Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My browser upon opening opens a second page i

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My browser upon opening opens a second page i

Unread postby Windhlz » September 17th, 2009, 12:42 am

Hi:
I need some help, When I open my browser, either Firefox or Internet Explorer a second page opens with some kind of offer (e.g. take an i.q. test, or auction help, etc.) I have run AVG virus scan, Windows Defender software but did not find the malware. Below is my log from hijack this. Thank You for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:14 PM, on 9/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\PROGRA~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... 102118.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZP ... b64162.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6786 bytes
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am
Advertisement
Register to Remove

Re: My browser upon opening opens a second page i

Unread postby MWR 3 day Mod » September 20th, 2009, 4:53 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 20th, 2009, 1:12 pm

Hi, Welcome to the Malware Removal forum.
My name is Cypher, and I will be helping you with your malware problems.
Before we begin...please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

    If you follow these guidelines, things should proceed smoothly. :)
    I am currently reviewing your log, and will return as soon as possible with your instructions.



    Please post an Uninstall list.

    1. Open HijackThis.
    2. Click on the Open the Misc Tools section button.
    3. Look under System tools.
    4. Click on the Open Uninstall Manager... button.
    5. Click on the Save list... button.
    6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    7. Notepad will open. Please post this log in your next reply.


In your next reply.

1. Uninstall list
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 21st, 2009, 1:09 am

Thanks so much for your help, here's the log:

ActiveHome(TM)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AVG Free 8.5
Azurewave Wireless LAN
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Eee Instant Key
Eee Storage 1.1.15.197
ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Internet Saving Optimizer
InterVideo WinDVD
MailFrontier Desktop
Media Access Startup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000
Microsoft Works
Mozilla Firefox (3.5.3)
Quicken 2007
Realtek High Definition Audio Driver
Samsung ML-2010 Series
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skype™ 3.6
Super Hybrid Engine
System Search Dispatcher
TuneUp Utilities 2008
UC-232A USB-to-Serial
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Defender
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 21st, 2009, 10:47 am

Hi Windhlz
Thanks so much for your help.

Your welcome :)

RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

In your next reply.


1. RSIT log.txt file contents and info.txt file contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 22nd, 2009, 2:12 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael at 2009-09-22 11:08:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 74 GB (90%) free of 82 GB
Total RAM: 1015 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:41 AM, on 9/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... 102118.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZP ... b64162.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6851 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-12 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll [2009-08-03 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-02 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-09-03 335872]
"ETDWareDetect"=C:\Program Files\Elantech\ETDDect.exe [2008-08-22 204800]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-09-02 106496]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-09-02 593920]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-02 2007832]
"Samsung Common SM"=C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [2005-03-13 360448]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Matador"=C:\PROGRA~1\MAILFR~1\mantispm.exe [2006-01-20 894544]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-02-12 21898024]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-02 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-09-22 11:08:22 ----D---- C:\rsit
2009-09-16 20:55:57 ----D---- C:\Program Files\Trend Micro
2009-09-10 17:24:12 ----D---- C:\Program Files\Windows Defender
2009-09-09 09:44:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 09:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 09:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-03 16:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-19 22:08:26 ----D---- C:\Documents and Settings\Michael\Application Data\GetRightToGo
2009-08-19 21:54:02 ----D---- C:\Program Files\Mozilla Firefox
2009-08-19 20:02:14 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-19 19:54:43 ----HD---- C:\WINDOWS\PIF
2009-08-19 06:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-18 21:53:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-08-12 07:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 07:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 07:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 07:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-12 07:57:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 07:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 07:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 07:56:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-12 07:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-08 20:26:59 ----D---- C:\Documents and Settings\Michael\Application Data\WinRAR
2009-08-08 20:26:48 ----D---- C:\Program Files\WinRAR
2009-08-08 20:22:26 ----D---- C:\Program Files\Media Access Startup
2009-08-08 20:22:10 ----D---- C:\Program Files\Internet Saving Optimizer
2009-08-08 20:21:56 ----D---- C:\Program Files\System Search Dispatcher
2009-08-08 20:21:16 ----D---- C:\Program Files\DoubleD
2009-07-28 21:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938759$
2009-07-28 20:50:00 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-07-28 20:50:00 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-07-28 20:49:57 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-07-28 20:49:55 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-07-28 20:49:37 ----D---- C:\WINDOWS\system32\xlive
2009-07-28 20:49:37 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-07-15 19:35:00 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-14 22:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 22:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 22:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 21:34:45 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-07-14 21:34:44 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-07-14 21:34:43 ----D---- C:\Documents and Settings\Michael\Application Data\TuneUp Software
2009-07-14 21:34:26 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-07-14 21:34:22 ----D---- C:\Program Files\TuneUp Utilities 2008
2009-07-14 21:33:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-29 10:16:27 ----D---- C:\WINDOWS\ie7updates
2009-06-29 10:15:44 ----D---- C:\WINDOWS\WBEM
2009-06-29 10:14:09 ----HDC---- C:\WINDOWS\ie7
2009-06-29 10:13:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-06-29 10:13:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

======List of files/folders modified in the last 3 months======

2009-09-22 11:08:01 ----D---- C:\WINDOWS\Prefetch
2009-09-22 11:03:43 ----D---- C:\WINDOWS\system32
2009-09-22 11:03:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-22 11:03:15 ----D---- C:\WINDOWS\Temp
2009-09-22 11:02:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-22 11:02:34 ----SD---- C:\WINDOWS\Tasks
2009-09-22 10:59:20 ----D---- C:\WINDOWS
2009-09-20 22:10:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-20 22:01:00 ----D---- C:\Program Files\MailFrontier
2009-09-16 20:55:57 ----RD---- C:\Program Files
2009-09-10 20:44:47 ----D---- C:\Documents and Settings
2009-09-10 20:23:41 ----SHD---- C:\WINDOWS\Installer
2009-09-10 20:16:01 ----D---- C:\WINDOWS\system32\Restore
2009-09-10 17:24:14 ----HD---- C:\WINDOWS\inf
2009-09-10 17:24:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-09 09:44:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 09:44:17 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 09:44:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-03 16:36:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-02 22:07:20 ----D---- C:\WINDOWS\system32\drivers
2009-09-02 22:04:56 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-02 22:03:45 ----D---- C:\Documents and Settings\Michael\Application Data\MailFrontier
2009-08-28 14:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-19 22:26:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-19 22:24:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-18 21:53:20 ----D---- C:\WINDOWS\WinSxS
2009-08-13 08:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-12 07:56:59 ----D---- C:\Program Files\Outlook Express
2009-08-11 22:37:24 ----HD---- C:\$AVG8.VAULT$
2009-08-09 22:09:01 ----D---- C:\Program Files\Windows Live
2009-08-08 22:09:51 ----A---- C:\WINDOWS\win.ini
2009-08-05 02:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 19:31:05 ----D---- C:\WINDOWS\system32\en-US
2009-08-01 19:31:05 ----D---- C:\Program Files\Internet Explorer
2009-07-28 20:50:02 ----D---- C:\WINDOWS\system32\DirectX
2009-07-19 06:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 12:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-14 21:33:31 ----D---- C:\Program Files\Common Files
2009-07-14 04:03:14 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-13 22:05:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-30 10:07:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-29 16:22:53 ----D---- C:\WINDOWS\Help
2009-06-29 10:15:50 ----D---- C:\WINDOWS\system32\config
2009-06-29 10:15:36 ----D---- C:\WINDOWS\Media
2009-06-29 09:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\occache.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\mstime.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 09:12:16 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 09:12:16 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 04:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 04:07:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 01:33:39 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-06-26 09:59:36 ----SD---- C:\Documents and Settings\Michael\Application Data\Microsoft
2009-06-26 09:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-02 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-10 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-03 546976]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-08-25 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-13 41984]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-03-28 625024]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 U2SP;USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2002-08-26 23387]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-02 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-02 297752]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-14 355584]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-09-22 11:08:46

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F6DFDC8-7EAA-4B9B-AC3A-AE04F77D81CF}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActiveHome(TM)-->C:\WINDOWS\DEL_AH.EXE C:\PROGRA~1\HOMECO~1\INSTALL.LOG "Uninstall ActiveHome(TM)"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Asus ACPI Driver-->MsiExec.exe /X{19F5658D-92E8-4A08-8657-D38ABB1574B2}
ASUSUpdate for Eee PC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azurewave Wireless LAN-->C:\Program Files\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Eee Instant Key-->C:\Program Files\InstallShield Installation Information\{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}\setup.exe -runfromtemp -l0x0009 -removeonly
Eee Storage 1.1.15.197-->C:\Program Files\Eee Storage\uninst.exe
ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08-->C:\Program Files\Elantech\ETDUninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Internet Saving Optimizer-->"C:\Program Files\Internet Saving Optimizer\3.6.0.4470\unins000.exe"
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
MailFrontier Desktop-->C:\PROGRA~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\MAILFR~1\INSTMLF.LOG
Media Access Startup-->"C:\Program Files\Media Access Startup\1.5.3.850\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2000-->MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Samsung ML-2010 Series-->C:\WINDOWS\Samsung\ML-2010\SETUP.EXE
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Super Hybrid Engine-->C:\Program Files\InstallShield Installation Information\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}\setup.exe -runfromtemp -l0x0009 -removeonly
System Search Dispatcher-->"C:\Program Files\System Search Dispatcher\1.3.3.840\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
UC-232A USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: YOUR-RTKE0BYPF7
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002243572CC6. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4066
Source Name: Dhcp
Time Written: 20090628211756.000000-420
Event Type: warning
User:

Computer Name: YOUR-RTKE0BYPF7
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002243572CC6. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4062
Source Name: Dhcp
Time Written: 20090628164249.000000-420
Event Type: warning
User:

Computer Name: YOUR-RTKE0BYPF7
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002243572CC6. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4058
Source Name: Dhcp
Time Written: 20090628115728.000000-420
Event Type: warning
User:

Computer Name: YOUR-RTKE0BYPF7
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 4047
Source Name: Disk
Time Written: 20090628090837.000000-420
Event Type: warning
User:

Computer Name: YOUR-RTKE0BYPF7
Event Code: 9
Message: The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Record Number: 4046
Source Name: atapi
Time Written: 20090628090837.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-RTKE0BYPF7
Event Code: 0
Message: A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.

Record Number: 109
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090211210401.000000-480
Event Type: warning
User:

Computer Name: YOUR-RTKE0BYPF7
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 107
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090211210359.000000-480
Event Type: warning
User:

Computer Name: YOUR-RTKE0BYPF7
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 89
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090211210221.000000-480
Event Type: warning
User:

Computer Name: YOUR-RTKE0BYPF7
Event Code: 5603
Message: A provider, OffProv, has been registered in the WMI namespace, Root\MSAPPS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 43
Source Name: WinMgmt
Time Written: 20090207223023.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-RTKE0BYPF7
Event Code: 5603
Message: A provider, OffProv, has been registered in the WMI namespace, Root\MSAPPS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 42
Source Name: WinMgmt
Time Written: 20090207223023.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\MailFrontier"
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 23rd, 2009, 11:04 am

Hi Windhlz.
These instructions may seam a bit long, but take your time and you should be fine :thumbup:

Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.

Internet Saving Optimizer
Media Access Startup
System Search Dispatcher


Next.

Disable Windows Defender

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.
  7. Note: Please do not Re-enabling this until i tell you to do so.

Next.

Fix HijackThis entries

Run HijackThis
If you are on the Main Menu page... Click "Do a system scan only"
If you are on the "scan & fix stuff" page... Press the Scan...button.
When the scan finishes...Place a check mark next to the following entries (if they are still present):
*Only check those items listed below *

O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


After checking these items... CLOSE ALL open windows except HijackThis
Click the Fix Checked ...button...to remove the entries you checked.
Choose YES...when prompted to fix the selected items.

Next.

Back Up registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next.

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Reg
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
    {35B8D58C-B0CB-46b0-BA64-05B3804E4E86}"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
    {CDBFB47B-58A8-4111-BF95-06178DCE326D}"=-
    
    :Files
    
    C:\Program Files\Media Access Startup
    C:\Program Files\Internet Saving Optimizer
    C:\Program Files\System Search Dispatcher
    C:\Program Files\DoubleD
    
    :Commands
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next.

    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware and save to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:

      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, then click Remove Selected.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Next.

    Re-run - RSIT (Random's System Information Tool)

    You should still have this program on your desktop.
    1. Double click on RSIT.exe to run it.
    2. Please read the disclaimer... click on Continue.
      RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
    3. Please post ONLY the "log.txt", file contents in your next reply.
      (This log can be lengthy, so a separate post may be needed.)

In your next reply.

1. OTM log.
2. Malwarebytes log.
3. RSIT log.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 23rd, 2009, 6:15 pm

Hi: This file did not exist when I ran Hijack this:
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll

After reboot notepad opened with this log:

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\\\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}" not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\\\{CDBFB47B-58A8-4111-BF95-06178DCE326D}" not found.
========== FILES ==========
File/Folder C:\Program Files\Media Access Startup not found.
File/Folder C:\Program Files\Internet Saving Optimizer not found.
File/Folder C:\Program Files\System Search Dispatcher not found.
C:\Program Files\DoubleD\GamingHarbor Toolbar moved successfully.
C:\Program Files\DoubleD moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.YOUR-RTKE0BYPF7
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3630484 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael
->Temp folder emptied: 4341195 bytes
->Temporary Internet Files folder emptied: 11360162 bytes
->FireFox cache emptied: 71310941 bytes

User: NetworkService
->Temp folder emptied: 6492 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
Windows Temp folder emptied: 14630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 87.60 mb

Error: Unable to interpret <[Reboot]:Reg> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]> in the current context!
Error: Unable to interpret <{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]> in the current context!
Error: Unable to interpret <{CDBFB47B-58A8-4111-BF95-06178DCE326D}"=-> in the current context!
========== FILES ==========
File/Folder C:\Program Files\Media Access Startup not found.
File/Folder C:\Program Files\Internet Saving Optimizer not found.
File/Folder C:\Program Files\System Search Dispatcher not found.
File/Folder C:\Program Files\DoubleD not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.YOUR-RTKE0BYPF7
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32768 bytes

User: Michael
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.03 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09232009_150637

Files moved on Reboot...

Registry entries deleted on Reboot...

I'll post the rest in another entry.
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 24th, 2009, 12:30 am

Here's the RSIT Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael at 2009-09-23 21:05:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 73 GB (90%) free of 82 GB
Total RAM: 1015 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:01 PM, on 9/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\My Documents\Downloads\RSIT(2).exe
C:\PROGRA~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\Michael.exe
C:\PROGRA~1\MAILFR~1\mbuddy.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\GLB57.tmp
C:\PROGRA~1\MAILFR~1\mantispm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... 102118.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZP ... b64162.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6785 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-12 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-02 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-09-03 335872]
"ETDWareDetect"=C:\Program Files\Elantech\ETDDect.exe [2008-08-22 204800]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-09-02 106496]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-09-02 593920]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-02 2007832]
"Samsung Common SM"=C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [2005-03-13 360448]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Matador"=C:\PROGRA~1\MAILFR~1\mantispm.exe [2006-01-20 894544]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-02-12 21898024]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-02 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-09-23 15:19:14 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2009-09-23 15:19:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-23 15:19:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-23 15:06:37 ----D---- C:\_OTM
2009-09-23 15:02:58 ----D---- C:\WINDOWS\ERDNT
2009-09-23 15:01:47 ----D---- C:\Program Files\ERUNT
2009-09-22 11:08:22 ----D---- C:\rsit
2009-09-16 20:55:57 ----D---- C:\Program Files\Trend Micro
2009-09-10 17:24:12 ----D---- C:\Program Files\Windows Defender
2009-09-09 09:44:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 09:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 09:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-03 16:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-19 22:08:26 ----D---- C:\Documents and Settings\Michael\Application Data\GetRightToGo
2009-08-19 21:54:02 ----D---- C:\Program Files\Mozilla Firefox
2009-08-19 20:02:14 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-19 19:54:43 ----HD---- C:\WINDOWS\PIF
2009-08-19 06:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-18 21:53:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-08-12 07:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 07:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 07:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 07:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-12 07:57:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 07:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 07:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 07:56:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-12 07:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-08 20:26:59 ----D---- C:\Documents and Settings\Michael\Application Data\WinRAR
2009-08-08 20:26:48 ----D---- C:\Program Files\WinRAR
2009-07-28 21:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938759$
2009-07-28 20:50:00 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-07-28 20:50:00 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-07-28 20:49:57 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-07-28 20:49:55 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-07-28 20:49:37 ----D---- C:\WINDOWS\system32\xlive
2009-07-28 20:49:37 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-07-15 19:35:00 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-14 22:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 22:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 22:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 21:34:45 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-07-14 21:34:44 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-07-14 21:34:43 ----D---- C:\Documents and Settings\Michael\Application Data\TuneUp Software
2009-07-14 21:34:26 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-07-14 21:34:22 ----D---- C:\Program Files\TuneUp Utilities 2008
2009-07-14 21:33:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-29 10:16:27 ----D---- C:\WINDOWS\ie7updates
2009-06-29 10:15:44 ----D---- C:\WINDOWS\WBEM
2009-06-29 10:14:09 ----HDC---- C:\WINDOWS\ie7
2009-06-29 10:13:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-06-29 10:13:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

======List of files/folders modified in the last 3 months======

2009-09-23 21:06:01 ----D---- C:\WINDOWS\system32
2009-09-23 21:05:39 ----D---- C:\Program Files\MailFrontier
2009-09-23 21:00:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-23 20:57:18 ----D---- C:\WINDOWS
2009-09-23 20:56:56 ----SD---- C:\WINDOWS\Tasks
2009-09-23 15:29:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-23 15:19:06 ----D---- C:\WINDOWS\system32\drivers
2009-09-23 15:19:03 ----RD---- C:\Program Files
2009-09-23 15:11:04 ----D---- C:\WINDOWS\Prefetch
2009-09-23 15:06:54 ----D---- C:\WINDOWS\Temp
2009-09-23 14:40:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-10 20:44:47 ----D---- C:\Documents and Settings
2009-09-10 20:23:41 ----SHD---- C:\WINDOWS\Installer
2009-09-10 20:16:01 ----D---- C:\WINDOWS\system32\Restore
2009-09-10 19:02:54 ----HD---- C:\$AVG8.VAULT$
2009-09-10 17:24:14 ----HD---- C:\WINDOWS\inf
2009-09-10 17:24:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-09 09:44:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 09:44:17 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 09:44:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-03 16:36:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-02 22:04:56 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-02 22:03:45 ----D---- C:\Documents and Settings\Michael\Application Data\MailFrontier
2009-08-28 14:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-19 22:26:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-19 22:24:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-18 21:53:20 ----D---- C:\WINDOWS\WinSxS
2009-08-13 08:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-12 07:56:59 ----D---- C:\Program Files\Outlook Express
2009-08-09 22:09:01 ----D---- C:\Program Files\Windows Live
2009-08-08 22:09:51 ----A---- C:\WINDOWS\win.ini
2009-08-05 02:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 19:31:05 ----D---- C:\WINDOWS\system32\en-US
2009-08-01 19:31:05 ----D---- C:\Program Files\Internet Explorer
2009-07-28 20:50:02 ----D---- C:\WINDOWS\system32\DirectX
2009-07-19 06:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 12:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-14 21:33:31 ----D---- C:\Program Files\Common Files
2009-07-14 04:03:14 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-13 22:05:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-30 10:07:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-29 16:22:53 ----D---- C:\WINDOWS\Help
2009-06-29 10:15:50 ----D---- C:\WINDOWS\system32\config
2009-06-29 10:15:36 ----D---- C:\WINDOWS\Media
2009-06-29 09:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\occache.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\mstime.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 09:12:16 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 09:12:16 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 04:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 04:07:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 01:33:39 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-06-26 09:59:36 ----SD---- C:\Documents and Settings\Michael\Application Data\Microsoft
2009-06-26 09:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-02 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-10 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-03 546976]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-08-25 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-13 41984]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-03-28 625024]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 U2SP;USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2002-08-26 23387]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-02 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-02 297752]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe
I can not find this log or path C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt,
I inserted my username and administrator. I know it ran an removed some infections. Can you help me find it or should I run it again?
Thanks,




[2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-14 355584]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 24th, 2009, 12:37 am

Here's the mbam-log, took me a while to find it. I opened the program and there it was.

Malwarebytes' Anti-Malware 1.41
Database version: 2852
Windows 5.1.2600 Service Pack 3

9/23/2009 3:29:03 PM
mbam-log-2009-09-23 (15-29-02).txt

Scan type: Quick Scan
Objects scanned: 102816
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 69

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Michael\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Media Access Startup\1.5.3.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090910-204541.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Media Access Startup\1.5.3.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-204541.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-202229.431.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-202350.384.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-212923.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-221003.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-221457.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-221504.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090809-134523.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090809-141939.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090809-194918.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090809-202340.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090809-203217.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090809-204250.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090809-220618.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-132359.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-142804.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090811-213339.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090811-222129.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090811-223140.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090815-140741.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090818-210830.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090818-214038.181.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090818-220345.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090818-220706.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090819-194654.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090819-214646.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090819-215437.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090819-220123.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090819-221730.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090819-221950.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090902-220746.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090908-122404.624.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090908-122410.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-171601.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-171604.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-173815.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-183734.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-195051.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-202009.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-202017.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-202844.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-202848.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090910-205555.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090911-134504.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090911-204341.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090913-213653.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090913-215220.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090916-205316.341.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090916-205958.200.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090916-210521.903.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090917-095748.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090918-195122.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090918-195128.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090918-200840.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090918-204852.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090919-094628.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090919-095519.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090919-201523.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090919-203309.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090920-090536.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090920-092621.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090920-220340.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090922-110323.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090923-144222.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Media Access Startup\1.5.3.850\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 24th, 2009, 2:24 pm

Hi Windhlz.

I have few questions.

1. Have you ever had ZoneAlarm or MailFrontier Desktop installed on this PC?
2. Can you tell me if you know what this is?

YOUR-RTKE0BYPF7

3. Is this personal pc?

Please answer these questions in your next reply.



Upload a File to Jotti

Please go to jotti.org

Copy/paste this file and path into the white box at the top:
C:\PROGRA~1\MAILFR~1\mbuddy.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Please repeat the process for this also.

C:\DOCUME~1\Michael\LOCALS~1\Temp\GLB57.tmp


If you have trouble using jotti.

Try Virustotal



Next

Rooter

Please download Rooter.exe... Copyrighted © by... Eric_71. Save it to your desktop.

  • Double-click on Rooter.exe icon on your desktop, to execute.
    If you recieve the "Open File" security warning, press Run. The Rooter interface will appear, with a variety of options displayed.
  • To run the Scan... press the Scan...button.
  • Notepad will open with a file created called "Rooter#.txt" ... located at %systemdrive%\Rooter$\Rooter#.txt. (# is the number assigned to the report)
    The location of the report file is shown in the bottom display window.
  • Press the Close button, to close the Rooter window.
Please copy and paste the contents of Rooter#.txt in you next reply.


Next.

  1. Please download this tool from Microsoft.
  2. Double click on MGADiag.exe to run it.
  3. Click Continue.
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in the window.
Save this file and copy/paste it in your next reply.

In your next reply.

1. Please answer the questions i asked at the start of this post.
2. jotti or virustotal scan results.
3. Rooter.txt log.
4. MGADiag log.
5. Also please let me know how your PC is performing now, and if you still having any problems.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 24th, 2009, 5:29 pm

Jotti logo


Jotti's malware scan
Filename: mbuddy.exe
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Thu 24 Sep 2009 23:08:58 (CET) Permalink

Additional info
File size: 7786568 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 4afb08f2a248b0324ae4b4d1949be795
SHA1: 9ca7d5919fee74a2b2bc55ea579dda21e1618d33
Packer (Drweb): BINARYRES
Packer (Kaspersky): WiseSFXDropper




Scanners
[ArcaVir]
2009-09-24 Found nothing
[G DATA]
2009-09-24 Found nothing
[A-Squared]
2009-09-24 Found nothing
[Ikarus]
2009-09-24 Found nothing
[Avast! antivirus]
2009-09-24 Found nothing
[Kaspersky Anti-Virus]
2009-09-24 Found nothing
[Grisoft AVG Anti-Virus]
2009-09-24 Found nothing
[ESET NOD32]
2009-09-24 Found nothing
[Avira AntiVir]
2009-09-24 Found nothing
[Norman Virus Control]
2009-09-24 Found nothing
[Softwin BitDefender]
2009-09-24 Found nothing
[Panda Antivirus]
2009-09-23 Found nothing
[ClamAV]
2009-09-24 Found nothing
[Quick Heal]
2009-09-24 Found nothing
[CPsecure]
2009-09-24 Found nothing
[Sophos]
2009-09-24 Found nothing
[Dr.Web]
2009-09-24 Found nothing
[VirusBlokAda VBA32]
2009-09-24 Found nothing
I don't have zone alaram
I do have mailfrontier desktop on this computer
It is a personal computer
I don't know anything about this file YOUR-RTKE0BYPF7






[Frisk F-Prot Antivirus]
2009-09-24 Found nothing
[VirusBuster]
2009-09-24 Found nothing
[F-Secure Anti-Virus]
2009-09-24 Found nothing



Scan a file - Hash search - Frequently Asked Questions - Privacy policy

© 2004-2009 Jotti <jotti@jotti.org>

Sponsored by Hotelscraper
Jotti logo


Jotti's malware scan
Filename: GLB57.tmp
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Thu 24 Sep 2009 23:15:45 (CET) Permalink

Additional info
File size: 71680 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 7de480643f739ee6e59df0b069b6e250
SHA1: 303cc32b72ca5368d253ef8e5c22462db56d35f2
Packer (Drweb): BINARYRES




Scanners
[ArcaVir]
2009-09-24 Found nothing
[G DATA]
2009-09-24 Found nothing
[A-Squared]
2009-09-24 Found nothing
[Ikarus]
2009-09-24 Found nothing
[Avast! antivirus]
2009-09-24 Found nothing
[Kaspersky Anti-Virus]
2009-09-24 Found nothing
[Grisoft AVG Anti-Virus]
2009-09-24 Found nothing
[ESET NOD32]
2009-09-24 Found nothing
[Avira AntiVir]
2009-09-24 Found nothing
[Norman Virus Control]
2009-09-24 Found nothing
[Softwin BitDefender]
2009-09-24 Found nothing
[Panda Antivirus]
2009-09-23 Found nothing
[ClamAV]
2009-09-24 Found nothing
[Quick Heal]
2009-09-24 Found nothing
[CPsecure]
2009-09-24 Found nothing
[Sophos]
2009-09-24 Found nothing
[Dr.Web]
2009-09-24 Found nothing
[VirusBlokAda VBA32]
2009-09-24 Found nothing
[Frisk F-Prot Antivirus]
2009-09-24 Found nothing
[VirusBuster]
2009-09-24 Found nothing
[F-Secure Anti-Virus]
2009-09-24 Found nothing



Scan a file - Hash search - Frequently Asked Questions - Privacy policy

© 2004-2009 Jotti <jotti@jotti.org>

Sponsored by Hotelscraper

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 28 Stepping 2, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
.
Internet Explorer 7.0.5730.13
.
C:\ [Fixed-NTFS] .. ( Total:79 Go - Free:71 Go )
D:\ [Fixed-NTFS] .. ( Total:61 Go - Free:61 Go )
.
Scan : 14:21.17
Path : C:\Documents and Settings\Michael\My Documents\Downloads\Rooter.exe
User : Michael ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (644)
______ \??\C:\WINDOWS\system32\csrss.exe (692)
______ \??\C:\WINDOWS\system32\winlogon.exe (716)
______ C:\WINDOWS\system32\services.exe (760)
______ C:\WINDOWS\system32\lsass.exe (772)
______ C:\WINDOWS\system32\svchost.exe (936)
______ C:\WINDOWS\system32\svchost.exe (980)
______ C:\Program Files\Windows Defender\MsMpEng.exe (1020)
______ C:\WINDOWS\System32\svchost.exe (1060)
______ C:\WINDOWS\system32\svchost.exe (1168)
______ C:\WINDOWS\system32\svchost.exe (1208)
______ C:\WINDOWS\system32\spoolsv.exe (1520)
______ C:\WINDOWS\system32\svchost.exe (1592)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1624)
______ C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (1660)
______ C:\WINDOWS\system32\svchost.exe (1712)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (116)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (128)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (140)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (476)
______ C:\WINDOWS\System32\alg.exe (1124)
______ C:\WINDOWS\Explorer.EXE (2440)
______ C:\WINDOWS\system32\igfxtray.exe (2496)
______ C:\WINDOWS\system32\hkcmd.exe (2508)
______ C:\Program Files\Elantech\ETDCtrl.exe (2544)
______ C:\Program Files\Elantech\ETDDect.exe (2552)
______ C:\Program Files\EeePC\ACPI\AsTray.exe (2560)
______ C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (2568)
______ C:\Program Files\EeePC\ACPI\AsEPCMon.exe (2576)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2608)
______ C:\WINDOWS\system32\igfxsrvc.exe (2616)
______ C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (2628)
______ C:\WINDOWS\RTHDCPL.EXE (2688)
______ C:\WINDOWS\system32\igfxext.exe (2700)
______ C:\Program Files\Windows Defender\MSASCui.exe (2724)
______ C:\Program Files\Messenger\msmsgs.exe (2796)
______ C:\WINDOWS\system32\ctfmon.exe (2856)
______ C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (3116)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3392)
______ C:\PROGRA~1\MAILFR~1\mantispm.exe (2772)
______ C:\Documents and Settings\Michael\My Documents\Downloads\Rooter.exe (3724)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:85888341504)
\Device\Harddisk0\Partition2 (Start_Offset:85888373760 | Length:65711761920)
\Device\Harddisk0\Partition3 (Start_Offset:151600135680 | Length:8398010880)
\Device\Harddisk0\Partition4 (Start_Offset:159998146560 | Length:41126400)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\1-Click Maintenance.job
C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 14:21.20
.
C:\Rooter$\Rooter_1.txt - (24/09/2009 | 14:21.20)

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-BFDCC-3BMCY-QGWPD
Windows Product Key Hash: 8dFTlxbCDMH7eCGI/GjBzGT53UI=
Windows Product ID: 76477-OEM-2111907-00109
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {C599A4D8-4C80-42E1-ACBE-B7BA903F2791}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C599A4D8-4C80-42E1-ACBE-B7BA903F2791}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QGWPD</PKey><PID>76477-OEM-2111907-00109</PID><PIDType>2</PIDType><SID>S-1-5-21-3698214179-243319455-3763455874</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>1000H</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1206 </Version><SMBIOSVersion major="2" minor="5"/><Date>20081017000000.000000+000</Date><SLPBIOS>ASUSTeK Pegasus,ASUS_FLASH,ASUS_FLASH</SLPBIOS></BIOS><HWID>80EF08900184C065</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>ASUS</name><model>EeePC</model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A
thanks again it is still loading advertising windows when I open the browser.
HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840:ASUSTeK Computer Inc|151A0:ASUSTeK Computer Inc|168E0:GENUINE C&C INC
Marker string from OEMBIOS.DAT: ASUSTeK Pegasus,ASUS_FLASH,ASUS_FLASH

OEM Activation 2.0 Data-->
N/A

Hi:
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 24th, 2009, 11:06 pm

Hi:
I just noticed that the problem, (hijacking the browser) appears to no longer occur with Internet Explorer, it still occurs with Monzilla Firefox.
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 25th, 2009, 7:17 am

Hi Windhlz.

Please download GooredFix.exe...by jpshortstuff.
Save it to your desktop. Alternate site.
  • Ensure all Firefox windows are closed.
  • Double-click GooredFix.exe to run it.
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log file will open... named "GooredFix.txt".
  • Please copy and paste the contents of the GooredFix.txt file in your next reply.


In your next reply.

1. GooredFix.txt.
2. Also Please let me know if Firefox is running without problems now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 25th, 2009, 11:29 pm

Hi:
I ran GooredFix.exe below is the log. The first time I ran it I had downloaded through firefox so I ran it again through IE. Should I run any others again? Are we getting close to a total reinstall?
Thanks,

GooredFix by jpshortstuff (24.09.09.1)
Log created at 20:23 on 25/09/2009 (Michael)
Firefox version 3.5.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:54 20/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:04 12/02/2009]

---------- Old Logs ----------
GooredFix[03.06.47_26-09-2009].txt

-=E.O.F=-
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 112 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware