Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google search redirects to advertising

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google search redirects to advertising

Unread postby Gizzy » August 12th, 2010, 7:17 pm

Hi skasper,

Please explain why you ran rooter twice.
And I would like to see the first log C:\Rooter$\Rooter.txt
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA
Advertisement
Register to Remove

Re: Google search redirects to advertising

Unread postby skasper » August 12th, 2010, 7:38 pm

not sure why i ran it twice - they were run back to back and look the same.
nothing unusual happened...here is text1


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 3 Stepping 4, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:71 Go - Free:49 Go )
D:\ [CD_Rom]
.
Scan : 21:20.11
Path : C:\Documents and Settings\Kasper\Desktop\Rooter.exe
User : Kasper ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (708)
______ \??\C:\WINDOWS\system32\csrss.exe (772)
______ \??\C:\WINDOWS\system32\winlogon.exe (796)
______ C:\WINDOWS\system32\services.exe (840)
______ C:\WINDOWS\system32\lsass.exe (852)
______ C:\WINDOWS\system32\Ati2evxx.exe (1016)
______ C:\WINDOWS\system32\svchost.exe (1032)
______ C:\WINDOWS\system32\svchost.exe (1116)
______ c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (1156)
______ C:\WINDOWS\System32\svchost.exe (1192)
______ C:\WINDOWS\system32\svchost.exe (1292)
______ C:\WINDOWS\system32\svchost.exe (1468)
______ C:\WINDOWS\system32\spoolsv.exe (1632)
______ C:\WINDOWS\system32\svchost.exe (1712)
______ C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (1788)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1964)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (1984)
______ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (2020)
______ c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (136)
______ C:\WINDOWS\System32\svchost.exe (232)
______ C:\WINDOWS\System32\svchost.exe (408)
______ C:\WINDOWS\system32\svchost.exe (460)
______ C:\WINDOWS\system32\wdfmgr.exe (532)
______ c:\PROGRA~1\mcafee.com\vso\mcshield.exe (360)
______ C:\WINDOWS\System32\alg.exe (2268)
______ C:\WINDOWS\Explorer.EXE (2540)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (2696)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3148)
______ C:\WINDOWS\system32\ctfmon.exe (3164)
______ c:\PROGRA~1\mcafee\msc\mcuimgr.exe (2792)
______ C:\Program Files\Outlook Express\MSIMN.EXE (3840)
______ c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (2068)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (3964)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (3332)
______ C:\Documents and Settings\Kasper\Desktop\Rooter.exe (3056)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:65769984)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:65802240 | Length:76256570880)
\Device\Harddisk0\Partition3 (Start_Offset:76322373120 | Length:3668474880)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DB6BJ771-Kasper).job
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{70C456A6-4701-49CF-BC27-191F9A16848E}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:20.39
.
C:\Rooter$\Rooter_1.txt - (11/08/2010 | 21:20.39)
skasper
Regular Member
 
Posts: 28
Joined: August 4th, 2010, 7:40 pm

Re: Google search redirects to advertising

Unread postby Gizzy » August 13th, 2010, 3:28 pm

Hi skasper,

Using Windows Explorer by right-clicking the Start button and left clicking Explore navigate to:
  • C:\WINDOWS\system32\drivers\etc

And tell me if you can see the file hosts
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google search redirects to advertising

Unread postby skasper » August 13th, 2010, 6:20 pm

yes there is a file hosts

also a file named lmhosts SAM file
skasper
Regular Member
 
Posts: 28
Joined: August 4th, 2010, 7:40 pm

Re: Google search redirects to advertising

Unread postby Gizzy » August 14th, 2010, 5:06 pm

Hi skasper,

Batch file
  1. Click Start > Run
  2. Type notepad into the box and click OK
  3. Copy and Paste everything from the Code box below into Notepad:
    Code: Select all
    @echo off
    attrib -r -h "%systemroot%\system32\drivers\etc\hosts"
    notepad "%systemroot%\system32\drivers\etc\hosts"
    del %0
  4. Click Format and ensure Wordwrap is not checked
  5. Click File > Save As...
  6. Name the file HF_Check.bat
  7. Change Save as type: to All Files and save the file to your desktop
  8. Close Notepad
  9. Double-click HF_Check.bat on your desktop.
  10. Notepad will open, Post the contents in your next reply.
  11. HF_Check.bat will self-delete when completed.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google search redirects to advertising

Unread postby skasper » August 14th, 2010, 5:33 pm

127.0.0.1 localhost
skasper
Regular Member
 
Posts: 28
Joined: August 4th, 2010, 7:40 pm

Re: Google search redirects to advertising

Unread postby Gizzy » August 15th, 2010, 4:58 pm

Download and run OTM
  1. Please download OTM to your Desktop.
  2. Double-click OTM.exe to run it.
  3. Copy the contents of the Code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy).
    Code: Select all
    :Files
    C:\WINDOWS\system32\drivers\etc\hosts
    
    :Commands
    [emptytemp]
  4. Return to OTM, right-click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste
  5. Then click the red MoveIt! button.
  6. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next reply.
  7. If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  8. Close OTM.


HostXpert
  1. Download HostXpert to your desktop
  2. Right click on HostsXpert.zip and select Extract All...
  3. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard
  4. Click on the Browse button. Click on Desktop. Then click OK
  5. Once done, check (tick) the Show extracted files box and click Finish
  6. Once extracted, HostsXpert folder will open
  7. Double click on HostsXpert.exe to launch the program.
  8. When prompted with:
    • HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
  9. Select OK.
  10. Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  11. Click on Restore MS Hosts File to restore your Hosts file to its default condition
  12. When prompted to confirm, click OK.
  13. Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  14. When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  15. Exit the program.


Malwarebytes Anti-Malware:
Download Malwarebytes' Anti-Malware to your desktop.
  1. Double-click mbam-setup.exe and follow the prompts to install the program.
  2. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select Perform quick scan, then click Scan.
  5. When the scan is complete, click OK, then Show Results to view the results.
  6. Check all items except items in the C:\System Volume Information folder, then click on Remove Selected.
  7. When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Run RSIT:
You should still have this program on your desktop.

  1. Double click on RSIT.exe to run RSIT
  2. Click Continue at the disclaimer screen
  3. Once it has finished, only one log will open, log.txt (<<will be maximized)
  4. Copy & paste the contents of the log in your next reply


Do you still have the redirect and blue screen problems? Or any new problems?
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google search redirects to advertising

Unread postby skasper » August 15th, 2010, 7:08 pm

blue screen seems to be gone, google searches return with internet explorer cannot display web page. not seeing advertising.



Logfile of random's system information tool 1.08 (written by random/random)
Run by Kasper at 2010-08-15 17:19:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 50 GB (69%) free of 73 GB
Total RAM: 510 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:20:12 PM, on 8/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Kasper\Desktop\RSIT.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\trend micro\Kasper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 3967 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DB6BJ771-Kasper).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{70C456A6-4701-49CF-BC27-191F9A16848E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"= []
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-19 2403568]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-15 16:59:08 ----D---- C:\Documents and Settings\Kasper\Application Data\Malwarebytes
2010-08-15 16:58:38 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-15 16:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-15 16:58:33 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-15 16:58:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-15 16:39:03 ----D---- C:\_OTM
2010-08-11 21:20:39 ----D---- C:\Rooter$
2010-08-11 03:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-11 03:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-11 03:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-11 03:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-11 03:06:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-11 03:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-11 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-11 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-10 20:54:41 ----ASH---- C:\hiberfil.sys
2010-08-09 21:17:18 ----SD---- C:\ComboFix
2010-08-09 20:48:54 ----D---- C:\Documents and Settings\Kasper\Application Data\SUPERAntiSpyware.com
2010-08-09 18:57:35 ----D---- C:\Program Files\Microsoft Security Essentials
2010-08-09 18:14:47 ----D---- C:\rsit
2010-08-08 21:02:23 ----SHD---- C:\RECYCLER
2010-08-07 21:26:29 ----RASHD---- C:\cmdcons
2010-08-07 21:25:40 ----A---- C:\WINDOWS\zip.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\SWSC.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\SWREG.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\sed.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\PEV.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\MBR.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\grep.exe
2010-08-07 08:59:18 ----D---- C:\RECYCLER(2)
2010-08-06 21:23:55 ----A---- C:\TDSSKiller.2.4.1.0_06.08.2010_21.23.55_log.txt
2010-08-06 19:40:00 ----A---- C:\Boot.bak
2010-08-06 19:37:05 ----D---- C:\WINDOWS\ERDNT
2010-08-06 19:35:28 ----D---- C:\Qoobox
2010-08-05 20:49:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-08-03 18:51:25 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-08-03 11:24:17 ----D---- C:\Program Files\NOS
2010-08-03 11:24:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-08-03 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 23:29:42 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-08-02 18:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-02 18:22:08 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-01 19:41:39 ----RHD---- C:\Documents and Settings\All Users\Application Data\Atheros
2010-08-01 16:05:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-01 15:37:34 ----D---- C:\Program Files\Trend Micro
2010-08-01 13:15:26 ----D---- C:\McAfee.com Personal Firewall
2010-07-17 18:37:24 ----D---- C:\Program Files\Common Files\HP
2010-07-17 18:37:22 ----D---- C:\Program Files\Hewlett-Packard
2010-07-17 18:37:17 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-07-17 18:36:45 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2010-07-17 18:36:26 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2010-07-17 18:34:36 ----A---- C:\WINDOWS\system32\hpowiax7.dll
2010-07-17 18:34:36 ----A---- C:\WINDOWS\system32\hpovst15.dll
2010-07-17 18:34:36 ----A---- C:\WINDOWS\system32\hpotscl6.dll

======List of files/folders modified in the last 1 months======

2010-08-15 17:19:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-15 17:19:38 ----D---- C:\WINDOWS\Temp
2010-08-15 17:15:10 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-08-15 17:14:14 ----D---- C:\WINDOWS\system32\DRIVERS
2010-08-15 17:13:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-15 17:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-08-15 17:11:39 ----RD---- C:\Program Files
2010-08-15 17:11:39 ----D---- C:\WINDOWS\SYSTEM32
2010-08-15 17:11:36 ----D---- C:\WINDOWS\Prefetch
2010-08-15 16:53:25 ----D---- C:\WINDOWS\system32\drivers\ETC
2010-08-15 16:50:08 ----SD---- C:\WINDOWS\Tasks
2010-08-15 16:42:15 ----D---- C:\WINDOWS
2010-08-15 10:52:05 ----D---- C:\WINDOWS\system32\CONFIG
2010-08-15 10:51:44 ----D---- C:\WINDOWS\system32\WBEM
2010-08-15 10:51:43 ----D---- C:\WINDOWS\Registration
2010-08-12 18:39:12 ----D---- C:\Program Files\Savings Bond Wizard
2010-08-11 03:29:57 ----D---- C:\Config.Msi
2010-08-11 03:24:05 ----RSD---- C:\WINDOWS\ASSEMBLY
2010-08-11 03:19:16 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-11 03:13:49 ----HD---- C:\WINDOWS\INF
2010-08-11 03:13:42 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-08-11 03:13:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-11 03:13:33 ----A---- C:\WINDOWS\imsins.BAK
2010-08-11 03:11:42 ----SHD---- C:\WINDOWS\Installer
2010-08-11 03:11:01 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 03:10:26 ----D---- C:\WINDOWS\WinSxS
2010-08-11 03:06:48 ----D---- C:\Program Files\Internet Explorer
2010-08-11 03:06:35 ----D---- C:\WINDOWS\ie8updates
2010-08-11 03:03:19 ----D---- C:\Program Files\Movie Maker
2010-08-11 03:03:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-08-10 14:11:24 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-09 21:10:11 ----D---- C:\WINDOWS\Minidump
2010-08-07 21:34:37 ----A---- C:\WINDOWS\system.ini
2010-08-07 21:29:51 ----D---- C:\WINDOWS\AppPatch
2010-08-07 21:29:44 ----D---- C:\Program Files\Common Files
2010-08-07 21:26:37 ----RASH---- C:\BOOT.INI
2010-08-07 11:39:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-07 11:37:18 ----D---- C:\WINDOWS\system32\DirectX
2010-08-06 19:48:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-06 18:03:26 ----D---- C:\Documents and Settings\Kasper\Application Data\GetRightToGo
2010-08-05 21:12:01 ----D---- C:\Program Files\Enigma Software Group
2010-08-05 18:40:27 ----D---- C:\Program Files\Google
2010-08-03 19:23:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-02 19:32:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-02 18:44:24 ----D---- C:\Program Files\Common Files\McAfee
2010-08-02 18:44:23 ----D---- C:\Program Files\McAfee
2010-08-02 18:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-08-01 20:20:03 ----D---- C:\WINDOWS\SECURITY
2010-08-01 19:37:06 ----D---- C:\temp
2010-08-01 16:07:25 ----D---- C:\Documents and Settings
2010-08-01 15:33:54 ----A---- C:\WINDOWS\wininit.ini
2010-08-01 13:40:28 ----D---- C:\WINDOWS\network diagnostic
2010-08-01 10:40:09 ----SHD---- C:\System Volume Information
2010-08-01 10:40:09 ----D---- C:\WINDOWS\system32\Restore
2010-07-27 01:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-18 19:16:40 ----D---- C:\Program Files\Common Files\Real
2010-07-17 18:37:26 ----D---- C:\WINDOWS\TWAIN_32
2010-07-17 18:36:46 ----D---- C:\WINDOWS\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-12-01 87488]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-08-02 20576]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 RT2500;Linksys Wireless-G PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-10-20 243328]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Kasper\LOCALS~1\Temp\catchme.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2004-08-26 122880]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-03 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kasper at 2010-08-15 17:19:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 50 GB (69%) free of 73 GB
Total RAM: 510 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:20:12 PM, on 8/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Kasper\Desktop\RSIT.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\trend micro\Kasper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 3967 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DB6BJ771-Kasper).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{70C456A6-4701-49CF-BC27-191F9A16848E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"= []
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-19 2403568]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-15 16:59:08 ----D---- C:\Documents and Settings\Kasper\Application Data\Malwarebytes
2010-08-15 16:58:38 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-15 16:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-15 16:58:33 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-15 16:58:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-15 16:39:03 ----D---- C:\_OTM
2010-08-11 21:20:39 ----D---- C:\Rooter$
2010-08-11 03:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-11 03:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-11 03:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-11 03:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-11 03:06:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-11 03:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-11 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-11 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-10 20:54:41 ----ASH---- C:\hiberfil.sys
2010-08-09 21:17:18 ----SD---- C:\ComboFix
2010-08-09 20:48:54 ----D---- C:\Documents and Settings\Kasper\Application Data\SUPERAntiSpyware.com
2010-08-09 18:57:35 ----D---- C:\Program Files\Microsoft Security Essentials
2010-08-09 18:14:47 ----D---- C:\rsit
2010-08-08 21:02:23 ----SHD---- C:\RECYCLER
2010-08-07 21:26:29 ----RASHD---- C:\cmdcons
2010-08-07 21:25:40 ----A---- C:\WINDOWS\zip.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\SWSC.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\SWREG.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\sed.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\PEV.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\MBR.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\grep.exe
2010-08-07 08:59:18 ----D---- C:\RECYCLER(2)
2010-08-06 21:23:55 ----A---- C:\TDSSKiller.2.4.1.0_06.08.2010_21.23.55_log.txt
2010-08-06 19:40:00 ----A---- C:\Boot.bak
2010-08-06 19:37:05 ----D---- C:\WINDOWS\ERDNT
2010-08-06 19:35:28 ----D---- C:\Qoobox
2010-08-05 20:49:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-08-03 18:51:25 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-08-03 11:24:17 ----D---- C:\Program Files\NOS
2010-08-03 11:24:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-08-03 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 23:29:42 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-08-02 18:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-02 18:22:08 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-01 19:41:39 ----RHD---- C:\Documents and Settings\All Users\Application Data\Atheros
2010-08-01 16:05:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-01 15:37:34 ----D---- C:\Program Files\Trend Micro
2010-08-01 13:15:26 ----D---- C:\McAfee.com Personal Firewall
2010-07-17 18:37:24 ----D---- C:\Program Files\Common Files\HP
2010-07-17 18:37:22 ----D---- C:\Program Files\Hewlett-Packard
2010-07-17 18:37:17 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-07-17 18:36:45 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2010-07-17 18:36:26 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2010-07-17 18:34:36 ----A---- C:\WINDOWS\system32\hpowiax7.dll
2010-07-17 18:34:36 ----A---- C:\WINDOWS\system32\hpovst15.dll
2010-07-17 18:34:36 ----A---- C:\WINDOWS\system32\hpotscl6.dll

======List of files/folders modified in the last 1 months======

2010-08-15 17:19:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-15 17:19:38 ----D---- C:\WINDOWS\Temp
2010-08-15 17:15:10 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-08-15 17:14:14 ----D---- C:\WINDOWS\system32\DRIVERS
2010-08-15 17:13:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-15 17:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-08-15 17:11:39 ----RD---- C:\Program Files
2010-08-15 17:11:39 ----D---- C:\WINDOWS\SYSTEM32
2010-08-15 17:11:36 ----D---- C:\WINDOWS\Prefetch
2010-08-15 16:53:25 ----D---- C:\WINDOWS\system32\drivers\ETC
2010-08-15 16:50:08 ----SD---- C:\WINDOWS\Tasks
2010-08-15 16:42:15 ----D---- C:\WINDOWS
2010-08-15 10:52:05 ----D---- C:\WINDOWS\system32\CONFIG
2010-08-15 10:51:44 ----D---- C:\WINDOWS\system32\WBEM
2010-08-15 10:51:43 ----D---- C:\WINDOWS\Registration
2010-08-12 18:39:12 ----D---- C:\Program Files\Savings Bond Wizard
2010-08-11 03:29:57 ----D---- C:\Config.Msi
2010-08-11 03:24:05 ----RSD---- C:\WINDOWS\ASSEMBLY
2010-08-11 03:19:16 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-11 03:13:49 ----HD---- C:\WINDOWS\INF
2010-08-11 03:13:42 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-08-11 03:13:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-11 03:13:33 ----A---- C:\WINDOWS\imsins.BAK
2010-08-11 03:11:42 ----SHD---- C:\WINDOWS\Installer
2010-08-11 03:11:01 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 03:10:26 ----D---- C:\WINDOWS\WinSxS
2010-08-11 03:06:48 ----D---- C:\Program Files\Internet Explorer
2010-08-11 03:06:35 ----D---- C:\WINDOWS\ie8updates
2010-08-11 03:03:19 ----D---- C:\Program Files\Movie Maker
2010-08-11 03:03:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-08-10 14:11:24 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-09 21:10:11 ----D---- C:\WINDOWS\Minidump
2010-08-07 21:34:37 ----A---- C:\WINDOWS\system.ini
2010-08-07 21:29:51 ----D---- C:\WINDOWS\AppPatch
2010-08-07 21:29:44 ----D---- C:\Program Files\Common Files
2010-08-07 21:26:37 ----RASH---- C:\BOOT.INI
2010-08-07 11:39:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-07 11:37:18 ----D---- C:\WINDOWS\system32\DirectX
2010-08-06 19:48:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-06 18:03:26 ----D---- C:\Documents and Settings\Kasper\Application Data\GetRightToGo
2010-08-05 21:12:01 ----D---- C:\Program Files\Enigma Software Group
2010-08-05 18:40:27 ----D---- C:\Program Files\Google
2010-08-03 19:23:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-02 19:32:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-02 18:44:24 ----D---- C:\Program Files\Common Files\McAfee
2010-08-02 18:44:23 ----D---- C:\Program Files\McAfee
2010-08-02 18:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-08-01 20:20:03 ----D---- C:\WINDOWS\SECURITY
2010-08-01 19:37:06 ----D---- C:\temp
2010-08-01 16:07:25 ----D---- C:\Documents and Settings
2010-08-01 15:33:54 ----A---- C:\WINDOWS\wininit.ini
2010-08-01 13:40:28 ----D---- C:\WINDOWS\network diagnostic
2010-08-01 10:40:09 ----SHD---- C:\System Volume Information
2010-08-01 10:40:09 ----D---- C:\WINDOWS\system32\Restore
2010-07-27 01:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-18 19:16:40 ----D---- C:\Program Files\Common Files\Real
2010-07-17 18:37:26 ----D---- C:\WINDOWS\TWAIN_32
2010-07-17 18:36:46 ----D---- C:\WINDOWS\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-12-01 87488]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-08-02 20576]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 RT2500;Linksys Wireless-G PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-10-20 243328]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Kasper\LOCALS~1\Temp\catchme.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2004-08-26 122880]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-03 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4434

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/15/2010 5:11:39 PM
mbam-log-2010-08-15 (17-11-39).txt

Scan type: Quick scan
Objects scanned: 144735
Time elapsed: 9 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\Program Files\sh3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\sh4.dat (Malware.Trace) -> Quarantined and deleted successfully.
skasper
Regular Member
 
Posts: 28
Joined: August 4th, 2010, 7:40 pm

Re: Google search redirects to advertising

Unread postby Gizzy » August 17th, 2010, 5:38 pm

Hi skasper, :)
Sorry for the delay replying.


Reset XP SP3 firewall:
  1. Click Start > Run
  2. Type firewall.cpl into the box and click OK
  3. Click the Advanced tab
  4. Click the Restore Defaults button
  5. Click Yes at the prompt, then click OK


Reset IE8:
  1. Please download this Microsoft FixIt and save it to the desktop.
  2. Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  3. Follow the on-screen prompts.
  4. You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  5. Next time IE8 is launched you will be prompted to reapply settings again, this is normal.

Note: Any add-ons will require to be reapplied after the above reset.


MSE Removal:
Looks like you uninstalled Microsoft Security Essentials but it didn't all get removed, So do the following.
  1. Download MSE to your desktop. (Do not run it.)
  2. Click Start > Run, Type notepad into the box and click OK
  3. Copy and Paste everything from the Code box below into Notepad:
    Code: Select all
    @echo off
    cd "%userprofile%\desktop"
    mssefullinstall-x86fre-en-us-xp.exe /U
    del %0
  4. Click Format and ensure Wordwrap is not checked
  5. Click File > Save As...
  6. Name the file RemoveMSE.bat
  7. Change Save as type: to All Files and save the file to your desktop
  8. Close Notepad
  9. Double-click RemoveMSE.bat on your desktop.
  10. Follow the prompts for removing Microsoft Security Essentials.
  11. RemoveMSE.bat will self-delete when completed.
  12. Right-click mssefullinstall-x86fre-en-us-xp on your desktop and click Delete


Backup the registry with ERUNT:
  1. Please click here to download ERUNT and save it to your desktop.
  2. Click on erunt-setup.exe
  3. Follow the prompts to install ERUNT.
  4. Use the default install settings but say No to the part that asks you to add ERUNT to the Startup folder. You can enable this option later if you want.
  5. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  6. Choose a location for the backup, The default location is C:\WINDOWS\ERDNT which is acceptable.
  7. Make sure that at least the first two check boxes are selected.
  8. Click on OK.
  9. Then click on Yes to create the folder.


Run OTM:
Should still be on your desktop.

  1. Double-click OTM.exe to run it.
  2. Copy the contents of the Code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy).
    Code: Select all
    :Files
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{70C456A6-4701-49CF-BC27-191F9A16848E}.job
    
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
  3. Return to OTM, right-click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste
  4. Then click the red MoveIt! button.
  5. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next reply.
  6. If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  7. Close OTM.


FixPolicies:
Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here
  1. Double-click FixPolicies.exe.
  2. Click the "Install" button on the bottom toolbar of the box that will open.
  3. The program will create a new Folder called FixPolicies.
  4. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  5. A black box should briefly appear and then close.


After completing the above post the following,

An update on how your computer is running now, Any old problems still remaining and/or new problems.
Also please run RSIT again and post a new log.txt.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google search redirects to advertising

Unread postby skasper » August 17th, 2010, 8:09 pm

otm results -

========== FILES ==========
File/Folder C:\WINDOWS\tasks\MP Scheduled Scan.job not found.
C:\WINDOWS\tasks\User_Feed_Synchronization-{70C456A6-4701-49CF-BC27-191F9A16848E}.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck\ deleted successfully.

OTM by OldTimer - Version 3.1.15.0 log created on 08172010_190700
skasper
Regular Member
 
Posts: 28
Joined: August 4th, 2010, 7:40 pm

Re: Google search redirects to advertising

Unread postby skasper » August 17th, 2010, 9:07 pm

a lot better - can do a google search and bring up the website without redirection, however i still occasionally get the message internet explorer cannot display web page when clicking on certain items within the web page.
Example: Wells Fargo Home page - Student Loans_ - Apply Now_ , when i click on Student Loans it works ok, if i click Apply Now i get the error message.

Also my McAfee virus scan program does not work and I am unable to remove it. Would like to replace it a new anti-virus program.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kasper at 2010-08-17 19:47:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 50 GB (69%) free of 73 GB
Total RAM: 510 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:47:23 PM, on 8/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Kasper\Desktop\RSIT.exe
C:\Program Files\trend micro\Kasper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 3505 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DB6BJ771-Kasper).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{70C456A6-4701-49CF-BC27-191F9A16848E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-19 2403568]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-17 19:03:25 ----D---- C:\Program Files\ERUNT
2010-08-15 16:59:08 ----D---- C:\Documents and Settings\Kasper\Application Data\Malwarebytes
2010-08-15 16:58:38 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-15 16:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-15 16:58:33 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-15 16:58:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-15 16:39:03 ----D---- C:\_OTM
2010-08-11 21:20:39 ----D---- C:\Rooter$
2010-08-11 03:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-11 03:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-11 03:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-11 03:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-11 03:06:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-11 03:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-11 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-11 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-10 20:54:41 ----ASH---- C:\hiberfil.sys
2010-08-09 21:17:18 ----SD---- C:\ComboFix
2010-08-09 20:48:54 ----D---- C:\Documents and Settings\Kasper\Application Data\SUPERAntiSpyware.com
2010-08-09 18:14:47 ----D---- C:\rsit
2010-08-08 21:02:23 ----SHD---- C:\RECYCLER
2010-08-07 21:26:29 ----RASHD---- C:\cmdcons
2010-08-07 21:25:40 ----A---- C:\WINDOWS\zip.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\SWSC.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\SWREG.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\sed.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\PEV.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\MBR.exe
2010-08-07 21:25:40 ----A---- C:\WINDOWS\grep.exe
2010-08-07 08:59:18 ----D---- C:\RECYCLER(2)
2010-08-06 21:23:55 ----A---- C:\TDSSKiller.2.4.1.0_06.08.2010_21.23.55_log.txt
2010-08-06 19:40:00 ----A---- C:\Boot.bak
2010-08-06 19:37:05 ----D---- C:\WINDOWS\ERDNT
2010-08-06 19:35:28 ----D---- C:\Qoobox
2010-08-05 20:49:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-08-03 18:51:25 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-08-03 11:24:17 ----D---- C:\Program Files\NOS
2010-08-03 11:24:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-08-03 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 23:29:42 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-08-02 18:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-02 18:22:08 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-01 19:41:39 ----RHD---- C:\Documents and Settings\All Users\Application Data\Atheros
2010-08-01 16:05:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-01 15:37:34 ----D---- C:\Program Files\Trend Micro
2010-08-01 13:15:26 ----D---- C:\McAfee.com Personal Firewall

======List of files/folders modified in the last 1 months======

2010-08-17 19:45:12 ----D---- C:\WINDOWS\Prefetch
2010-08-17 19:16:07 ----D---- C:\WINDOWS\Temp
2010-08-17 19:12:24 ----SD---- C:\WINDOWS\Tasks
2010-08-17 19:03:25 ----RD---- C:\Program Files
2010-08-17 19:01:08 ----SHD---- C:\WINDOWS\Installer
2010-08-17 19:01:03 ----D---- C:\Config.Msi
2010-08-17 19:01:01 ----D---- C:\WINDOWS\system32\DRIVERS
2010-08-17 09:55:39 ----D---- C:\WINDOWS\SYSTEM32
2010-08-16 22:16:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-16 21:43:50 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-08-16 21:43:44 ----D---- C:\Program Files\Internet Explorer
2010-08-15 21:23:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-15 21:21:35 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-08-15 17:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-08-15 16:53:25 ----D---- C:\WINDOWS\system32\drivers\ETC
2010-08-15 16:42:15 ----D---- C:\WINDOWS
2010-08-15 10:52:05 ----D---- C:\WINDOWS\system32\CONFIG
2010-08-15 10:51:44 ----D---- C:\WINDOWS\system32\WBEM
2010-08-15 10:51:43 ----D---- C:\WINDOWS\Registration
2010-08-12 18:39:12 ----D---- C:\Program Files\Savings Bond Wizard
2010-08-11 03:24:05 ----RSD---- C:\WINDOWS\ASSEMBLY
2010-08-11 03:19:16 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-11 03:13:49 ----HD---- C:\WINDOWS\INF
2010-08-11 03:13:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-11 03:13:33 ----A---- C:\WINDOWS\imsins.BAK
2010-08-11 03:11:01 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 03:10:26 ----D---- C:\WINDOWS\WinSxS
2010-08-11 03:06:35 ----D---- C:\WINDOWS\ie8updates
2010-08-11 03:03:19 ----D---- C:\Program Files\Movie Maker
2010-08-11 03:03:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-08-10 14:11:24 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-09 21:10:11 ----D---- C:\WINDOWS\Minidump
2010-08-07 21:34:37 ----A---- C:\WINDOWS\system.ini
2010-08-07 21:29:51 ----D---- C:\WINDOWS\AppPatch
2010-08-07 21:29:44 ----D---- C:\Program Files\Common Files
2010-08-07 21:26:37 ----RASH---- C:\BOOT.INI
2010-08-07 11:39:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-07 11:37:18 ----D---- C:\WINDOWS\system32\DirectX
2010-08-06 19:48:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-06 18:03:26 ----D---- C:\Documents and Settings\Kasper\Application Data\GetRightToGo
2010-08-05 21:12:01 ----D---- C:\Program Files\Enigma Software Group
2010-08-05 18:40:27 ----D---- C:\Program Files\Google
2010-08-03 19:23:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-02 19:32:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-02 18:44:24 ----D---- C:\Program Files\Common Files\McAfee
2010-08-02 18:44:23 ----D---- C:\Program Files\McAfee
2010-08-02 18:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-08-01 20:20:03 ----D---- C:\WINDOWS\SECURITY
2010-08-01 19:37:06 ----D---- C:\temp
2010-08-01 16:07:25 ----D---- C:\Documents and Settings
2010-08-01 15:33:54 ----A---- C:\WINDOWS\wininit.ini
2010-08-01 13:40:28 ----D---- C:\WINDOWS\network diagnostic
2010-08-01 10:40:09 ----SHD---- C:\System Volume Information
2010-08-01 10:40:09 ----D---- C:\WINDOWS\system32\Restore
2010-07-27 01:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-18 19:16:40 ----D---- C:\Program Files\Common Files\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-12-01 87488]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-08-02 20576]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 RT2500;Linksys Wireless-G PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-10-20 243328]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Kasper\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2004-08-26 122880]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-03 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
skasper
Regular Member
 
Posts: 28
Joined: August 4th, 2010, 7:40 pm

Re: Google search redirects to advertising

Unread postby skasper » August 17th, 2010, 9:14 pm

one more thing- super anti-spyware free addition unable to remove this program, would like to get rid of it, thanks.
skasper
Regular Member
 
Posts: 28
Joined: August 4th, 2010, 7:40 pm

Re: Google search redirects to advertising

Unread postby Gizzy » August 18th, 2010, 4:59 pm

Hi skasper, :)

When we're finished making sure your computer is clean I'll give instructions to remove mcafee.

Remove SuperAntiSpyware
  1. Download SUPERAntiSpyware Uninstaller Assistant
  2. If SUPERAntiSpyware is running exit it by right-clicking the SUPERAntiSpyware system tray icon (the orange/brown bug running near your clock) and select Exit from the menu.
  3. Double-click the SASUNINST file you just downloaded to run the SUPERAntiSpyware Uninstaller Assistant
  4. Follow the instructions given by the Uninstaller Assistant.
  5. When completed right-click SASUNINST on your desktop and click Delete.


ATF Cleaner
  1. Please download ATF Cleaner to your desktop.
  2. Double-click ATF-Cleaner.exe to run the program.
  3. Under Main choose: Select All
  4. Click the Empty Selected button.
  5. Click the Exit button on the Main menu to close the program.


Kaspersky Online Scan
Do an online scan with Kaspersky Online Scanner
  1. Read through the requirements and privacy statement and click on the Accept button
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  3. When the downloads have finished, click on Settings
  4. Make sure the following boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  5. Click on My Computer under Scan
  6. Once the scan is complete, it will display the results. Click on View Scan Report
  7. You will see a list of infected items there. Click on Save Report As...
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  9. Please post this log in your next reply
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google search redirects to advertising

Unread postby skasper » August 20th, 2010, 9:14 pm

tried running online kaspersky got to the end of the scan and it would not finish (99%) waited for 2 hours. would not display scan report. tried 3 different times. I'll wait for your reply
skasper
Regular Member
 
Posts: 28
Joined: August 4th, 2010, 7:40 pm

Re: Google search redirects to advertising

Unread postby Gizzy » August 21st, 2010, 7:30 am

Hi skasper, :)

Try Eset instead.

ESET Online Scanner:
Note: You can use Internet Explorer for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  1. Please go here then click on: Image
  2. Select the option YES, I accept the Terms of Use then click on: Image
  3. When prompted allow the Active X to install.
  4. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  5. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  6. Now click on: Image
  7. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  8. When completed the Online Scan will begin automatically, Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  9. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  10. Now click on: Image
  11. Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  12. Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware