 12:48]

2010-05-20 c:\windows\Tasks\User_Feed_Synchronization-{E2DF7562-F9E4-4797-8CB5-B316E653DAE4}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sbc.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\bryan\Application Data\Mozilla\Firefox\Profiles\29hul15v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\documents and settings\bryan\Application Data\Mozilla\Firefox\Profiles\29hul15v.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: e:\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: e:\program files cont\Adobe\Reader\browser\nppdf32.dll
FF - plugin: e:\program files cont\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files cont\Picasa3\npPicasa3.dll
FF - plugin: e:\program files cont\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files cont\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files cont\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files cont\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files cont\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\program files cont\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\program files cont\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Advanced SystemCare 3 - e:\program files cont\IObit\Advanced SystemCare 3\AWC.exe
MSConfigStartUp-IObit Security 360 - e:\program files cont\IObit\IObit Security 360\IS360tray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 19:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8AB948C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf758fcb8
\Driver\atapi -> atapi.sys @ 0xf7484b3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1600)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\nvwddi.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-19 19:52:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-20 02:52

Pre-Run: 4,396,724,224 bytes free
Post-Run: 4,262,096,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - A97917799DA3A6751F783465231CD4AB
epidemik
Active Member
 
Posts: 9
Joined: May 14th, 2010, 12:20 am

Re: Search page redirection

Unread postby askey127 » May 21st, 2010, 6:35 am

epidemik,
--------------------------------------------
TDSSKiller
  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  • Double-click the tdsskiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy (Ctrl+C) the text in the codebox below.
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste (Ctrl+V) the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
  • Start Malwarebytes' Anti-Malware.
  • Click on The Update tab. Choose Check for Updates.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Both files will be saved here -> C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

So we are looking for the logs from TDSSKiller, Malwarebytes Anti-malware, and the two logs from the RSIT scanner.
Use separate posts for any you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search page redirection

Unread postby epidemik » May 22nd, 2010, 1:14 am

askey127,

below are TDSSKILLER and MBAM log files. RSIT log files will be in follow up post.

-----------------TDSSKILLER LOG----------------------------------

21:55:56:734 2656 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
21:55:56:734 2656 ================================================================================
21:55:56:734 2656 SystemInfo:

21:55:56:734 2656 OS Version: 5.1.2600 ServicePack: 3.0
21:55:56:734 2656 Product type: Workstation
21:55:56:734 2656 ComputerName: BRYAN
21:55:56:734 2656 UserName: bryan
21:55:56:734 2656 Windows directory: C:\WINDOWS
21:55:56:734 2656 Processor architecture: Intel x86
21:55:56:734 2656 Number of processors: 2
21:55:56:734 2656 Page size: 0x1000
21:55:56:734 2656 Boot type: Normal boot
21:55:56:734 2656 ================================================================================
21:55:56:750 2656 UnloadDriverW: NtUnloadDriver error 1
21:55:56:750 2656 ForceUnloadDriverW: UnloadDriverW(klmd23) error 1
21:55:56:750 2656 LoadDriverW: Driver already loaded
21:55:56:750 2656 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:55:56:750 2656 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:55:56:750 2656 wfopen_ex: Trying to KLMD file open
21:55:56:750 2656 wfopen_ex: File opened ok (Flags 2)
21:55:56:750 2656 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:55:56:750 2656 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:55:56:750 2656 wfopen_ex: Trying to KLMD file open
21:55:56:750 2656 wfopen_ex: File opened ok (Flags 2)
21:55:56:750 2656 KLAVA engine initialized
21:55:56:750 2656 Raw disk subsystem init failed!
21:55:56:750 2656 Initialize success
21:55:56:750 2656
21:55:56:750 2656 Scanning Services ...
21:55:57:156 2656 Raw services enum returned 406 services
21:55:57:187 2656 !dthrs1
21:55:57:187 2656 DetectCureTDL3 failed
21:55:57:187 2656
21:55:57:187 2656 Completed
21:55:57:187 2656
21:55:57:187 2656 Results:
21:55:57:187 2656 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:55:57:187 2656 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:55:57:187 2656
21:55:57:187 2656 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:55:57:187 2656 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:55:57:187 2656 UnloadDriverW: NtUnloadDriver error 1
21:55:57:203 2656 KLMD(ARK) unloaded successfully



---------------------------MBAM LOG -----------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4129

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/21/2010 10:07:41 PM
mbam-log-2010-05-21 (22-07-41).txt

Scan type: Quick scan
Objects scanned: 124305
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
epidemik
Active Member
 
Posts: 9
Joined: May 14th, 2010, 12:20 am

Re: Search page redirection

Unread postby epidemik » May 22nd, 2010, 1:17 am

RSIT log files below:

--------------------LOG.txt----------------------------------------
Logfile of random's system information tool 1.07 (written by random/random)
Run by bryan at 2010-05-21 22:10:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (22%) free of 19 GB
Total RAM: 2559 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:10:44 PM, on 05/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
E:\Program Files Cont\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bryan\Desktop\RSIT.exe
C:\Program Files\trend micro\bryan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files Cont\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files Cont\iTunes\iTunesHelper.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Mozilla Firefox.lnk = E:\Mozilla Firefox\firefox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4173151577
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9080 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E2DF7562-F9E4-4797-8CB5-B316E653DAE4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-04 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-12-14 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-12-14 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AcctMgr"=C:\Program Files\Norton Password Manager\AcctMgr.exe [2004-08-18 586896]
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [2004-05-28 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-04-01 5562368]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-01-14 892928]
"Tweak UI"=TWEAKUI.CPL,TweakMeUp []
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2003-05-15 163840]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-04-01 86016]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2010-03-10 648536]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]
"QuickTime Task"=E:\Program Files Cont\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=E:\Program Files Cont\iTunes\iTunesHelper.exe [2010-04-28 142120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Mozilla Firefox.lnk - E:\Mozilla Firefox\firefox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMMyDocs"=0x01000000
"NoSMMyPictures"=0x01000000
"NoNetworkConnections"=0x01000000
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe"="C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files Cont\limewire\LimeWire.exe"="E:\Program Files Cont\limewire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\McAfee\VirusScan\mcods.exe"="C:\Program Files\McAfee\VirusScan\mcods.exe:*:Enabled:mcods"
"C:\Program Files\McAfee\VirusScan\mcsysmon.exe"="C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon"
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"E:\Program Files Cont\iTunes\iTunes.exe"="E:\Program Files Cont\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-05-21 22:10:28 ----D---- C:\Program Files\trend micro
2010-05-21 22:10:27 ----D---- C:\rsit
2010-05-21 21:56:12 ----A---- C:\TDSSKiller.2.3.0.0_21.05.2010_21.56.12_log.txt
2010-05-21 21:55:17 ----A---- C:\TDSSKiller.2.3.0.0_21.05.2010_21.55.17_log.txt
2010-05-20 21:41:29 ----D---- C:\Program Files\JL_Cmder
2010-05-20 21:26:57 ----SHD---- C:\RECYCLER
2010-05-19 19:52:56 ----A---- C:\ComboFix.txt
2010-05-19 19:22:46 ----A---- C:\Boot.bak
2010-05-19 19:22:42 ----RASHD---- C:\cmdcons
2010-05-19 19:20:48 ----A---- C:\WINDOWS\zip.exe
2010-05-19 19:20:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-19 19:20:48 ----A---- C:\WINDOWS\SWSC.exe
2010-05-19 19:20:48 ----A---- C:\WINDOWS\SWREG.exe
2010-05-19 19:20:48 ----A---- C:\WINDOWS\sed.exe
2010-05-19 19:20:48 ----A---- C:\WINDOWS\PEV.exe
2010-05-19 19:20:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-19 19:20:48 ----A---- C:\WINDOWS\MBR.exe
2010-05-19 19:20:48 ----A---- C:\WINDOWS\grep.exe
2010-05-19 19:20:37 ----D---- C:\WINDOWS\ERDNT
2010-05-19 19:19:27 ----D---- C:\Qoobox
2010-05-18 23:20:40 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2010-05-14 19:04:06 ----D---- C:\Program Files\iPod
2010-05-14 19:03:59 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-14 18:54:53 ----D---- C:\Program Files\Bonjour
2010-05-13 22:26:53 ----D---- C:\Documents and Settings\bryan\Application Data\DivX
2010-05-13 22:26:18 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-05-13 22:26:18 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-05-13 22:26:18 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-05-13 22:26:18 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-05-13 22:26:17 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-05-13 22:26:17 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-05-13 22:25:29 ----D---- C:\Program Files\Common Files\DivX Shared
2010-05-13 22:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-05-13 21:18:54 ----D---- C:\Program Files\HiJackThis
2010-05-10 22:16:04 ----D---- C:\Documents and Settings\bryan\Application Data\Research In Motion
2010-05-10 22:15:39 ----D---- C:\Program Files\Research In Motion
2010-05-10 22:14:02 ----D---- C:\Documents and Settings\All Users\Application Data\Research In Motion
2010-05-10 22:14:00 ----D---- C:\Program Files\Common Files\Roxio Shared
2010-05-10 22:13:39 ----D---- C:\Program Files\Common Files\Research In Motion
2010-05-04 22:52:58 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-05-04 22:52:54 ----D---- C:\Program Files\Common Files\Java
2010-05-04 22:52:40 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-04 22:52:40 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-04 22:52:40 ----A---- C:\WINDOWS\system32\java.exe
2010-05-04 22:52:40 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-04 22:41:00 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-05-04 22:39:37 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-05-01 11:39:58 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2010-05-01 01:16:12 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-04-30 00:14:34 ----A---- C:\WINDOWS\system32\MRT.INI
2010-04-30 00:11:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-09 22:53:56 ----N---- C:\mbam-error.txt
2010-04-08 13:20:02 ----A---- C:\WINDOWS\system32\dns-sd.exe
2010-04-08 13:20:02 ----A---- C:\WINDOWS\system32\dnssd.dll
2010-04-01 22:59:03 ----D---- C:\Documents and Settings\bryan\Application Data\gtk-2.0
2010-04-01 22:16:03 ----D---- C:\Documents and Settings\All Users\Application Data\Fiesta Download Manager
2010-03-08 10:59:18 ----A---- C:\WINDOWS\system32\dpl100.dll

======List of files/folders modified in the last 3 months======

2010-05-21 22:10:40 ----D---- C:\WINDOWS\Temp
2010-05-21 22:10:28 ----D---- C:\Program Files
2010-05-21 22:10:10 ----D---- C:\WINDOWS\Prefetch
2010-05-21 21:56:12 ----D---- C:\WINDOWS\system32\drivers
2010-05-21 21:55:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-21 21:38:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-21 17:35:35 ----D---- C:\WINDOWS
2010-05-21 17:34:53 ----A---- C:\WINDOWS\iTouch.ini
2010-05-20 20:47:19 ----HD---- C:\WINDOWS\inf
2010-05-20 09:00:31 ----SHD---- C:\WINDOWS\CSC
2010-05-19 19:51:32 ----SD---- C:\WINDOWS\Tasks
2010-05-19 19:47:52 ----A---- C:\WINDOWS\system.ini
2010-05-19 19:39:09 ----D---- C:\WINDOWS\system32\config
2010-05-19 19:38:11 ----D---- C:\WINDOWS\system32
2010-05-19 19:32:40 ----D---- C:\WINDOWS\AppPatch
2010-05-19 19:32:37 ----D---- C:\Program Files\Common Files
2010-05-19 19:22:47 ----RASH---- C:\boot.ini
2010-05-18 23:15:28 ----D---- C:\Program Files\DAP
2010-05-18 23:10:26 ----D---- C:\Config.Msi
2010-05-18 23:08:22 ----SHD---- C:\WINDOWS\Installer
2010-05-18 23:08:07 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-05-18 23:08:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-05-18 23:00:20 ----A---- C:\WINDOWS\Winamp.ini
2010-05-14 19:53:26 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-05-14 19:04:02 ----D---- C:\Program Files\Common Files\Apple
2010-05-13 22:27:33 ----D---- C:\Program Files\DivX
2010-05-13 20:59:09 ----A---- C:\WINDOWS\win.ini
2010-05-12 22:27:40 ----D---- C:\WINDOWS\Debug
2010-05-12 22:03:13 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-12 20:16:32 ----D---- C:\WINDOWS\Registration
2010-05-12 20:16:28 ----D---- C:\WINDOWS\repair
2010-05-11 23:48:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-11 23:48:55 ----D---- C:\Program Files\Outlook Express
2010-05-11 21:51:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-10 22:15:45 ----RSD---- C:\WINDOWS\Fonts
2010-05-10 22:15:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-05-10 22:13:45 ----D---- C:\WINDOWS\WinSxS
2010-05-04 23:30:20 ----D---- C:\WINDOWS\system32\Logfiles
2010-05-04 22:52:29 ----D---- C:\Program Files\Java
2010-05-04 22:46:48 ----D---- C:\Program Files\Adobe
2010-05-04 22:45:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-05-04 22:43:49 ----D---- C:\Program Files\Common Files\Adobe
2010-05-04 21:59:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-04 21:59:15 ----D---- C:\WINDOWS\system32\inetsrv
2010-05-01 11:16:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-01 11:12:24 ----D---- C:\Documents and Settings\bryan\Application Data\IObit
2010-04-30 00:19:55 ----N---- C:\WINDOWS\vbaddin.ini
2010-04-30 00:08:00 ----D---- C:\Program Files\Movie Maker
2010-04-30 00:06:23 ----D---- C:\Program Files\Internet Explorer
2010-04-30 00:06:03 ----D---- C:\WINDOWS\ie8updates
2010-04-29 23:54:12 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-29 23:31:31 ----N---- C:\VundoFix.txt
2010-04-01 18:55:16 ----D---- C:\Program Files\McAfee
2010-03-30 18:58:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-03-30 18:58:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-03-30 18:58:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-03-30 18:58:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-03-30 18:58:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-03-30 18:58:04 ----N---- C:\WINDOWS\system32\px.dll
2010-03-23 20:30:52 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-22 11:53:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-22 11:11:29 ----N---- C:\WINDOWS\NeroDigital.ini
2010-03-11 16:05:15 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2010-03-11 16:04:23 ----N---- C:\Documents and Settings\bryan\Application Data\cdr.ini
2010-03-09 23:15:52 ----A---- C:\WINDOWS\system32\vbscript.dll
2010-02-28 15:15:13 ----D---- C:\WINDOWS\system32\MsDtc
2010-02-28 15:15:13 ----D---- C:\Documents and Settings\bryan\Application Data\ICAClient
2010-02-28 15:15:12 ----D---- C:\Program Files\Norton Password Manager
2010-02-28 15:15:12 ----D---- C:\Documents and Settings\bryan\Application Data\uTorrent
2010-02-26 21:24:13 ----D---- C:\WINDOWS\ShellNew
2010-02-26 21:09:58 ----D---- C:\TDKMUSIC
2010-02-25 11:54:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-02-24 23:24:37 ----A---- C:\WINDOWS\system32\wininet.dll
2010-02-24 23:24:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-02-24 23:24:37 ----A---- C:\WINDOWS\system32\occache.dll
2010-02-24 23:24:37 ----A---- C:\WINDOWS\system32\mstime.dll
2010-02-24 23:24:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-02-24 23:24:35 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-02-24 23:24:35 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-02-24 23:24:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-02-24 23:24:35 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-02-24 23:24:35 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-02-24 23:24:34 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-02-24 02:54:25 ----N---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 USIUDF;USIUDF; C:\WINDOWS\System32\Drivers\USIUDF.sys [2004-05-29 292288]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2003-12-18 12953]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\system32\DRIVERS\MRVW245.sys [2007-11-18 461952]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-04-01 3454656]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-01 578304]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\System32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 lkbdhlpr;Logitech Keyboard Class Helper Driver; C:\WINDOWS\System32\Drivers\lkbdhlpr.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-28 36224]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\zzz\catchme.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-06-03 147328]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 LinksysFVNETusbl(AR)(R);Linksys FVNETusbl(AR)(R) Service for Instant Wireless USB Network Adapter ver.2.6; C:\WINDOWS\System32\DRIVERS\vnetusbl.sys [2004-03-09 108032]
S3 Ndisusb;GeneLink Network Driver; C:\WINDOWS\system32\DRIVERS\genelan.sys [2001-07-10 11328]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-09-07 17664]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2003-05-15 19072]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-06-04 27232]
S3 USB_RNDIS;U.S. Robotics Wireless MAXg USB Adapter; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 Usblink;Usblink Driver; C:\WINDOWS\System32\Drivers\ulink.sys []
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver; C:\WINDOWS\System32\DRIVERS\netusbxp.sys [2002-02-20 72704]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-01-08 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VNic;ULan Network Driver Module; C:\WINDOWS\system32\DRIVERS\VNic.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\System32\svchost.exe [2009-10-09 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-14 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-29 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-01 127043]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2007-08-09 73728]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2004-12-29 819352]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-13 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-28 365072]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-09 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------





--------------------------INFO.txt-----------------------------------------
info.txt logfile of random's system information tool 1.06 2010-05-21 22:10:48

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe /PLUGIN
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Amazon MP3 Downloader 1.0.5-->E:\Program Files Cont\Amazon\Uninstall.exe
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AusLogics Disk Defrag-->"E:\Program Files Cont\AusLogics Disk Defrag\unins000.exe"
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{CE86E2F5-850C-4207-94A3-A58D647B1733}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{CE86E2F5-850C-4207-94A3-A58D647B1733}
BlackBerry® Media Sync-->MsiExec.exe /X{40A594D0-1490-4979-9382-D2B764F949C6}
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
CCleaner-->"E:\Program Files Cont\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative WaveStudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\Setup.exe" -l0x9 /remove
DivX Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
D-Link Wireless N USB Adapter DWA-130-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A385AA5D-4B9C-4BB4-A3D9-8BA006D6E831}\setup.exe" -l0x9 -removeonly
Download Accelerator Plus -->C:\PROGRA~1\DAP\UNWISE.EXE C:\PROGRA~1\DAP\INSTALL.LOG
DVDFab Decrypter 3.0.5.0-->"E:\Program Files Cont\DVDFab Decrypter 3\unins000.exe"
EVEREST Home Edition v2.20-->"E:\Program Files Cont\Lavalys\EVEREST Home Edition\unins000.exe"
Fiesta Download Manager-->"E:\Program Files Cont\Fiesta Download Manager\uninstall.exe"
FoxyTunes for Firefox-->"E:\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
iPod Agent-->MsiExec.exe /I{E66D0AD3-CFF7-47D2-B764-C64DE59D9A1E}
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
JCreator LE 2.50-->"C:\Program Files\Xinox Software\JCreator LE\unins000.exe"
K-Lite Codec Pack 2.10 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"E:\Program Files Cont\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.6)-->E:\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Norton Password Manager (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{8315D4B0-9BF2-4D63-8654-74B89D288D6E}.exe /X
Norton Password Manager-->MsiExec.exe /I{8315D4B0-9BF2-4D63-8654-74B89D288D6E}
NPM_DRM_COLLECTION-->MsiExec.exe /I{E38D4B55-212A-4016-BE7E-ED3A6153CBEA}
Nuclear Coffee - DiscRipper-->"E:\Program Files Cont\Nuclear Coffee\DiscRipper\unins000.exe"
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Picasa 3-->"E:\Program Files Cont\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TDK Digital MixMaster-->C:\WINDOWS\uninDMM.exe C:\PROGRA~1\TDK\DIGITA~1\DMM.exe|C:\WINDOWS\UNINST.EXE|-fC:\PROGRA~1\TDK\DIGITA~1\DeIsL1.isu
Ulead Data-Add 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD8E6D29-95EC-494E-8AF5-566E784819A6}\setup.exe" -l0x9
Ulead DVD MovieFactory 3.5 Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7D89BBE-D4B3-49E8-B185-7966B5345866}\setup.exe" -l0x9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall-->"E:\Program Files Cont\Xvid\unins000.exe"

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: BRYAN
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
lkbdhlpr

Record Number: 154065
Source Name: Service Control Manager
Time Written: 20100305234329.000000-480
Event Type: error
User:

Computer Name: BRYAN
Event Code: 7023
Message: The Network Security service terminated with the following error:
The specified module could not be found.


Record Number: 154064
Source Name: Service Control Manager
Time Written: 20100305234329.000000-480
Event Type: error
User:

Computer Name: BRYAN
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
lkbdhlpr

Record Number: 154014
Source Name: Service Control Manager
Time Written: 20100228123435.000000-480
Event Type: error
User:

Computer Name: BRYAN
Event Code: 7023
Message: The Network Security service terminated with the following error:
The specified module could not be found.


Record Number: 154013
Source Name: Service Control Manager
Time Written: 20100228123435.000000-480
Event Type: error
User:

Computer Name: BRYAN
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 154012
Source Name: DCOM
Time Written: 20100228123407.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: BRYAN
Event Code: 3036
Message: The content source <outlookexpress://{s-1-5-21-2052111302-1123561945-725345543-1003}/{681d2e4a-a3ce-4353-b037-6135b08be6d4}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(0x81270005)


Record Number: 128
Source Name: Windows Search Service
Time Written: 20091113230556.000000-480
Event Type: warning
User:

Computer Name: BRYAN
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.


Record Number: 118
Source Name: Windows Search Service
Time Written: 20091113230453.000000-480
Event Type: warning
User:

Computer Name: BRYAN
Event Code: 1
Message:
Record Number: 105
Source Name: nview_info
Time Written: 20091112235119.000000-480
Event Type: error
User:

Computer Name: BRYAN
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 96
Source Name: Application Hang
Time Written: 20091112233306.000000-480
Event Type: error
User:

Computer Name: BRYAN
Event Code: 1000
Message: Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 21
Source Name: Application Error
Time Written: 20091031124750.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Java\j2sdk1.4.2\bin;C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3.5 Suite Deluxe;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;E:\Program Files Cont\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 5, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0205
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
epidemik
Active Member
 
Posts: 9
Joined: May 14th, 2010, 12:20 am

Re: Search page redirection

Unread postby askey127 » May 22nd, 2010, 8:25 am

epidemik,
--------------------------------------------------
Copy/paste the following quote box into a new Notepad (not wordpad) document.
regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox"
notepad "%userprofile%\desktop\look.txt"
del /q "%userprofile%\desktop\look.txt"

Save it to your Desktop as look.bat. Save it as File Type: All Files (not as a text document or it won't work).

Locate look.bat on your Desktop and double-click it.
When Notepad opens, copy/paste the content in your reply.
When you close Notepad, the CMD window will close automatically and the text file will be deleted.

Also please tell me whether you still get redirects in Firefox, and whether Internet Explorer gives you redirects or not.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search page redirection

Unread postby epidemik » May 24th, 2010, 1:52 am

askey127,

See below for the output from running the look.bat file. I no longer seem to be getting redirects on my search page results on either firefox or internet explorer. Thanks for your help!



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\DotNetAssistantExtension\\"
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\\Program Files\\McAfee\\SiteAdvisor"
"jqs@sun.com"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4a,00,61,00,76,00,61,00,5c,00,\
6a,00,72,00,65,00,36,00,5c,00,6c,00,69,00,62,00,5c,00,64,00,65,00,70,00,6c,\
00,6f,00,79,00,5c,00,6a,00,71,00,73,00,5c,00,66,00,66,00,00,00
epidemik
Active Member
 
Posts: 9
Joined: May 14th, 2010, 12:20 am

Re: Search page redirection

Unread postby askey127 » May 24th, 2010, 6:58 am

epidemik,
We are not quite done. I need to be sure that you don't have any leftovers from the infection lurking.
Please be patient. The Kaspersky scan below can take quite a while.
-----------------------------------------------------
File Deletion
In Windows Explorer (My Computer), navigate to the folder shown below, select View, Details, highlight the listed file only, if it exists, and press Delete.
Be careful not to delete any file without double-checking the exact spelling of the filename.
C:\Windows\Tasks\sypcsnzi.job
If you have any problem deleting the file, right click the file and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
Please Note if you cannot delete or find.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    atapi.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-----------------------------------------------------------
Run Temp File Cleaner
Download Temp File Cleaner and save it to your desktop.
Double click to run it.
If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

So we are looking for the results from SystemLook.txt and the report from the Kaspersky scan.
Use separate posts if you prefer.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search page redirection

Unread postby epidemik » May 27th, 2010, 12:23 am

askey127,

File Deletion:
There was no file named sypcsnzi.job in the directory C:\Windows\Tasks


System Look file output:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:38 on 24/05/2010 by bryan (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [19:05 18/10/2008] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [02:50 20/05/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [03:40 08/10/2003] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [05:26 08/10/2003] [16:46 22/05/2010] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys ------ 86912 bytes [05:26 08/10/2003] [08:27 29/08/2002] 95B858761A00E1D4F81F79A0DA019ACA

-=End Of File=-


Kaspersky Scan Log File:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, May 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, May 26, 2010 19:16:58
Records in database: 4173539
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 95480
Threats found: 6
Infected objects found: 8
Suspicious objects found: 3
Scan duration: 03:08:58


File name / Threat / Threats count
C:\Documents and Settings\bryan\Local Settings\Application Data\Microsoft\Outlook\archive.pst Infected: Trojan-Spy.HTML.Bayfraud.i 1
C:\Documents and Settings\bryan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Documents and Settings\bryan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Infected: Trojan-Spy.HTML.Paylap.ez 1
C:\Documents and Settings\bryan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Infected: Trojan-Spy.HTML.Paylap.je 2
D:\XP stuff\Disk Copying Software\CloneCD.4.1.0.1.PLUS.Keygen.ShareReactor\SetupCloneCD.exe Infected: not-a-virus:AdWare.Win32.CommonName.be 1
D:\XP stuff\Disk Copying Software\CloneCD.4.1.0.1.PLUS.Keygen.ShareReactor.zip Infected: not-a-virus:AdWare.Win32.CommonName.be 1
D:\XP stuff\Disk Copying Software\CloneCD.v4.0.1.3.And.ClonyXXL.v2.0.0.6.ShareReactor.exe Infected: not-a-virus:AdWare.Win32.CommonName.bn 1
D:\XP stuff\Disk Copying Software\SetupCloneCD.exe Infected: not-a-virus:AdWare.Win32.CommonName.be 1

Selected area has been scanned.
epidemik
Active Member
 
Posts: 9
Joined: May 14th, 2010, 12:20 am

Re: Search page redirection

Unread postby askey127 » May 27th, 2010, 6:41 am

epidemik,
Your machine scan shows two things, as you can see.
First, it shows a few phony phishing e-mails (eBay, Paypal, etc.) that are stored in Outlook.
They are not harmful if you don't click on their links. You cannot easily remove them automatically without destroying all your Outlook settings.

Second, it shows some spyware activity associated with CloneCD.4.1.0.1.PLUS.Keygen.ShareReactor
This is a program designed to illegally copy CDs and DVDs.
If you want to retain your computer in a usable state, you need to get rid of it.

We won't work on computers with software cracks or keygens, or computers having programs that generate cracks or keygens, like this one.
It is contrary to our terms of use. See here: http://malwareremoval.com/forum/viewtopic.php?t=550

The "shared" files, besides being illegal, can be expected to be loaded with infections planted by spyware purveyors, and create the problems you are having.
The CloneCD software itself is a program that delivers spyware and adware to your machine.
You should delete this folder:
D:\XP stuff\Disk Copying Software\

If you decide instead to continue with the use of file-sharing software and return to this site later with an infected machine, we may refuse service.
Are we on the same page? It's your call.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search page redirection

Unread postby epidemik » May 27th, 2010, 8:54 pm

Folder D:\XP stuff\Disk Copying Software\ deleted.
epidemik
Active Member
 
Posts: 9
Joined: May 14th, 2010, 12:20 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware