Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pop-ups/redirecting internet bug

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Pop-ups/redirecting internet bug

Unread postby Atrax » August 14th, 2010, 4:46 pm

And then, here's the RSIT log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Declan Gunn at 2010-08-14 15:40:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 199 GB (70%) free of 286 GB
Total RAM: 1023 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:41:05 PM, on 8/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Documents and Settings\Declan Gunn\Desktop\RSIT.exe
C:\Program Files\trend micro\Declan Gunn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.occ.treas.gov/jobs/entry-level.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517141948.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WLSVC - Unknown owner - C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe

--
End of file - 10110 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517141948.dll [2010-04-27 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-13 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-07-29 270336]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-19 925696]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-26 180224]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-12-22 67752]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1193848]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-03-23 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-17 767312]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-19 2403568]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Wireless Connection Manager.lnk - C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-24 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-13 18:46:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-13 18:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-13 18:46:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-13 18:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-13 18:45:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-13 18:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-13 18:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-13 18:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-13 18:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-13 17:51:13 ----SHD---- C:\RECYCLER
2010-08-13 17:46:25 ----A---- C:\ComboFix.txt
2010-08-13 17:28:12 ----D---- C:\Program Files\Common Files\Java
2010-08-13 17:27:47 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-13 17:27:47 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-13 17:27:47 ----A---- C:\WINDOWS\system32\java.exe
2010-08-13 17:27:47 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-08-13 17:24:15 ----A---- C:\WINDOWS\imsins.BAK
2010-08-13 00:48:50 ----A---- C:\Boot.bak
2010-08-13 00:48:46 ----RASHD---- C:\cmdcons
2010-08-13 00:47:00 ----A---- C:\WINDOWS\zip.exe
2010-08-13 00:47:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-13 00:47:00 ----A---- C:\WINDOWS\SWSC.exe
2010-08-13 00:47:00 ----A---- C:\WINDOWS\SWREG.exe
2010-08-13 00:47:00 ----A---- C:\WINDOWS\sed.exe
2010-08-13 00:47:00 ----A---- C:\WINDOWS\PEV.exe
2010-08-13 00:47:00 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-13 00:47:00 ----A---- C:\WINDOWS\MBR.exe
2010-08-13 00:47:00 ----A---- C:\WINDOWS\grep.exe
2010-08-13 00:46:10 ----D---- C:\Qoobox
2010-08-13 00:30:36 ----A---- C:\TDSSKiller.2.4.1.1_13.08.2010_00.30.36_log.txt
2010-08-12 15:59:41 ----D---- C:\WINDOWS\ERDNT
2010-08-12 15:58:44 ----D---- C:\Program Files\ERUNT
2010-08-12 03:34:56 ----A---- C:\WINDOWS\system32\drivers\sbp2port.sys
2010-08-11 00:11:37 ----D---- C:\rsit
2010-08-11 00:11:37 ----D---- C:\Program Files\trend micro
2010-08-08 17:12:34 ----D---- C:\Program Files\HiJackThis
2010-08-02 00:21:01 ----D---- C:\Documents and Settings\Declan Gunn\Application Data\WTablet
2010-08-02 00:20:30 ----A---- C:\WINDOWS\system32\drivers\wacomvhid.sys
2010-08-02 00:20:30 ----A---- C:\WINDOWS\system32\drivers\wacommousefilter.sys
2010-08-02 00:20:29 ----D---- C:\WINDOWS\system32\WTablet
2010-08-02 00:20:28 ----N---- C:\WINDOWS\system32\Wintab32.dll
2010-08-02 00:20:28 ----N---- C:\WINDOWS\system32\Tablet.exe
2010-08-02 00:20:25 ----D---- C:\Program Files\Tablet
2010-08-02 00:18:52 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-07-30 00:16:29 ----D---- C:\Documents and Settings\Declan Gunn\Application Data\SUPERAntiSpyware.com
2010-07-30 00:16:29 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 00:16:19 ----D---- C:\Program Files\SUPERAntiSpyware

======List of files/folders modified in the last 1 months======

2010-08-14 15:40:59 ----D---- C:\WINDOWS\Prefetch
2010-08-14 15:40:47 ----D---- C:\WINDOWS\Temp
2010-08-14 12:41:28 ----D---- C:\WINDOWS
2010-08-14 03:41:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-14 03:41:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-14 03:15:19 ----D---- C:\WINDOWS\system32
2010-08-13 18:46:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-13 18:46:18 ----HD---- C:\WINDOWS\inf
2010-08-13 18:46:18 ----D---- C:\WINDOWS\system32\drivers
2010-08-13 18:46:15 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-13 18:45:46 ----D---- C:\Program Files\Internet Explorer
2010-08-13 18:45:39 ----D---- C:\WINDOWS\ie8updates
2010-08-13 18:44:13 ----D---- C:\WINDOWS\Debug
2010-08-13 18:43:48 ----D---- C:\Program Files\Movie Maker
2010-08-13 17:44:46 ----A---- C:\WINDOWS\system.ini
2010-08-13 17:42:04 ----D---- C:\WINDOWS\AppPatch
2010-08-13 17:42:00 ----D---- C:\Program Files\Common Files
2010-08-13 17:28:14 ----SHD---- C:\WINDOWS\Installer
2010-08-13 00:58:27 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-13 00:48:50 ----RASH---- C:\boot.ini
2010-08-12 15:58:44 ----RD---- C:\Program Files
2010-08-08 17:12:35 ----SD---- C:\Documents and Settings\Declan Gunn\Application Data\Microsoft
2010-08-06 02:31:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-03 17:21:12 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2010-08-03 11:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-02 03:45:24 ----A---- C:\WINDOWS\win.ini
2010-08-01 01:07:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-31 16:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2010-07-28 16:28:38 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-28 13:49:27 ----D---- C:\WINDOWS\system32\en-US
2010-07-26 23:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 17:22:55 ----D---- C:\Documents and Settings\Declan Gunn\Application Data\U3
2010-07-15 01:44:41 ----D---- C:\Documents and Settings\Declan Gunn\Application Data\Macromedia
2010-07-15 01:44:32 ----D---- C:\WINDOWS\system32\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-04-27 385880]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-11 98432]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-12 20640]
R0 sbp2port;SBP-2 Transport/Protocol Bus Driver; C:\WINDOWS\system32\DRIVERS\sbp2port.sys [2008-04-13 43904]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-04-27 82952]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-26 58908]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-04-01 21361]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control; C:\WINDOWS\system32\DRIVERS\wlndis50.sys [2008-02-27 20480]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-24 1478656]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-04-27 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-04-27 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-04-27 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-04-27 312616]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-04-27 88480]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2009-08-05 588032]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-10 393088]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
S3 catchme;catchme; \??\C:\DOCUME~1\DECLAN~1\LOCALS~1\Temp\catchme.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-04-27 88480]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-04-27 83496]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-24 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 FlipShare Service;FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [2010-05-14 455944]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-07-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2005-07-07 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-13 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-01-05 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-07-29 118843]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-07-29 61503]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2007-03-30 1189424]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-26 520192]
S2 WLSVC;WLSVC; C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe [2009-02-11 167936]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-01 655624]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]

-----------------EOF-----------------
Atrax
Active Member
 
Posts: 14
Joined: August 9th, 2010, 12:41 am
Advertisement
Register to Remove

Re: Pop-ups/redirecting internet bug

Unread postby DFW » August 15th, 2010, 5:06 am

Clear Java's Cache

Click Start > Control Panel
Double-click the Java icon in the control panel. (coffeecup icon)
Click Settings under Temporary Internet Files.
-The Temporary Files Settings dialog box appears.
Click Delete Files.
-The Delete Temporary Files dialog box appears.
-There are two options on this window to clear the cache.
Applications and Applets
Trace and Log Files
Make sure both are checked
Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.




I see that you have Adobe Acrobat 4.0 which is designed to create, manipulate and manage PDF files, I would not use this to veiw PDF files online as Adobe Acrobat 4.0
is 10 years old, a lot of infections are passed by outdated PDF software, I would keep the paid for Adobe Acrobat 4.0 for any PDF creating or editing that you do, but download and
install the reader just to veiw PDF files online.

Please download Adobe Reader 9.3 to your PC's desktop.
  • Install the new downloaded updated software.






Run Combofix Script
Stop all your monitoring programs (Antivirus/Antispyware, Firewalls, Guards and Shields) as they could easily interfere with ComboFix.
For instructions on how to disable your security programs, please see this topic below
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


  • Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
     
    Folder:: 
    c:\documents and settings\NetworkService\Local Settings\Application Data\bdglnnbms
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Please post back

Combofix log
And a description of how your system is now.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Pop-ups/redirecting internet bug

Unread postby Atrax » August 15th, 2010, 5:22 pm

Ok, did what you asked.
As far as the health of my computer is concerned, it seems to be running smoothly. I haven't gotten redirected or had a pop up in a while. Good sign! I mean, I hope so.

Oh, and here's my combolog:
ComboFix 10-08-15.01 - Declan Gunn 08/15/2010 16:07:25.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.616 [GMT -7:00]
Running from: c:\documents and settings\Declan Gunn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Declan Gunn\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Local Settings\Application Data\bdglnnbms

.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 06:32 . 2010-08-15 06:32 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\Reallusion
2010-08-15 06:31 . 2008-05-30 21:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-08-15 06:31 . 2010-08-15 06:31 -------- d-----w- c:\windows\Logs
2010-08-15 06:23 . 2010-08-15 06:23 -------- d-----w- c:\windows\lhsp
2010-08-15 06:23 . 2010-08-15 06:23 -------- d-----w- c:\windows\speech
2010-08-15 06:23 . 2010-08-15 06:23 -------- d-----w- c:\program files\CFS-Technologies
2010-08-14 00:28 . 2010-08-14 00:28 -------- d-----w- c:\program files\Common Files\Java
2010-08-14 00:27 . 2010-08-14 00:27 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-12 22:58 . 2010-08-12 22:59 -------- d-----w- c:\program files\ERUNT
2010-08-12 10:34 . 2008-04-13 18:40 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-08-12 10:34 . 2008-04-13 18:40 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-08-11 07:11 . 2010-08-14 22:40 -------- d-----w- c:\program files\trend micro
2010-08-11 07:11 . 2010-08-11 07:12 -------- d-----w- C:\rsit
2010-08-09 00:12 . 2010-08-09 00:12 388096 ----a-r- c:\documents and settings\Declan Gunn\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-06 07:43 . 2010-08-06 07:43 503808 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7429a6af-n\msvcp71.dll
2010-08-06 07:43 . 2010-08-06 07:43 499712 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7429a6af-n\jmc.dll
2010-08-06 07:43 . 2010-08-06 07:43 348160 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7429a6af-n\msvcr71.dll
2010-08-06 07:43 . 2010-08-06 07:43 61440 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4948468c-n\decora-sse.dll
2010-08-06 07:43 . 2010-08-06 07:43 12800 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4948468c-n\decora-d3d.dll
2010-08-02 22:43 . 2010-08-02 22:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-08-02 07:21 . 2010-08-15 22:03 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\WTablet
2010-08-02 07:20 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-08-02 07:20 . 2007-02-16 18:30 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-08-02 07:20 . 2010-08-02 07:20 -------- d-----w- c:\windows\system32\WTablet
2010-08-02 07:20 . 2007-03-31 01:06 1189424 ------w- c:\windows\system32\Tablet.exe
2010-08-02 07:20 . 2007-03-31 00:38 124464 ------w- c:\windows\system32\Wintab32.dll
2010-08-02 07:20 . 2010-08-02 07:20 -------- d-----w- c:\program files\Tablet
2010-08-02 07:18 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-02 07:18 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-30 07:16 . 2010-08-05 00:12 63488 ----a-w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 07:16 . 2010-07-30 07:16 52224 ----a-w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 07:16 . 2010-08-05 00:12 117760 ----a-w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 07:16 . 2010-07-30 07:16 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com
2010-07-30 07:16 . 2010-07-30 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 07:16 . 2010-07-30 07:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-26 07:25 . 2010-08-13 00:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 16:46 . 2010-07-21 16:46 -------- d-----w- c:\documents and settings\Declan Gunn\Local Settings\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 22:45 . 2010-04-01 07:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-15 21:58 . 2010-04-01 07:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-15 09:33 . 2010-04-02 02:01 1 ----a-w- c:\documents and settings\Declan Gunn\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-13 07:32 . 2004-08-04 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2010-08-04 00:21 . 2010-04-01 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-07-31 23:56 . 2010-04-11 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-26 00:22 . 2010-04-19 02:53 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\U3
2010-07-11 21:11 . 2010-07-11 21:11 -------- d-----w- c:\program files\3ivx
2010-07-11 21:11 . 2010-07-11 21:11 -------- d-----w- c:\program files\Flip Video
2010-07-11 21:10 . 2010-07-11 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 20:22 . 2010-06-25 20:22 -------- d-----w- c:\program files\ETS
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-04-01 07:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-28 07:43 . 2010-05-28 07:43 503808 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4673a8b5-n\msvcp71.dll
2010-05-28 07:43 . 2010-05-28 07:43 499712 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4673a8b5-n\jmc.dll
2010-05-28 07:43 . 2010-05-28 07:43 348160 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4673a8b5-n\msvcr71.dll
2010-05-28 07:43 . 2010-05-28 07:43 61440 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5bf42a0f-n\decora-sse.dll
2010-05-28 07:43 . 2010-05-28 07:43 12800 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5bf42a0f-n\decora-d3d.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-13_07.58.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 07:02 . 2009-07-12 07:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-08-15 21:58 . 2010-08-15 21:58 16384 c:\windows\Temp\Perflib_Perfdata_3a4.dat
- 2009-03-08 12:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 12:31 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2010-04-01 20:35 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-04-01 20:35 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-04-01 20:35 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-04-01 20:35 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-04-01 07:06 . 2010-08-15 23:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-04-01 07:06 . 2010-08-12 23:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-08-14 00:57 . 2010-08-15 23:03 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-04-01 07:06 . 2010-08-12 23:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 1999-01-12 18:35 . 1999-01-12 18:35 53760 c:\windows\speech\WrapSAPI.dll
+ 1998-09-24 22:15 . 1998-09-24 22:15 40960 c:\windows\lhsp\tv\tvenuax.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
- 2009-03-08 12:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-03-08 12:32 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll
- 2010-04-07 06:08 . 2010-04-07 06:08 153376 c:\windows\system32\javaws.exe
+ 2010-08-14 00:27 . 2010-08-14 00:27 153376 c:\windows\system32\javaws.exe
- 2010-04-07 06:08 . 2010-04-07 06:08 145184 c:\windows\system32\javaw.exe
+ 2010-08-14 00:27 . 2010-08-14 00:27 145184 c:\windows\system32\javaw.exe
+ 2010-08-14 00:27 . 2010-08-14 00:27 145184 c:\windows\system32\java.exe
- 2010-04-07 06:08 . 2010-04-07 06:08 145184 c:\windows\system32\java.exe
+ 2004-08-04 12:00 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
+ 2010-03-31 22:49 . 2010-08-14 10:15 168304 c:\windows\system32\FNTCACHE.DAT
- 2010-03-31 22:49 . 2010-06-10 19:35 168304 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-01 22:35 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-04-01 20:35 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2010-04-01 20:35 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2010-04-01 20:35 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-04-01 20:35 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 09:58 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 09:58 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-04 12:00 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 1999-01-12 22:19 . 1999-01-12 22:19 195584 c:\windows\speech\Xvoice.dll
+ 1999-01-12 22:19 . 1999-01-12 22:19 203776 c:\windows\speech\XTel.Dll
+ 1999-01-12 22:19 . 1999-01-12 22:19 208896 c:\windows\speech\Xlisten.dll
+ 1999-01-12 22:19 . 1999-01-12 22:19 128000 c:\windows\speech\Xcommand.dll
+ 1999-01-12 22:19 . 1999-01-12 22:19 173056 c:\windows\speech\VText.dll
+ 1999-01-12 22:19 . 1999-01-12 22:19 179712 c:\windows\speech\Vdict.dll
+ 1999-01-12 22:19 . 1999-01-12 22:19 156160 c:\windows\speech\vcmshl.dll
+ 1999-01-12 22:09 . 1999-01-12 22:09 380928 c:\windows\speech\vcmd.exe
+ 1999-01-12 22:19 . 1999-01-12 22:19 562176 c:\windows\speech\speech.dll
+ 1999-01-12 22:19 . 1999-01-12 22:19 248832 c:\windows\speech\spchtel.dll
+ 2010-08-15 06:31 . 2010-08-15 06:31 219648 c:\windows\Installer\8fa5a2.msi
+ 2010-08-14 00:28 . 2010-08-14 00:28 180224 c:\windows\Installer\15f0b.msi
+ 2010-08-14 00:27 . 2010-08-14 00:27 677376 c:\windows\Installer\15f06.msi
+ 2010-08-14 01:45 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-08-14 01:45 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-08-14 01:45 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-08-14 01:45 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-08-14 01:45 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2009-07-12 07:02 . 2009-07-12 07:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2010-04-28 02:25 2189952 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 12:00 . 2010-02-17 16:10 2189952 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2010-04-27 13:05 2066816 c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:59 . 2010-02-16 13:25 2066816 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll
+ 2009-03-08 12:32 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2009-08-14 13:21 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
- 2010-04-01 22:37 . 2010-02-17 16:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-04-01 22:37 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-04-01 22:37 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2010-04-01 22:37 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 03:02 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-08 03:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-04-01 22:37 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2010-04-01 22:37 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-04 12:00 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll
- 2010-04-01 07:01 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-04-01 07:01 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-04-01 20:35 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 1998-09-30 17:09 . 1998-09-30 17:09 1276416 c:\windows\lhsp\tv\tv_enua.dll
+ 2010-08-15 22:45 . 2010-08-15 22:45 3940352 c:\windows\Installer\2aa2ed.msi
+ 2010-08-14 01:45 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
+ 2010-04-01 22:37 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2010-04-01 22:37 . 2010-02-17 16:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-04-01 22:37 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2010-04-01 22:37 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-08 03:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-08 03:02 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-04-01 22:37 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2010-04-01 22:37 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-01 20:35 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe
+ 2009-03-08 12:39 . 2010-06-25 00:51 11077120 c:\windows\system32\ieframe.dll
+ 2010-02-25 19:54 . 2010-06-25 00:51 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-08-14 01:45 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-30 270336]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2010-4-1 505152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/14/2010 7:14 PM 82952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/1/2010 12:11 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/14/2010 7:13 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/14/2010 7:13 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/14/2010 7:14 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/14/2010 7:14 PM 141792]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [4/1/2010 12:34 PM 20480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/14/2010 7:14 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/14/2010 7:14 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/14/2010 7:14 PM 88480]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [4/1/2010 12:34 PM 588032]
S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [4/1/2010 12:34 PM 167936]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/14/2010 7:14 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/14/2010 7:14 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.occ.treas.gov/jobs/entry-level.htm
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 16:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1436)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1496)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-08-15 16:17:11
ComboFix-quarantined-files.txt 2010-08-15 23:17
ComboFix2.txt 2010-08-14 00:46
ComboFix3.txt 2010-08-13 08:01

Pre-Run: 208,014,188,544 bytes free
Post-Run: 208,255,565,824 bytes free

- - End Of File - - 7E9C71343626A63B3FB8CB9ADC55D15A
Atrax
Active Member
 
Posts: 14
Joined: August 9th, 2010, 12:41 am

Re: Pop-ups/redirecting internet bug

Unread postby DFW » August 16th, 2010, 4:03 am

Your logs and system now appears to be clean, we just need to remove the tools we have used and clean up.



To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled. Now delete DeFogger from your desktop.




Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Image





We Need to remove the tools we have used

Please download OTC and save it to desktop.

This tool will remove all the tools(and logs created) we used to clean your pc. Any left over merely delete yourself and empty the Recycle Bin.

  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



There is no harm in keeping HijackThis v2.0.4 installed, but if used incorrectly it could fry your system, I advise you to
go to add and remove programs and uninstall it, you can always download again if needed.


Keep Temp File Cleaner and run weekly to keep your system free of clutter.


ERUNT is a registry backup program, so you can keep it and use, if you like, it good for backing up of the registry before
making any major changes to your system





Extra Protection and Advice



Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool.

http://www.besttechie.net/tools/mbam-setup.exe

It is totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide

Malwarebytes' Anti-Malware Scanning Guide



Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware




Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update,
you can use the Secunia Software Inspector - I suggest that you run it at least once a month




Read some information here how to prevent Malware.



Please post back and let me know the cleanup went ok

DFW
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Pop-ups/redirecting internet bug

Unread postby Atrax » August 17th, 2010, 1:30 am

Ok, all done!

Cleanup went without problem. Got those programs you've suggested.

Let me say, thank you so much for all your help!!! I have my computer back!!! :)
Atrax
Active Member
 
Posts: 14
Joined: August 9th, 2010, 12:41 am

Re: Pop-ups/redirecting internet bug

Unread postby DFW » August 17th, 2010, 3:03 am

Your very welcome.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Pop-ups/redirecting internet bug

Unread postby Dakeyras » August 17th, 2010, 4:07 am

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware