Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirection when I click on search results

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirection when I click on search results

Unread postby dgebala » August 9th, 2010, 11:43 pm

My hardware is an IBM T42 running XP Pro SP3
The problem is that when I click on my search results, I get redirected to various pages or search engines. I am browsing in Firefox, but the redirection sometimes pops up in IE. It's very annoying, but I am more concerned about theft of other information when I am using the browser.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:29 PM, on 8/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\java.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

--
End of file - 10734 bytes
dgebala
Active Member
 
Posts: 14
Joined: July 31st, 2010, 4:06 pm
Advertisement
Register to Remove

Re: Redirection when I click on search results

Unread postby MWR 3 day Mod » August 13th, 2010, 1:29 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Redirection when I click on search results

Unread postby deltalima » August 13th, 2010, 6:51 am

Hi dgebala,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Please let me know if this computer is used for business.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirection when I click on search results

Unread postby dgebala » August 13th, 2010, 11:46 am

Thanks deltalima

This is a personal machine, not used for business.
I should tell you that I have run Stopzilla and isolated some malware since my original post...does that affect the suggested actions?

Here's the Hijack This log you requested:

AC3Filter (remove only)
Access IBM
Access IBM Message Center
Acrobat.com
Acrobat.com
Across Lite 2.0
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Atmel Tpm Install 2.1.1.01
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
CC_ccStart
ccCommon
Critical Update for Windows Media Player 11 (KB959772)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
FormViewer
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
getPlus(R) for Adobe
Google SketchUp 7
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM Update Connector
IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD
iTunes
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Linksys EasyLink Advisor
Linksys EasyLink Advisor
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.6.8)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
OGA Notifier 2.0.0048.0
OverDrive Media Console
PC-Doctor for Windows
QuickTime
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Slingbox Platform SDK 1.2.5.26
SlingPlayer
Sonic Update Manager
STOPzilla
Symantec Script Blocking Installer
SymNet
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Wallpapers
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WINForms Desktop
WinRAR archiver
Yahoo! Messenger
dgebala
Active Member
 
Posts: 14
Joined: July 31st, 2010, 4:06 pm

Re: Redirection when I click on search results

Unread postby deltalima » August 13th, 2010, 1:01 pm

Hi dgebala,

I have run Stopzilla and isolated some malware since my original post


OK, thanks for letting me know, please make no more changes unless I ask for them.

Norton AntiVirus 2004


That is a very old version, do you still receive updated antivirus definitions for that software?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirection when I click on search results

Unread postby dgebala » August 13th, 2010, 11:54 pm

No, I don't receive any NAV updates
dgebala
Active Member
 
Posts: 14
Joined: July 31st, 2010, 4:06 pm

Re: Redirection when I click on search results

Unread postby deltalima » August 14th, 2010, 10:46 am

Hi dgebala,

I don't receive any NAV updates


An updated antivirus program is vital.

Please remove Norton and the install one of the free ones I describe below.

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Norton AntiVirus 2004
    click Remove
    highlight Norton AntiVirus 2004 (Symantec Corporation)
    click Remove
    highlight Norton AntiVirus Parent MSI
    click Remove
    highlight Norton WMI Update
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Norton Removal Tool

Please go to the Norton Removal Tool main page Here
  • Under Choose your product: click on the I have a Norton 2004 or 2005 product link.
  • Please Download and run the Norton Removal Tool then Reboot your computer.


Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Once installed, please update and run a full scan then post the logs in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirection when I click on search results

Unread postby dgebala » August 15th, 2010, 2:15 am

Uninstalled NAV using the tool I downloaded. I also uninstalled STOPZilla based on your suggestion that I only have a single anti virus/anti malware tool installed. Installed Avast and scanned: no infected files found.

My current HijackThis log:

AC3Filter (remove only)
Access IBM
Access IBM Message Center
Acrobat.com
Acrobat.com
Across Lite 2.0
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Atmel Tpm Install 2.1.1.01
avast! Free Antivirus
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
Critical Update for Windows Media Player 11 (KB959772)
FormViewer
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
getPlus(R) for Adobe
Google SketchUp 7
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM Update Connector
IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD
iTunes
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Linksys EasyLink Advisor
Linksys EasyLink Advisor
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
PC-Doctor for Windows
QuickTime
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic Update Manager
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Wallpapers
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WINForms Desktop
Yahoo! Messenger
dgebala
Active Member
 
Posts: 14
Joined: July 31st, 2010, 4:06 pm

Re: Redirection when I click on search results

Unread postby deltalima » August 15th, 2010, 4:29 am

Hi dgebala,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirection when I click on search results

Unread postby dgebala » August 17th, 2010, 7:37 pm

OTL logfile created on: 8/17/2010 4:30:29 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.99 Gb Total Space | 11.66 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBMT42
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dave\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Virtual Token\vtserver.exe (UPEK Inc.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
PRC - C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\TpShocks.exe (IBM Corp.)
PRC - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ()
PRC - C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dave\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (SlingAgentService) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe File not found
SRV - (PsaSrv) -- C:\WINDOWS\System32\PsaSrv.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (vtserver) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe (UPEK Inc.)
SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (IBM Rapid Restore Ultra Service) -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ()
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe ()
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (szkg5) -- C:\WINDOWS\system32\drivers\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Windows (R) 2000 DDK provider)
DRV - (AtmelTpm) -- C:\WINDOWS\system32\drivers\AtmelTpm.sys (Atmel, Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (QCNDISIF) -- C:\WINDOWS\system32\drivers\qcndisif.sys (IBM Corporation.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (Shockprf) -- C:\WINDOWS\System32\drivers\shockprf.sys (IBM Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TPHKDRV) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (ShockMgr) -- C:\WINDOWS\System32\drivers\ShockMgr.sys (IBM Corporation)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (IBM Corp.)
DRV - (S3SSavage) -- C:\WINDOWS\system32\drivers\s3ssavm.sys (S3 Graphics, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)
DRV - (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-662707853-3735025393-3649115591-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
IE - HKU\S-1-5-21-662707853-3735025393-3649115591-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://global.nytimes.com/|http://us.f311.mail.yahoo.com/ym/ShowFolder?rb=Inbox&reset=1&YY=3253&inc=25&order=down&sort=date&pos=0&view=a&head=b&box=Inbox|http://www.techbargains.com/|http://newsmap.jp/|https://online.mecunet.org/asp/USERS/Common/Login/NetLogin.asp|http://www.google.com/calendar/render|http://www.facebook.com/login.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.8.7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 08:20:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 08:20:48 | 000,000,000 | ---D | M]

[2008/06/20 20:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2010/08/16 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\fexvo4pb.default\extensions
[2010/04/28 09:38:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\fexvo4pb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/09 20:29:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\fexvo4pb.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/07/25 18:53:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\fexvo4pb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/04 21:35:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\fexvo4pb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/16 22:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\fexvo4pb.default\extensions\foxmarks@kei.com
[2010/08/16 20:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 07:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/09 13:25:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2001/08/18 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKU\S-1-5-21-662707853-3735025393-3649115591-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-662707853-3735025393-3649115591-1005\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKU\S-1-5-21-662707853-3735025393-3649115591-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [UC_SMB] File not found
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKU\S-1-5-21-662707853-3735025393-3649115591-1005..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-662707853-3735025393-3649115591-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-662707853-3735025393-3649115591-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-662707853-3735025393-3649115591-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... 41-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\IBM fingerprint software\psfus.dll - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/15 15:20:06 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{87c5e34d-bdf5-11de-b85b-000e9b6e2798}\Shell\AutoRun\command - "" = D:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{87c5e34d-bdf5-11de-b85b-000e9b6e2798}\Shell\Setup FlipShare\command - "" = D:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{98ad273d-a41d-11dc-b807-000e9b6e2798}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-662707853-3735025393-3649115591-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/16 22:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/16 22:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/08/15 10:01:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/08/14 21:53:09 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/14 21:53:09 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/14 21:53:07 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/14 21:53:06 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/14 21:53:03 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/14 21:53:03 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/14 21:53:03 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/14 21:52:49 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/14 21:52:48 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/14 21:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/14 21:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/13 18:32:08 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/08/13 18:32:08 | 000,447,952 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/08/13 18:32:08 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/08/13 18:32:08 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/08/13 18:32:08 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/08/13 18:32:08 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/08/13 18:32:06 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/08/13 18:32:06 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/08/13 18:32:06 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/08/13 18:32:06 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/08/13 18:32:06 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/08/13 18:32:06 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/08/12 10:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/12 10:48:58 | 000,390,656 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Dave\Desktop\STOPzilla_Setup.exe
[2010/08/09 13:25:21 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/09 13:25:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/09 13:25:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/02 19:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/07/28 21:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2010/07/28 21:36:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/28 21:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/28 21:36:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/28 21:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/28 21:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/28 21:30:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\Analyze.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/17 16:31:47 | 000,000,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/08/17 08:24:47 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/17 08:20:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/17 08:20:15 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 08:19:31 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\Laylbej.job
[2010/08/17 08:19:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 08:19:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 08:19:16 | 2146,357,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/17 08:18:25 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Dave\NTUSER.DAT
[2010/08/17 08:18:01 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dave\ntuser.ini
[2010/08/16 21:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/15 10:01:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\hnb3gb3i.exe
[2010/08/15 10:01:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/08/14 21:53:04 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/13 18:32:08 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/08/13 18:32:08 | 000,447,952 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/08/13 18:32:08 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/08/13 18:32:08 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/08/13 18:32:08 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/08/13 18:32:08 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/08/13 18:32:06 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/08/13 18:32:06 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/08/13 18:32:06 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/08/13 18:32:06 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/08/13 18:32:06 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/08/13 18:32:06 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/08/12 19:42:05 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 10:48:58 | 000,390,656 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Dave\Desktop\STOPzilla_Setup.exe
[2010/08/12 10:34:56 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 07:50:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 07:48:15 | 000,572,204 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 07:48:15 | 000,491,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 07:48:15 | 000,090,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 19:36:09 | 002,379,063 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\ac3filter_1-46.zip
[2010/07/28 22:06:23 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\HijackThis.lnk
[2010/07/28 21:30:52 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\Analyze.exe
[2010/07/28 21:01:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/17 08:21:28 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/15 10:01:29 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\hnb3gb3i.exe
[2010/08/02 19:37:36 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2010/08/02 19:35:28 | 002,379,063 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\ac3filter_1-46.zip
[2010/07/28 21:32:01 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\HijackThis.lnk
[2010/07/09 20:39:00 | 000,088,576 | RHS- | C] () -- C:\WINDOWS\System32\rtutils5.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/07 16:02:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2008/12/07 16:02:53 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2008/04/16 08:12:45 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/03/22 10:27:25 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/09 22:24:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2007/11/28 22:29:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Lidbeep.ini
[2007/11/15 23:20:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/15 15:01:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/15 14:59:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2007/11/15 14:59:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2007/11/15 14:59:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2007/11/15 14:58:25 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2007/11/15 14:52:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/11/15 14:52:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/11/15 14:52:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/11/15 14:52:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/11/15 14:52:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/11/15 14:52:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/11/15 14:51:37 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/15 14:44:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007/11/15 14:44:05 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007/11/15 14:43:38 | 000,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007/11/15 14:41:57 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/11/15 14:23:34 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/15 14:17:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/11/08 18:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/19 13:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/03/19 13:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/01/09 07:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/02/20 10:32:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 01:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1980/01/01 01:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 01:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
< End of report >

OTL Extras logfile created on: 8/17/2010 4:30:29 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.99 Gb Total Space | 11.66 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBMT42
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-662707853-3735025393-3649115591-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)
"C:\Program Files\Worksmart\Worksmart.exe" = C:\Program Files\Worksmart\Worksmart.exe:*:Enabled:Worksmart Application -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" = C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide -- File not found
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe" = C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Setup.exe" = E:\Setup.exe:*:Enabled:Setup -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Dave\Local Settings\Temp\7zS173.tmp\SymNRT.exe" = C:\Documents and Settings\Dave\Local Settings\Temp\7zS173.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C0BC353-B261-44D5-83F1-C8BDCF8FD9F9}" = STOPzilla
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34BFBF2A-06B9-4B5E-BB33-E78B67450ED7}" = IBM fingerprint software 4.5.3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7AD4D6E7-CF00-4299-A8BF-EED77E37770E}" = Atmel Tpm Install 2.1.1.01
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"AC3Filter" = AC3Filter (remove only)
"Across Lite 2.0" = Across Lite 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"HijackThis" = HijackThis 2.0.2
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"ULTIMATER" = Microsoft Office Ultimate 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WINForms Desktop" = WINForms Desktop
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-662707853-3735025393-3649115591-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2010 10:47:11 PM | Computer Name = IBMT42 | Source = Application Error | ID = 1000
Description = Faulting application divxupdate.exe, version 1.0.1.10, faulting module
msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

Error - 7/24/2010 12:10:55 PM | Computer Name = IBMT42 | Source = Application Error | ID = 1000
Description = Faulting application divxupdate.exe, version 1.0.1.10, faulting module
msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

Error - 7/26/2010 10:14:33 PM | Computer Name = IBMT42 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x05003000.

Error - 8/9/2010 4:14:56 PM | Computer Name = IBMT42 | Source = Userenv | ID = 1068
Description = Windows ended GPO processing because the computer shut down or the
user logged off.

Error - 8/9/2010 4:46:58 PM | Computer Name = IBMT42 | Source = Application Error | ID = 1000
Description = Faulting application divxupdate.exe, version 1.0.1.10, faulting module
msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

Error - 8/12/2010 10:38:34 AM | Computer Name = IBMT42 | Source = Application Error | ID = 1000
Description = Faulting application divxupdate.exe, version 1.0.1.10, faulting module
msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

Error - 8/12/2010 10:42:59 AM | Computer Name = IBMT42 | Source = Application Error | ID = 1001
Description = Fault bucket 1895381466.

Error - 8/12/2010 1:52:47 PM | Computer Name = IBMT42 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/12/2010 1:52:47 PM | Computer Name = IBMT42 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/12/2010 1:52:47 PM | Computer Name = IBMT42 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 8/13/2010 11:57:16 AM | Computer Name = IBMT42 | Source = Service Control Manager | ID = 7000
Description = The SlingAgentService service failed to start due to the following
error: %%2

Error - 8/14/2010 11:40:29 PM | Computer Name = IBMT42 | Source = Service Control Manager | ID = 7000
Description = The SlingAgentService service failed to start due to the following
error: %%2

Error - 8/15/2010 12:42:29 AM | Computer Name = IBMT42 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the szserver service.

Error - 8/16/2010 4:47:47 PM | Computer Name = IBMT42 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/16/2010 4:47:47 PM | Computer Name = IBMT42 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/16/2010 4:47:47 PM | Computer Name = IBMT42 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/16/2010 4:47:48 PM | Computer Name = IBMT42 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/16/2010 4:47:48 PM | Computer Name = IBMT42 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/17/2010 1:33:45 AM | Computer Name = IBMT42 | Source = Service Control Manager | ID = 7000
Description = The SlingAgentService service failed to start due to the following
error: %%2

Error - 8/17/2010 11:19:39 AM | Computer Name = IBMT42 | Source = Service Control Manager | ID = 7000
Description = The SlingAgentService service failed to start due to the following
error: %%2


< End of report >
dgebala
Active Member
 
Posts: 14
Joined: July 31st, 2010, 4:06 pm

Re: Redirection when I click on search results

Unread postby dgebala » August 17th, 2010, 10:11 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-17 19:09:41
Windows 5.1.2600 Service Pack 3
Running: hnb3gb3i.exe; Driver: C:\DOCUME~1\Dave\LOCALS~1\Temp\uwtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA4A70CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA4A70B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA4A71142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA4A7106C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA4A70764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA4A70C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA4A706A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA4A70708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA4A70D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA4A71210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA4A70D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA4A70EC8]
SSDT szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) ZwTerminateProcess [0xF760C496]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA4A7DB9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA4A7D9C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA4A7DAFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP A4A7AF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP A4A7D9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP A4A7DBA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP A4A795B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP A4A7DAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 00416740 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00416740 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00416730 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 00416730 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00416740 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!CreateDialogIndirectParamA 7E439B28 5 Bytes JMP 00416740 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00416740 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 00416740 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!CreateDialogIndirectParamW 7E43F01F 5 Bytes JMP 00416740 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe[2676] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00416740 C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (STOPzilla Application/iS3, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07ec44b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07ec44b@0007e05ea62a 0x28 0x2E 0x44 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e07ec44b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e07ec44b@0007e05ea62a 0x28 0x2E 0x44 0xC3 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\Shaggy - Angel.mp3 5570560 bytes

---- EOF - GMER 1.0.15 ----
dgebala
Active Member
 
Posts: 14
Joined: July 31st, 2010, 4:06 pm

Re: Redirection when I click on search results

Unread postby deltalima » August 18th, 2010, 3:57 am

Hi dgebala,

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirection when I click on search results

Unread postby dgebala » August 18th, 2010, 11:23 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 157):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75F7000 szkg.sys
0xF7607000 szkgfs.sys
0xF7508000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF74F7000 pci.sys
0xF7627000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7637000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7647000 Shockprf.sys
0xF7657000 VolSnap.sys
0xF74A2000 atapi.sys
0xF7667000 disk.sys
0xF7677000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7877000 fltmgr.sys
0xF7865000 sr.sys
0xF7687000 PxHelp20.sys
0xF7850000 drvmcdb.sys
0xF7839000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF795A000 NDIS.sys
0xF7A35000 Mup.sys
0xF7697000 agp440.sys
0xB9F81000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9673000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB965F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF780F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB963B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7817000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB961C000 \SystemRoot\System32\DRIVERS\e1000325.sys
0xB9F71000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF781F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB9578000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF79BB000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7727000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF772F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB9F61000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA7D0000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB9564000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7737000 \SystemRoot\System32\DRIVERS\nscirda.sys
0xBA7CC000 \SystemRoot\System32\DRIVERS\irenum.sys
0xB9F51000 \SystemRoot\system32\DRIVERS\AtmelTpm.sys
0xBA7C4000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF773F000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xB9522000 \SystemRoot\system32\drivers\smwdm.sys
0xB94FE000 \SystemRoot\system32\drivers\portcls.sys
0xF76D7000 \SystemRoot\system32\drivers\drmk.sys
0xB94DB000 \SystemRoot\system32\drivers\ks.sys
0xB94BF000 \SystemRoot\system32\drivers\aeaudio.sys
0xB948E000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB938F000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB92E9000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7747000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7A85000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF774F000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF7757000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF76E7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA7BC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB92D2000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF75C6000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB92C1000 \SystemRoot\System32\DRIVERS\psched.sys
0xF75B6000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7767000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF776F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB9291000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF75A6000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79BF000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9233000 \SystemRoot\System32\DRIVERS\update.sys
0xF7927000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7596000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7566000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7947000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7787000 \SystemRoot\System32\Drivers\tcusb.sys
0xF79C9000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF79CB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AA9000 \SystemRoot\System32\Drivers\Null.SYS
0xF79CD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7797000 \SystemRoot\system32\drivers\ssrtln.sys
0xF77A7000 \SystemRoot\System32\drivers\vga.sys
0xF79CF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79D1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF779F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7F8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA3FAC000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA3F53000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF7472000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA3F2B000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA3F09000 \SystemRoot\System32\drivers\afd.sys
0xF7462000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF77B7000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF77BF000 \SystemRoot\System32\drivers\Tppwr.sys
0xBA7F4000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF77C7000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF77CF000 \SystemRoot\System32\drivers\Smapint.sys
0xF79D3000 \SystemRoot\System32\Drivers\ShockMgr.SYS
0xA3EBE000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA3E26000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA56E000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF7412000 \SystemRoot\System32\Drivers\Fips.SYS
0xA3E00000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7402000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA3DD9000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB922F000 \SystemRoot\System32\drivers\ANC.SYS
0xF77DF000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA3D71000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79D7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB91E3000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77F7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7ABF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04A000 \SystemRoot\System32\ati2cqag.dll
0xBF084000 \SystemRoot\System32\ati3duag.dll
0xBF2A7000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF792F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF7536000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA251000 \SystemRoot\system32\dla\tfsndres.sys
0xA3C1B000 \SystemRoot\system32\dla\tfsnifs.sys
0xBA221000 \SystemRoot\system32\dla\tfsnopio.sys
0xF799D000 \SystemRoot\system32\dla\tfsnpool.sys
0xA4059000 \SystemRoot\system32\dla\tfsnboio.sys
0xF76C7000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7A83000 \SystemRoot\system32\dla\tfsndrct.sys
0xA3BDA000 \SystemRoot\system32\dla\tfsnudf.sys
0xA3BC1000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA39F3000 \SystemRoot\System32\DRIVERS\irda.sys
0xA3B11000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xA3B05000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA4021000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xA4011000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA3874000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA368F000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xA355E000 \SystemRoot\System32\Drivers\HTTP.sys
0xA390B000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xA34B7000 \SystemRoot\System32\DRIVERS\srv.sys
0xA367B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF79A7000 \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
0xA33DA000 \SystemRoot\system32\drivers\wdmaud.sys
0xA3704000 \SystemRoot\system32\drivers\sysaudio.sys
0xA3D91000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA25C4000 \SystemRoot\system32\DRIVERS\ar5211.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
704 C:\WINDOWS\system32\smss.exe
752 csrss.exe
776 C:\WINDOWS\system32\winlogon.exe
820 C:\WINDOWS\system32\services.exe
832 C:\WINDOWS\system32\lsass.exe
992 C:\Program Files\Common Files\Virtual Token\vtserver.exe
1008 C:\WINDOWS\system32\ibmpmsvc.exe
1052 C:\WINDOWS\system32\ati2evxx.exe
1068 C:\WINDOWS\system32\svchost.exe
1108 C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
1156 svchost.exe
1196 C:\WINDOWS\system32\svchost.exe
1464 svchost.exe
1496 C:\WINDOWS\system32\ati2evxx.exe
1620 svchost.exe
1708 C:\WINDOWS\explorer.exe
1980 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
620 C:\WINDOWS\system32\spoolsv.exe
636 C:\WINDOWS\system32\rundll32.exe
732 svchost.exe
796 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
948 svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1356 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
1372 C:\Program Files\Java\jre6\bin\jqs.exe
1420 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
1484 C:\WINDOWS\system32\QCONSVC.EXE
1568 C:\WINDOWS\system32\java.exe
2012 sqlbrowser.exe
2088 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2172 C:\WINDOWS\system32\svchost.exe
2216 C:\WINDOWS\system32\TpKmpSvc.exe
2300 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2432 wmpnetwk.exe
3368 sqlservr.exe
3412 C:\WINDOWS\system32\acs.exe
3500 alg.exe
2908 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3160 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3316 C:\WINDOWS\system32\TpShocks.exe
172 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
1692 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
3072 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
3088 C:\WINDOWS\system32\dla\tfswctrl.exe
3220 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
3696 C:\IBMTOOLS\utils\ibmprc.exe
176 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
236 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
1916 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
2188 C:\Program Files\iTunes\iTunesHelper.exe
2580 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2428 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
200 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3212 C:\WINDOWS\system32\ctfmon.exe
4016 C:\Program Files\Windows Media Player\wmpnscfg.exe
2636 C:\Program Files\Digital Line Detect\DLG.exe
3172 C:\Program Files\iPod\bin\iPodService.exe
4020 C:\Program Files\Mozilla Firefox\firefox.exe
1288 C:\Program Files\Mozilla Firefox\plugin-container.exe
2416 wmiprvse.exe
196 C:\Documents and Settings\Dave\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS548080M9AT00, Rev: MG4OA5DA

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 98306B1FE68C2AC8C6CCC194382BD9D2890A44E4


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
dgebala
Active Member
 
Posts: 14
Joined: July 31st, 2010, 4:06 pm

Re: Redirection when I click on search results

Unread postby deltalima » August 18th, 2010, 2:26 pm

Hi dgebala,

The infection that you have is stored in the boot section of your hard disk. Failure of this "MBR" to do its job properly would result in a machine that could not boot up at all, so any changes to the MBR have to be done very carefully.

In your case, a replacement of the MBR with a standard one would most likely work, but is not without risk. If the computer comes with a Recovery Partition you will loose the ability to restore the computer from that partition, any future reinstalls would need to be done from original media.

If you understand the risks involved and are prepared to reinstall the operating system if things go wrong we can proceed.

Please let me know what you would like to do.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirection when I click on search results

Unread postby dgebala » August 18th, 2010, 7:27 pm

So does that mean that the rescue and recovery partition that would restore the machine to its original brand new state has been corrupted? That's not an option at this point?
dgebala
Active Member
 
Posts: 14
Joined: July 31st, 2010, 4:06 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware