Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search engine redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search engine redirect

Unread postby MommaSasquatch » June 3rd, 2010, 5:50 pm

I am having several symptoms. Because of the problems I am having I am using a borrowed computer to post this/try to fix the problem. If I am slow to respond that is why.

-When I click on search engine results I am redirected to an unrelated page.
-Occasionally a tab (Firefox) will open on its own to a page I did not click on (ad?).
-I am having occasional freeze-ups where the computer ceases to respond or responds very slowly.
-My internet connection was interrupted when I tried to post here last night. Every time I tried to post the hijackthis log it said the service was interrupted. All other pages worked just fine. Likewise when I tried to look up the results from hijackthis at systemlookup.com one particular entry into the search field caused that same response though all the other items produced normal results.
-and I don't know if this is related or not, but sometimes my system will not shut down properly. It stops at a blank blue screen with only the mouse cursor visible.

Here are my hijackthis log and uninstall list:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:20:44 PM, on 6/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/acce ... /AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3739114719
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BE7DBB5F-6377-405E-9040-F8C95C6997B6} (ShowSetupObj6 Class) - http://invite.mshow.com/(fos32j451ymg54551g2omr55)/ShowSetup6.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9980 bytes



ABBYY FineReader 6.0 Sprint
Access IBM
Access IBM Tools
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player 11
Agere Systems AC'97 Modem
Apple Software Update
AVG Free 9.0
Citrix Presentation Server Client - Web Only
Digital Camera
GTK+ Runtime 2.12.8 rev a (remove only)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
IBM High Rate Wireless LAN MiniPCI Card
IBM ThinkPad Battery MaxiMiser and Power Management Features
Intel(R) Extreme Graphics 2 Driver
InterActual Player
Java(TM) 6 Update 20
Java(TM) 6 Update 5
Lexmark 2500 Series
Lexmark Fax Solutions
Lexmark Toolbar
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.19)
Mshow Client
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Ultra Edition
Netflix Movie Viewer
NETGEAR WG511v2 wireless PC card
PC-Doctor 5 for Windows
Pidgin
QuickTime
RapidPlayer v5.0 ActiveX Control
RTC Client API v1.2 Setup
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Segoe UI
Shockwave
ThinkPad Configuration
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
TrackPoint Accessibility Features
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3



Thank you in advance. :)
MommaSasquatch
Active Member
 
Posts: 9
Joined: June 3rd, 2010, 12:45 am
Advertisement
Register to Remove

Re: Search engine redirect

Unread postby Cypher » June 6th, 2010, 12:04 pm

Hi.
Checking you're logs now be back soon.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search engine redirect

Unread postby Cypher » June 6th, 2010, 12:23 pm

Hi and welcome to Malware Removal Forums, Sorry for the delay in answering your request for help.
We have had more logs than we could handle in a timely manner.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.



Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.


Next.

I see you have Malwarebytes Anti-Malware: installed.

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)



Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • Gmer.txt log.
  • RSIT log.txt and info.txt contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search engine redirect

Unread postby MommaSasquatch » June 6th, 2010, 3:30 pm

Current performance:

I am still being redirected.

I have NOT had any new tabs open on their own since then.
I did not notice any freeze/super-slow spells in the time I was on the computer.

My computer is still not shutting down normally, but again I am not convinced this is related as it seems to be more of a problem when it has been running for a while than when I have only had it on a short time. It seemed worth mentioning just in case, however.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4172

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/6/2010 12:22:26 PM
mbam-log-2010-06-06 (12-22-26).txt

Scan type: Quick scan
Objects scanned: 128376
Time elapsed: 24 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Gmer.txt log:


(blank - found nothing)

RSIT logs will be in separate posts.
MommaSasquatch
Active Member
 
Posts: 9
Joined: June 3rd, 2010, 12:45 am

Re: Search engine redirect

Unread postby MommaSasquatch » June 6th, 2010, 3:31 pm

RSIT log.txt

Logfile of random's system information tool 1.07 (written by random/random)
Run by Authorized User at 2010-06-06 13:18:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (72%) free of 57 GB
Total RAM: 1014 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:57 PM, on 6/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Authorized User\Desktop\RSIT.exe
C:\Program Files\trend micro\Authorized User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/acce ... /AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3739114719
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BE7DBB5F-6377-405E-9040-F8C95C6997B6} (ShowSetupObj6 Class) - http://invite.mshow.com/(fos32j451ymg54551g2omr55)/ShowSetup6.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9648 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\BMMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2007-11-08 92960]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-04-30 88363]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-03-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-03-10 126976]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-20 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-20 396288]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-07-05 126976]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]
"lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-06-11 312240]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"ISLP2STA.EXE"=ISLP2STA.EXE START []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-02 2065248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR Smart Wizard.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2007-07-05 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-04-09 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-03-10 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:Enabled:Realmon"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Authorized User\Local Settings\Apps\2.0\18AWENZ6.L8Q\6O5QNMJR.6OP\west..kage_28b3eab364833aef_0001.0002_4b0297dc6cddc474\WelcomeHome.exe"="C:\Documents and Settings\Authorized User\Local Settings\Apps\2.0\18AWENZ6.L8Q\6O5QNMJR.6OP\west..kage_28b3eab364833aef_0001.0002_4b0297dc6cddc474\WelcomeHome.exe:*:Enabled:West At Home"
"C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-06-06 13:18:45 ----D---- C:\rsit
2010-05-31 21:28:23 ----D---- C:\Program Files\Trend Micro
2010-05-30 13:46:32 ----D---- C:\Program Files\Alwil Software
2010-05-30 13:46:32 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-05-24 09:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-05-23 07:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-23 07:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-22 10:28:06 ----D---- C:\WINDOWS\Prefetch
2010-05-22 10:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-05-22 10:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-05-22 10:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-05-22 10:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-05-22 10:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-05-22 10:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-05-22 10:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-05-22 10:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-05-22 10:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-05-22 10:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-05-22 10:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-05-22 10:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-05-22 10:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-05-22 10:09:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-05-22 10:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-05-22 10:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-05-22 10:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-05-22 10:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-05-22 10:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-05-22 10:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-05-22 10:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-05-22 10:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-05-22 10:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-05-22 10:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-05-22 10:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-05-22 10:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-05-22 10:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-05-22 10:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-05-22 10:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-05-22 10:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-05-22 10:05:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-05-22 10:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-05-22 10:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-05-22 10:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-05-22 10:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-05-22 10:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-05-22 10:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-05-22 10:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-05-22 10:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-05-22 10:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-05-22 10:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-05-22 10:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-05-22 10:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-05-22 10:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-05-22 10:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-05-22 10:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-05-22 10:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-05-22 10:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-05-22 10:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-05-22 10:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-05-22 10:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-05-22 09:56:04 ----D---- C:\WINDOWS\system32\scripting
2010-05-22 09:56:03 ----D---- C:\WINDOWS\l2schemas
2010-05-22 09:56:02 ----D---- C:\WINDOWS\system32\en
2010-05-22 09:56:01 ----D---- C:\WINDOWS\system32\bits
2010-05-22 09:37:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-05-17 19:37:31 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-05-17 19:36:57 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-17 19:36:57 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-17 19:36:57 ----A---- C:\WINDOWS\system32\java.exe
2010-05-17 19:36:57 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-16 09:32:45 ----D---- C:\a25bad5aa26c8431e319b6
2010-05-15 03:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-05-15 03:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2010-05-15 03:28:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-05-15 03:28:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2010-05-15 03:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-05-15 03:27:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-05-15 03:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-05-15 03:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-05-15 03:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-05-15 03:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-05-15 03:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961503_0$
2010-05-15 03:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-05-15 03:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-05-15 03:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2010-05-15 03:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-05-15 03:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-05-15 03:24:21 ----D---- C:\WINDOWS\ServicePackFiles
2010-05-15 03:24:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956744_0$
2010-05-15 03:24:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-05-15 03:23:58 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-05-15 03:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2010-05-15 03:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2010-05-15 03:22:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2010-05-15 03:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-05-15 03:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$
2010-05-15 03:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-05-15 03:19:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2010-05-15 03:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-05-15 03:19:31 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-05-15 03:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-05-15 03:18:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-05-15 03:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-05-15 03:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-05-15 03:18:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2010-05-15 03:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-05-15 03:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-05-15 03:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2010-05-15 03:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-05-15 03:11:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-05-15 03:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2010-05-15 03:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-05-15 03:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2010-05-15 03:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-05-15 03:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-05-15 03:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-05-15 03:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-05-15 03:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-05-15 03:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-05-15 03:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-05-15 03:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-05-15 03:07:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-05-15 03:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-05-15 03:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-05-14 22:15:21 ----HD---- C:\$AVG
2010-05-13 21:41:17 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-13 14:24:45 ----A---- C:\mbam-error.txt

======List of files/folders modified in the last 1 months======

2010-06-06 13:16:42 ----D---- C:\Program Files\Mozilla Firefox
2010-06-06 11:58:16 ----D---- C:\WINDOWS\Temp
2010-06-06 11:53:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-03 11:24:22 ----SHD---- C:\WINDOWS\CSC
2010-06-02 23:27:12 ----D---- C:\WINDOWS\system32\drivers
2010-06-02 23:21:36 ----SD---- C:\Documents and Settings\Authorized User\Application Data\Microsoft
2010-06-02 23:21:32 ----SHD---- C:\WINDOWS\Installer
2010-06-02 22:57:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-31 23:30:37 ----D---- C:\WINDOWS\system32\config
2010-05-31 23:29:51 ----D---- C:\WINDOWS\system32\wbem
2010-05-31 23:29:50 ----D---- C:\WINDOWS\Registration
2010-05-31 23:28:37 ----HD---- C:\WINDOWS\inf
2010-05-31 21:28:23 ----RD---- C:\Program Files
2010-05-30 13:47:15 ----D---- C:\WINDOWS\WinSxS
2010-05-30 13:46:59 ----D---- C:\WINDOWS\system32
2010-05-26 10:45:46 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2010-05-24 12:24:43 ----D---- C:\WINDOWS
2010-05-24 09:30:56 ----RSD---- C:\WINDOWS\assembly
2010-05-24 09:30:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-23 07:55:51 ----A---- C:\WINDOWS\imsins.BAK
2010-05-23 07:55:49 ----D---- C:\Program Files\Outlook Express
2010-05-23 07:51:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-22 14:56:50 ----A---- C:\WINDOWS\OEWABLog.txt
2010-05-22 14:55:42 ----A---- C:\WINDOWS\setuplog.txt
2010-05-22 10:31:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-22 10:27:29 ----D---- C:\WINDOWS\system32\Setup
2010-05-22 10:27:29 ----D---- C:\WINDOWS\AppPatch
2010-05-22 10:27:25 ----RSD---- C:\WINDOWS\Fonts
2010-05-22 10:26:29 ----D---- C:\WINDOWS\security
2010-05-22 10:11:13 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-22 10:10:32 ----D---- C:\Program Files\Movie Maker
2010-05-22 10:02:47 ----D---- C:\Program Files\Messenger
2010-05-22 09:56:31 ----D---- C:\WINDOWS\system32\inetsrv
2010-05-22 09:56:31 ----D---- C:\WINDOWS\network diagnostic
2010-05-22 09:56:31 ----D---- C:\WINDOWS\ime
2010-05-22 09:56:30 ----D---- C:\WINDOWS\Help
2010-05-22 09:56:06 ----D---- C:\WINDOWS\system32\usmt
2010-05-22 09:56:06 ----D---- C:\WINDOWS\system32\en-us
2010-05-22 09:56:01 ----D---- C:\WINDOWS\PeerNet
2010-05-22 09:50:01 ----D---- C:\WINDOWS\system32\Restore
2010-05-22 09:50:01 ----D---- C:\WINDOWS\system32\npp
2010-05-22 09:50:00 ----D---- C:\WINDOWS\mui
2010-05-22 09:49:58 ----D---- C:\WINDOWS\msagent
2010-05-22 09:49:56 ----D---- C:\WINDOWS\srchasst
2010-05-22 09:49:55 ----D---- C:\Program Files\NetMeeting
2010-05-22 09:49:52 ----D---- C:\WINDOWS\system32\Com
2010-05-22 09:49:49 ----D---- C:\Program Files\Windows Media Player
2010-05-22 09:49:48 ----D---- C:\Program Files\Windows NT
2010-05-22 09:49:42 ----D---- C:\Program Files\Common Files\System
2010-05-22 09:49:07 ----D---- C:\WINDOWS\system32\oobe
2010-05-22 09:49:05 ----D---- C:\WINDOWS\system
2010-05-22 09:42:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-05-22 09:37:10 ----D---- C:\WINDOWS\ehome
2010-05-17 19:37:30 ----D---- C:\Program Files\Common Files\Java
2010-05-17 19:36:22 ----D---- C:\Program Files\Java
2010-05-16 12:08:21 ----D---- C:\WINDOWS\Microsoft.NET
2010-05-16 09:34:46 ----D---- C:\WINDOWS\system32\XPSViewer
2010-05-16 09:29:04 ----D---- C:\Program Files\Internet Explorer
2010-05-15 03:08:01 ----D---- C:\WINDOWS\ie7updates
2010-05-14 22:15:48 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-05-14 16:06:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-13 15:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2010-05-08 23:42:06 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 ASMBATT;ASMBATT; C:\WINDOWS\System32\drivers\ASMBATT.SYS [2004-07-16 4992]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-04-09 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-02 242896]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2005-04-20 16384]
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-04-30 1171168]
R3 b57w2k;Broadcom NetXtreme Fast Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-05-21 175360]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-03-10 827100]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-11-08 22568]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
S2 G11AV;Digital Camera - PC Camera; C:\WINDOWS\System32\Drivers\G11av.sys [2002-08-01 514885]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 fgldrpow;fgldrpow; \??\C:\DOCUME~1\AUTHOR~1\LOCALS~1\Temp\fgldrpow.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ISLP2;Intersil 802.11 Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\islp2nds.sys [2002-10-03 611840]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 USBCamera;Digital Still Image Capture; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys [2005-03-10 265984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-07-05 65536]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-07-05 184320]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-04-09 308064]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-05-31 36400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-17 153376]
R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 tp4serv;tp4serv; C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE [2007-11-08 35616]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-23 654848]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
MommaSasquatch
Active Member
 
Posts: 9
Joined: June 3rd, 2010, 12:45 am

Re: Search engine redirect

Unread postby MommaSasquatch » June 6th, 2010, 3:32 pm

RSIT info.txt

info.txt logfile of random's system information tool 1.06 2010-06-06 13:19:01

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Access IBM Tools-->C:\Program Files\IBM\Access IBM\IBMUINST.EXE
Access IBM-->MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Adobe Acrobat 8.1.2 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{E9459BCF-0982-498B-ABA7-26C34323493F}
Digital Camera-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DigitalImageDevice\Digital Camera\Uninst.isu"
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
IBM High Rate Wireless LAN MiniPCI Card-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7ADFB43D-DA70-44AB-877A-4A4CAE63F706}
IBM ThinkPad Battery MaxiMiser and Power Management Features-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mshow Client-->C:\PROGRA~1\MSHOWC~1\UNWISE.EXE C:\PROGRA~1\MSHOWC~1\INSTALL.LOG
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NETGEAR WG511v2 wireless PC card-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B93D24B3-928D-4805-B379-4AA47CB3794E}
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RapidPlayer v5.0 ActiveX Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C2F32D-C5DD-4583-8181-B48591CA231C}\Setup.exe" -l0x9
RTC Client API v1.2 Setup-->MsiExec.exe /I{9E5AE5C0-423C-4F4F-823B-57781C2B77F5}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad TrackPoint Driver-->C:\Program Files\Lenovo\TrackPoint\tp4unins.exe
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
MommaSasquatch
Active Member
 
Posts: 9
Joined: June 3rd, 2010, 12:45 am

Re: Search engine redirect

Unread postby Cypher » June 7th, 2010, 5:52 am

Hi.
Gmer.txt log:
(blank - found nothing)

Thats unusual so we need to try another scan.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search engine redirect

Unread postby MommaSasquatch » June 7th, 2010, 12:01 pm

I would be happy to re-run the gmer scan if that would be helpful. I just remembered that I had forgotten to close Firefox before starting the scan, though I did close it soon after, in case that would make any difference.

I downloaded RKUnHooker from the link provided and when I first clicked to open it, it popped up a box with the title "Warning - Integrity checking" that said:

Rootkit UnHooker has detected parasite inside itself!
It is recommended to remove parasite, okay?

Parasite type: Unknown remote thread
Thread ID: 2232
Priority: 8
Thread start address: 0x77DF848A
Module: advapi32.dll


There is an Okay button and a Cancel button.

How should I proceed?
MommaSasquatch
Active Member
 
Posts: 9
Joined: June 3rd, 2010, 12:45 am

Re: Search engine redirect

Unread postby Cypher » June 7th, 2010, 12:22 pm

Hi.
Lets try something different please continue with the instructions below.

TDSSKiller
  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: only run this fix once.
  • Highlight and copy the text in the codebox below, Do not include the word Code:
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • A log file should be created on your desktop called tdskiller.txt, Please post the contents of that log in your next reply.


Next.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.


Next

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Logs/Information to Post in your Next Reply

  • tdskiller.txt log.
  • ComboFix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search engine redirect

Unread postby MommaSasquatch » June 7th, 2010, 7:31 pm

I want to say a great big THANK YOU for all your help so far!

A few minutes spent surfing and googling did not result in any further problems! All the search engine results I tried went to the normal, expected pages.

Here are the logs:

tdsskiller log


17:36:06:136 1336 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
17:36:06:136 1336 ================================================================================
17:36:06:136 1336 SystemInfo:

17:36:06:136 1336 OS Version: 5.1.2600 ServicePack: 3.0
17:36:06:136 1336 Product type: Workstation
17:36:06:136 1336 ComputerName: IBM-G40
17:36:06:136 1336 UserName: Authorized User
17:36:06:136 1336 Windows directory: C:\WINDOWS
17:36:06:136 1336 Processor architecture: Intel x86
17:36:06:136 1336 Number of processors: 1
17:36:06:136 1336 Page size: 0x1000
17:36:06:136 1336 Boot type: Normal boot
17:36:06:136 1336 ================================================================================
17:36:06:597 1336 Initialize success
17:36:06:597 1336
17:36:06:597 1336 Scanning Services ...
17:36:07:208 1336 Raw services enum returned 340 services
17:36:07:218 1336
17:36:07:218 1336 Scanning Drivers ...
17:36:08:049 1336 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:36:08:159 1336 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:36:08:339 1336 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:36:08:449 1336 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
17:36:08:660 1336 AgereSoftModem (f0e54bc012902e044926dcbfe272c8f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:36:09:120 1336 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
17:36:09:461 1336 ASMBATT (0c7e5a3f5b5760201685ca2d09ee075f) C:\WINDOWS\system32\drivers\ASMBATT.SYS
17:36:09:581 1336 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:36:09:661 1336 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:36:09:821 1336 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:36:09:962 1336 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:36:10:102 1336 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys
17:36:10:202 1336 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
17:36:10:362 1336 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\system32\Drivers\avgtdix.sys
17:36:10:572 1336 b57w2k (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:36:10:813 1336 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:36:11:103 1336 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:36:11:233 1336 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:36:12:415 1336 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:36:12:605 1336 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:36:12:736 1336 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:36:13:026 1336 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:36:13:467 1336 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:36:14:077 1336 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:36:14:358 1336 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:36:14:588 1336 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:36:14:738 1336 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:36:14:989 1336 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:36:15:249 1336 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:36:15:459 1336 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:36:15:770 1336 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:36:15:940 1336 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:36:16:191 1336 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:36:16:441 1336 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:36:16:711 1336 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:36:16:791 1336 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:36:17:112 1336 G11AV (0ba9408be8fc0c8cff6fe30f2f3fa21d) C:\WINDOWS\system32\Drivers\G11av.sys
17:36:17:362 1336 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:36:17:512 1336 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:36:17:913 1336 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
17:36:18:834 1336 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:36:19:465 1336 ialm (a1d34220b152e73cdbf71a69606a2db1) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:36:20:126 1336 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
17:36:20:487 1336 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
17:36:20:887 1336 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:36:21:188 1336 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:36:21:468 1336 intelppm (75a085dcff74cdeb0b0e150fb5c7d6d7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:36:21:468 1336 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: 75a085dcff74cdeb0b0e150fb5c7d6d7, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
17:36:21:468 1336 File "C:\WINDOWS\system32\DRIVERS\intelppm.sys" infected by TDSS rootkit ... 17:36:29:910 1336 Backup copy found, using it..
17:36:30:151 1336 will be cured on next reboot
17:36:30:331 1336 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:36:30:521 1336 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:36:30:721 1336 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:36:30:862 1336 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:36:31:032 1336 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:36:31:182 1336 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:36:31:342 1336 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:36:31:593 1336 ISLP2 (0fe5d25c9b7211dd785981fadbfd829f) C:\WINDOWS\system32\DRIVERS\islp2nds.sys
17:36:32:103 1336 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:36:32:244 1336 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
17:36:32:474 1336 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:36:32:674 1336 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:36:32:975 1336 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:36:33:175 1336 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:36:33:345 1336 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:36:33:576 1336 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:36:33:926 1336 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:36:34:116 1336 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:36:34:377 1336 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:36:34:547 1336 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:36:34:777 1336 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:36:34:917 1336 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:36:35:158 1336 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:36:35:679 1336 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:36:36:450 1336 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:36:36:740 1336 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:36:36:900 1336 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:36:37:131 1336 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:36:37:301 1336 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:36:37:561 1336 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:36:37:782 1336 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:36:38:002 1336 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:36:38:192 1336 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:36:38:362 1336 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:36:38:613 1336 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:36:38:933 1336 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:36:39:214 1336 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:36:39:394 1336 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:36:39:554 1336 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:36:39:754 1336 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:36:39:985 1336 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:36:40:095 1336 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:36:40:475 1336 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:36:40:926 1336 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:36:41:096 1336 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:36:42:158 1336 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
17:36:42:378 1336 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:36:42:498 1336 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:36:42:739 1336 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:36:43:920 1336 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:36:44:121 1336 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:36:44:321 1336 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:36:44:451 1336 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:36:44:702 1336 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:36:45:012 1336 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:36:45:182 1336 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:36:45:433 1336 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:36:45:773 1336 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:36:45:983 1336 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:36:46:244 1336 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:36:46:394 1336 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:36:46:724 1336 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:36:47:005 1336 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
17:36:47:295 1336 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
17:36:47:526 1336 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:36:47:636 1336 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:36:47:896 1336 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
17:36:48:176 1336 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:36:48:327 1336 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:36:48:567 1336 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:36:49:068 1336 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:36:49:248 1336 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:36:49:458 1336 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:36:49:619 1336 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
17:36:49:829 1336 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:36:50:039 1336 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:36:50:320 1336 Tp4Track (b0cfa3e60b39d692037d1702c6519e0b) C:\WINDOWS\system32\DRIVERS\tp4track.sys
17:36:50:540 1336 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
17:36:50:860 1336 TPPWR (8d6678aaab7ca42a71999e7b931cdf1d) C:\WINDOWS\system32\drivers\Tppwr.sys
17:36:51:251 1336 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
17:36:51:481 1336 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:36:52:353 1336 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:36:52:673 1336 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk533.sys
17:36:52:993 1336 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:36:53:254 1336 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:36:53:484 1336 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:36:53:765 1336 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:36:53:955 1336 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:36:54:275 1336 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:36:54:486 1336 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:36:54:736 1336 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:36:55:487 1336 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:36:55:827 1336 W8335XP (738244934c71118a21f8d678067d057d) C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys
17:36:56:218 1336 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:36:56:629 1336 Wdf01000 (8b35229d2761bc8ed526cb69e4f6685e) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:36:57:159 1336 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:36:57:490 1336 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:36:57:820 1336 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:36:58:311 1336 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:36:58:321 1336 Reboot required for cure complete..
17:36:59:072 1336 Cure on reboot scheduled successfully
17:36:59:072 1336
17:36:59:072 1336 Completed
17:36:59:072 1336
17:36:59:072 1336 Results:
17:36:59:072 1336 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:36:59:072 1336 File objects infected / cured / cured on reboot: 1 / 0 / 1
17:36:59:072 1336
17:36:59:082 1336 KLMD(ARK) unloaded successfully
MommaSasquatch
Active Member
 
Posts: 9
Joined: June 3rd, 2010, 12:45 am

Re: Search engine redirect

Unread postby MommaSasquatch » June 7th, 2010, 7:35 pm

ComboFix log

ComboFix 10-06-07.03 - Authorized User 06/07/2010 17:59:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.582 [GMT -5:00]
Running from: c:\documents and settings\Authorized User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\msimg32.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 22:45 . 2010-06-07 22:45 -------- d-----w- c:\program files\ERUNT
2010-06-07 13:53 . 2010-06-07 13:53 6656 ----a-w- c:\windows\system32\D68E0021.exe
2010-06-06 18:18 . 2010-06-06 18:19 -------- d-----w- C:\rsit
2010-06-01 04:29 . 2010-06-01 04:29 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-01 02:28 . 2010-06-06 18:18 -------- d-----w- c:\program files\Trend Micro
2010-05-30 18:46 . 2010-05-30 18:46 -------- d-----w- c:\program files\Alwil Software
2010-05-30 18:46 . 2010-05-30 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-26 13:45 . 2010-05-26 14:13 -------- d-----w- c:\documents and settings\Authorized User\Local Settings\Application Data\dexqlhupl
2010-05-22 14:56 . 2010-05-22 14:56 -------- d-----w- c:\windows\system32\scripting
2010-05-22 14:56 . 2010-05-22 14:56 -------- d-----w- c:\windows\l2schemas
2010-05-22 14:56 . 2010-05-22 14:56 -------- d-----w- c:\windows\system32\en
2010-05-22 14:56 . 2010-05-22 14:56 -------- d-----w- c:\windows\system32\bits
2010-05-18 00:36 . 2010-05-18 00:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 14:32 . 2010-05-16 14:33 -------- d-----w- C:\a25bad5aa26c8431e319b6
2010-05-15 08:24 . 2010-05-22 14:50 -------- d-----w- c:\windows\ServicePackFiles
2010-05-15 08:23 . 2010-05-15 08:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-15 08:19 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-15 03:15 . 2010-05-15 03:15 -------- d-----w- C:\$AVG
2010-05-15 02:23 . 2010-05-15 03:28 -------- d-----w- c:\documents and settings\Authorized User\Local Settings\Application Data\mffldknsb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 22:37 . 2004-08-04 12:00 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-06-03 04:21 . 2010-06-03 04:21 388096 ----a-r- c:\documents and settings\Authorized User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-02 14:16 . 2010-06-02 14:16 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-02 14:16 . 2010-06-02 14:16 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 14:16 . 2010-04-10 03:22 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 14:16 . 2010-04-10 03:22 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 14:00 . 2008-02-23 03:20 65344 ----a-w- c:\documents and settings\Authorized User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-23 00:40 . 2010-05-23 00:40 503808 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-40a936db-n\msvcp71.dll
2010-05-23 00:40 . 2010-05-23 00:40 499712 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-40a936db-n\jmc.dll
2010-05-23 00:40 . 2010-05-23 00:40 348160 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-40a936db-n\msvcr71.dll
2010-05-23 00:40 . 2010-05-23 00:40 61440 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7727cffc-n\decora-sse.dll
2010-05-23 00:40 . 2010-05-23 00:40 12800 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7727cffc-n\decora-d3d.dll
2010-05-22 14:59 . 2008-02-23 02:52 86695 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-18 00:37 . 2010-05-18 00:37 503808 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3b0b795c-n\msvcp71.dll
2010-05-18 00:37 . 2010-05-18 00:37 499712 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3b0b795c-n\jmc.dll
2010-05-18 00:37 . 2010-05-18 00:37 348160 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3b0b795c-n\msvcr71.dll
2010-05-18 00:37 . 2010-05-18 00:37 61440 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77fbd65a-n\decora-sse.dll
2010-05-18 00:37 . 2010-05-18 00:37 12800 ----a-w- c:\documents and settings\Authorized User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77fbd65a-n\decora-d3d.dll
2010-05-18 00:37 . 2008-04-03 21:16 -------- d-----w- c:\program files\Common Files\Java
2010-05-18 00:36 . 2008-04-03 21:19 -------- d-----w- c:\program files\Java
2010-05-15 03:15 . 2010-04-10 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-05-14 21:06 . 2010-04-10 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 20:39 . 2010-04-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-04-10 03:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 02:14 . 2008-02-23 05:54 -------- d-----w- c:\program files\CA
2010-04-10 03:54 . 2010-04-10 03:54 -------- d-----w- c:\documents and settings\Authorized User\Application Data\Malwarebytes
2010-04-10 03:53 . 2010-04-10 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-10 03:22 . 2010-04-10 03:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-10 03:21 . 2010-04-10 03:21 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-10 03:18 . 2010-04-10 03:18 -------- d-----w- c:\program files\AVG
2010-04-10 03:18 . 2010-04-10 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISLP2STA.EXE"="ISLP2STA.EXE START" [X]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2007-11-08 92960]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-30 88363]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR Smart Wizard.lnk - c:\windows\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [2008-2-27 2238]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-10 03:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 04:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 01:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

R1 ASMBATT;ASMBATT;c:\windows\system32\drivers\ASMBATT.SYS [2/23/2008 12:19 AM 4992]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/9/2010 10:21 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/9/2010 10:22 PM 242896]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2/23/2008 12:19 AM 16384]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/9/2010 10:20 PM 308064]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 tp4serv;tp4serv;c:\program files\Lenovo\TrackPoint\tp4servinst.exe [11/8/2007 10:56 AM 35616]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [11/8/2007 10:56 AM 22568]
S2 G11AV;Digital Camera - PC Camera;c:\windows\system32\drivers\G11AV.sys [4/8/2010 11:04 AM 514885]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [7/14/2008 1:30 PM 99248]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/9/2010 10:22 PM 369920]
S3 ISLP2;Intersil 802.11 Wireless LAN Driver;c:\windows\system32\drivers\islp2nds.sys [10/3/2002 6:07 PM 611840]
.
Contents of the 'Scheduled Tasks' folder

2010-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2010-05-27 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-02-23 06:38]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {BE7DBB5F-6377-405E-9040-F8C95C6997B6} - hxxp://invite.mshow.com/(fos32j451ymg54551g2omr55)/ShowSetup6.cab
FF - ProfilePath - c:\documents and settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\e2p3dye7.default\
FF - plugin: c:\documents and settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\e2p3dye7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-ACNotify - ACNotify.dll
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 18:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\MrvGINA.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'Explorer.exe'(2924)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\RunDll32.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\NETGEAR\WG511v2\wlancfg5.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2010-06-07 18:18:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-07 23:17

Pre-Run: 43,070,177,280 bytes free
Post-Run: 44,885,598,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A4D7B99FE527864663828856D81942D1


Please let me know if there is anything further that I need to do, and thank you again!
MommaSasquatch
Active Member
 
Posts: 9
Joined: June 3rd, 2010, 12:45 am

Re: Search engine redirect

Unread postby Cypher » June 8th, 2010, 5:47 am

Hi.
I want to say a great big THANK YOU for all your help so far!

You're most welcome :)
A few minutes spent surfing and googling did not result in any further problems!

Thats good news but we still have some work to do, please continue with the instructions below.


Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
c:\windows\system32\D68E0021.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using Virustotal try jotti.org


Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the below scan.


Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



Logs/Information to Post in your Next Reply

  • Virustotal or jotti results.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search engine redirect

Unread postby MommaSasquatch » June 8th, 2010, 4:31 pm

Thank you again. So far so good performance-wise.

VirusTotal results:


File has already been analysed:
MD5: 2f5b3d5bcab8eaec43263edf7a45a918
First received: 2010.02.08 09:29:15 UTC
Date: 2010.06.01 07:03:11 UTC [>7D]
Results: 1/41
Permalink: analisis/a9e4ce36ca738ec265db23a2eeec643bdc256df0686062b69cf4660ad4bbeaea-1275375791

Upon clicking reanalyze file:


File D68E0021.exe received on 2010.06.08 14:31:28 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/41 (2.44%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.08 -
AhnLab-V3 2010.06.08.06 2010.06.08 -
AntiVir 8.2.2.6 2010.06.08 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.08 -
Avast5 5.0.332.0 2010.06.08 -
AVG 9.0.0.787 2010.06.08 -
BitDefender 7.2 2010.06.08 -
CAT-QuickHeal 10.00 2010.06.08 -
ClamAV 0.96.0.3-git 2010.06.08 -
Comodo 5028 2010.06.08 -
DrWeb 5.0.2.03300 2010.06.08 -
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7618 2010.06.08 -
F-Prot 4.6.0.103 2010.06.08 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.08 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 -
Jiangmin 13.0.900 2010.06.08 -
Kaspersky 7.0.0.125 2010.06.08 -
McAfee 5.400.0.1158 2010.06.08 -
McAfee-GW-Edition 2010.1 2010.06.08 -
Microsoft 1.5802 2010.06.08 -
NOD32 5182 2010.06.08 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-08.01 2010.06.08 -
Panda 10.0.2.7 2010.06.07 Suspicious file
PCTools 7.0.3.5 2010.06.08 -
Prevx 3.0 2010.06.08 -
Rising 22.51.01.04 2010.06.08 -
Sophos 4.53.0 2010.06.08 -
Sunbelt 6418 2010.06.08 -
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.295 2010.06.08 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
VBA32 3.12.12.5 2010.06.08 -
ViRobot 2010.6.8.2343 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.07 -
Additional information
File size: 6656 bytes
MD5...: 2f5b3d5bcab8eaec43263edf7a45a918
SHA1..: 377b704b6a99f784ff2e2f24e8789ee5d1ba019f
SHA256: a9e4ce36ca738ec265db23a2eeec643bdc256df0686062b69cf4660ad4bbeaea
ssdeep: 96:nPUW2eBXPNBxBWtY1ZuC1PS8A28e9lZGC0e:nc4l58Y17jA2XeBe
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1c0c
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0xcb8 0xe00 5.94 f838ddf4b795968e326b06b0e42fb162
DATA 0x2000 0x8 0x200 0.04 532dd4aa9cd9b1a3dad1f0b610d1d6cc
BSS 0x3000 0xa2321 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xa6000 0x284 0x400 3.23 31e8b75f00ee72119e8f0d98f58a0573
.reloc 0xa7000 0x110 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xa8000 0x200 0x200 0.08 793d208c86af793cc8cd917d5a9d29e0

( 3 imports )
> advapi32.dll: RegisterServiceCtrlHandlerW, SetServiceStatus, StartServiceCtrlDispatcherW
> kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetModuleHandleW, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess
> ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=94a850e27b973c4c8adc84a5a7082f95
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-08 05:38:11
# local_time=2010-06-08 12:38:11 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 4217650 4217650 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=51396
# found=4
# cleaned=0
# scan_time=9927
C:\Documents and Settings\Authorized User\Application Data\Sun\Java\Deployment\cache\6.0\14\a6c344e-67694308 multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Authorized User\Application Data\Sun\Java\Deployment\cache\6.0\21\8104a95-535c63f9 multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Authorized User\Application Data\Sun\Java\Deployment\cache\6.0\38\6cabdda6-658c6d50 multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Authorized User\Application Data\Sun\Java\Deployment\cache\6.0\58\67fa047a-41ff5ecb multiple threats 00000000000000000000000000000000 I
MommaSasquatch
Active Member
 
Posts: 9
Joined: June 3rd, 2010, 12:45 am

Re: Search engine redirect

Unread postby Cypher » June 9th, 2010, 6:08 am

Hi.
Thank you again.

You're most welcome :)
So far so good performance-wise.

You have done well so far good work :thumbup:
Just a couple of things that need cleared up then you will be good to go.

Clear Java cache

  • Click on Start > Control Panel > Classic view then double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button.
  • There are two options in the window to clear the cache - Leave BOTH Checked.
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
  • Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Next.

Reset SP2 Firewall:

Click on Start >> Run... then cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On (recommended) >> OK.

Next.

Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
Java(TM) 6 Update 20
Java(TM) 6 Update 5

Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 20.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Post a New HJT Log
  • Start HijackThis.
  • If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  • From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
  • When completed...Notepad will open with the new "hijackthis.log" file contents.
  • Copy/paste the entire (hijackthis.log) file contents in your next reply.


Logs/Information to Post in your Next Reply

  • HijackThis log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search engine redirect

Unread postby MommaSasquatch » June 9th, 2010, 4:04 pm

OK, I did everything on the list. Performance-wise it is still running fine with no obvious problems. Yay! Here is the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:53:29 PM, on 6/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/acce ... /AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3739114719
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BE7DBB5F-6377-405E-9040-F8C95C6997B6} (ShowSetupObj6 Class) - http://invite.mshow.com/(fos32j451ymg54551g2omr55)/ShowSetup6.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9242 bytes
MommaSasquatch
Active Member
 
Posts: 9
Joined: June 3rd, 2010, 12:45 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware