Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problematic IE Redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problematic IE Redirects

Unread postby Kirellen1972 » June 25th, 2009, 6:34 pm

Hi..Im new here and having a problem with IE redirecting my browser to sites i dont want to go to..Ex..I use Google to search..will go to a Web page..then when i use the back button on my browser..it takes me somewhere else instead of the page i was previously looking at..Here is my HijackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:33 PM, on 6/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Compaq_Owner\My Documents\RCA Detective\RCADetective.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6746503375
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6089 bytes
Kirellen1972
Active Member
 
Posts: 10
Joined: June 25th, 2009, 6:26 pm
Advertisement
Register to Remove

Re: Problematic IE Redirects

Unread postby dan12 » June 26th, 2009, 3:36 am

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Problematic IE Redirects

Unread postby Kirellen1972 » June 26th, 2009, 6:36 pm

Thanks for the reply..Hope This Helps..Im getting an Overclick redirect now and cant access alot of my normal sites..I havnt installed any new programs for a long time though..however my nephew uses this PC sometimes..Im running XP with Administrator rights..One Account Only...Heres my Program list log...

Ad-Aware SE Professional
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
Advanced X Video Converter
Agere Systems PCI Soft Modem
AnyDVD
AOL Uninstaller (Choose which Products to Remove)
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audio Converter
AVI DivX MPEG to DVD Converter & Burner Pro 1.8
Azureus
BitTorrent 4.2.0
BLM 2.6.5
Bytescout XLS Viewer 2.20 (FREEWARE)
CC_ccProxyMSI
CC_ccStart
ccCommon
CDisplay 1.8
CloneDVD2
Compaq Connections
Cool Edit Pro 2.0
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
DC++ (remove only)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Platinum 3.0.2.0
DVD-lab PRO 1.53
DVD-TO-AVI V1.9
File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
FLAC Installer 1.1.2a (remove only)
FLV Player 1.3.3
Forté Agent
GiPo@MoveOnBoot 1.9.5
Google Video Downloader 3.13
GTASA Ultimate Editor 3.5.2
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) Extreme Graphics Driver
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
KBD
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
mkw Audio Compression Toolkit
MSRedist
MSXML 4.0 SP2 (KB927978)
Nero 6 Ultra Edition
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall (Symantec Corporation)
Norton Security Center
Norton WMI Update
oggcodecs 0.69.8924
PC-Doctor for Windows
Power MP3 WMA Converter 2006, (ver 3.42c)
PowerISO
Project64 1.6
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RCA Detective™ 2.0.0.98
RCA easyRip™ 1.4.5.0
RCA easyRip™ 2.0.8.0
Record-Anything v2.95 Trial Edition
RipIt4Me
River Past Video Cleaner Pro
San Andreas Mod Installer
Security Task Manager 1.7
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sentinel System Driver
Smart Audio Converter
Sonic RecordNow!
SST Programming Software
Stream Editor ALPHA 3
SUPER © Version 2006.19 (FIX)
SureThing CD Labeler Deluxe 4
System Requirements Lab
TSUNAMI-MPEG DVD Author PRO
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Ventrilo Client
Viewpoint Media Player
Visual Pinball
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Winmx Community 1
WinRAR archiver
World of Warcraft
Xml Viewer
XviD 1.1 final uninstall
Kirellen1972
Active Member
 
Posts: 10
Joined: June 25th, 2009, 6:26 pm

Re: Problematic IE Redirects

Unread postby dan12 » June 27th, 2009, 2:46 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Azureus, BitTorrent 4.2.0

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).




Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.



: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt


Post: gooredlog.text
malwarebytes report
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Problematic IE Redirects

Unread postby Kirellen1972 » June 27th, 2009, 10:08 am

Uninstalled the recommended Programs..
Goored log...

GooredFix v1.92 by jpshortstuff
Log created at 06:17 on 27/06/2009 running Option #1 (Compaq_Owner)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

mbam log...

Malwarebytes' Anti-Malware 1.38
Database version: 2341
Windows 5.1.2600 Service Pack 2

6/27/2009 8:57:06 AM
mbam-log-2009-06-27 (08-57-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 176734
Time elapsed: 21 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Kirellen1972
Active Member
 
Posts: 10
Joined: June 25th, 2009, 6:26 pm

Re: Problematic IE Redirects

Unread postby dan12 » June 27th, 2009, 7:43 pm

DDS (Doesn't Do Squat)

Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, turn it off please :)
  • Double click DDS.scr to run it and wait for the scan to finish
  • When finished DDS.txt will open
  • A small while later, a prompt will open. Answer Yes
  • DDS will continue scanning
  • When done, Attach.txt will open
  • Post DDS.txt and attach Attach.txt


Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Problematic IE Redirects

Unread postby Kirellen1972 » June 28th, 2009, 9:36 am

DDS txt...

DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 8:29:53.37 on Sun 06/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.680 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\compaq_owner\my documents\rca detective\RCADetective.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 6746503375
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDow ... eqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-9 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-9 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-9 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080116.038\NAVENG.Sys [2008-1-17 82256]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080116.038\NavEx15.Sys [2008-1-17 895312]
RUnknown mvtipmm;mvtipmm; [x]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-9 87712]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2005-11-27 55936]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2005-11-27 19456]

=============== Created Last 30 ================

2009-06-27 06:21 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-06-27 06:21 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 06:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-27 06:21 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-27 06:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-24 17:10 <DIR> --d----- c:\program files\Trend Micro
2009-06-19 18:06 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-07 09:43 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Octoshape

==================== Find3M ====================

2006-12-06 07:13 81,920 a------- c:\docume~1\compaq~1\applic~1\ezpinst.exe
2006-12-06 07:13 47,360 a------- c:\docume~1\compaq~1\applic~1\pcouffin.sys
2005-05-13 18:12 217,073 ac-shr-- c:\windows\meta4.exe
2005-10-24 12:13 66,560 ac-shr-- c:\windows\MOTA113.exe
2005-10-13 22:27 422,400 ac-shr-- c:\windows\x2.64.exe
2005-10-07 20:14 308,224 a--shr-- c:\windows\system32\avisynth.dll
2005-07-14 13:31 27,648 a--shr-- c:\windows\system32\AVSredirect.dll
2005-06-26 16:32 616,448 a--shr-- c:\windows\system32\cygwin1.dll
2005-06-21 23:37 45,568 a--shr-- c:\windows\system32\cygz.dll
2005-12-31 20:56 80 ---shr-- c:\windows\system32\DAFE9F2F8D.dll
2004-01-25 01:00 70,656 a--shr-- c:\windows\system32\i420vfw.dll
2006-04-27 11:24 2,945,024 a--shr-- c:\windows\system32\Smab.dll
2005-02-28 14:16 240,128 a--shr-- c:\windows\system32\x.264.exe
2004-01-25 01:00 70,656 a--shr-- c:\windows\system32\yv12vfw.dll

============= FINISH: 8:31:24.98 ===============
You do not have the required permissions to view the files attached to this post.
Kirellen1972
Active Member
 
Posts: 10
Joined: June 25th, 2009, 6:26 pm

Re: Problematic IE Redirects

Unread postby dan12 » June 28th, 2009, 2:57 pm

Hi, your doing well,

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Problematic IE Redirects

Unread postby Kirellen1972 » June 28th, 2009, 5:56 pm

Your Help is very much appreciated
ComboFix Report...

ComboFix 09-06-26.02 - Compaq_Owner 06/28/2009 16:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.718 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETpfmdliql.sys
c:\windows\system32\SKYNETasftclyi.dll
c:\windows\system32\SKYNETrvbqjwqx.dll
c:\windows\system32\SKYNETtqlvbdwk.dat
c:\windows\system32\SKYNETyiufxkvs.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETtarmycpb


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 11:21 . 2009-06-27 11:21 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-06-27 11:21 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 11:21 . 2009-06-27 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-27 11:21 . 2009-06-27 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 11:21 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-24 22:10 . 2009-06-24 22:10 -------- d-----w- c:\program files\Trend Micro
2009-06-19 23:06 . 2009-06-19 23:06 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-09 22:43 . 2009-06-09 22:43 -------- d--h--r- C:\MSOCache
2009-06-07 14:43 . 2009-06-07 14:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Octoshape

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 21:31 . 2004-08-10 23:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 11:15 . 2006-01-15 00:24 -------- d-----w- c:\program files\Azureus
2009-06-04 22:04 . 2007-01-16 01:17 -------- d-----w- c:\program files\World of Warcraft
2009-05-02 20:49 . 2009-05-02 20:49 -------- d-----w- c:\program files\Bytescout XLS Viewer
2009-05-02 20:46 . 2009-05-02 20:46 1078 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_294823.exe
2009-05-02 20:46 . 2009-05-02 20:46 1078 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_18be6784.exe
2009-05-02 20:46 . 2009-05-02 20:46 -------- d-----w- c:\program files\MindFusion Limited
2005-05-13 23:12 . 2005-05-13 23:12 217073 -csha-r- c:\windows\meta4.exe
2005-10-24 17:13 . 2005-10-24 17:13 66560 -csha-r- c:\windows\MOTA113.exe
2005-10-14 03:27 . 2005-10-14 03:27 422400 -csha-r- c:\windows\x2.64.exe
2005-10-08 01:14 . 2005-10-08 01:14 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 18:31 . 2005-07-14 18:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 21:32 . 2005-06-26 21:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 04:37 . 2005-06-22 04:37 45568 --sha-r- c:\windows\system32\cygz.dll
2006-01-01 01:56 . 2006-01-01 01:54 80 --sh--r- c:\windows\system32\DAFE9F2F8D.dll
2004-01-25 06:00 . 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 16:24 . 2006-04-27 16:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 19:16 . 2005-02-28 19:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 06:00 . 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

------- Sigcheck -------

[7] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[7] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe

[7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2004-08-04 19:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\system32\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\system32\dllcache\user32.dll

[7] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[7] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll

[7] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[7] 2004-08-04 19:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB896688$\wininet.dll
[7] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\ie7\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\SoftwareDistribution\Download\115be7432752f1eec2b0cdd6ef406571\sp2gdr\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\SoftwareDistribution\Download\115be7432752f1eec2b0cdd6ef406571\sp2qfe\wininet.dll
[7] 2006-11-08 03:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\system32\wininet.dll
[7] 2006-11-08 03:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\system32\dllcache\wininet.dll

[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2004-08-04 19:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\system32\dllcache\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[7] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe

[7] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[7] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[7] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2004-08-04 19:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\system32\ntkrnlpa.exe

[7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2004-08-04 19:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\system32\ntoskrnl.exe

[7] 2004-08-04 19:00 1032192 A0732187050030AE399B241436565E64 c:\windows\explorer.exe
[7] 2004-08-04 19:00 1032192 A0732187050030AE399B241436565E64 c:\windows\system32\dllcache\explorer.exe

[7] 2004-08-04 19:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe
[7] 2004-08-04 19:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\dllcache\services.exe

[7] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[7] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe

[7] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[7] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2004-08-04 19:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe

[7] 2007-07-31 01:19 53080 F3E9065EB617A7E3A832A7976BFA021B c:\windows\system32\wuauclt.exe
[7] 2007-07-31 01:19 53080 F3E9065EB617A7E3A832A7976BFA021B c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[7] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe

[7] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[7] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll

[7] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2004-08-04 19:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\system32\kernel32.dll
[7] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[7] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll

[7] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[7] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll

[7] 2004-08-04 19:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 19:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll


[7] 2004-08-04 12:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\dllcache\kbdclass.sys
[7] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
[7] 2004-08-04 12:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 12:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-11-24 95960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\Compaq_Owner\My Documents\RCA Detective\RCADetective.exe [2009-1-13 1069056]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Neverwinter Nights_ Platinum Edition Registration.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Neverwinter Nights_ Platinum Edition Registration.lnk
backup=c:\windows\pss\Neverwinter Nights_ Platinum Edition Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"TapiSrv"=2 (0x2)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Bittorrent
"6881:UDP"= 6881:UDP:Bittorrent2

S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [11/27/2005 11:06 AM 55936]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [11/27/2005 11:06 AM 19456]
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 16:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-28 16:48
ComboFix-quarantined-files.txt 2009-06-28 21:48

Pre-Run: 6,174,695,424 bytes free
Post-Run: 6,244,167,680 bytes free

214

_____________________________________________________________________
New HijackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:06 PM, on 6/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Compaq_Owner\My Documents\RCA Detective\RCADetective.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6746503375
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6400 bytes
Kirellen1972
Active Member
 
Posts: 10
Joined: June 25th, 2009, 6:26 pm

Re: Problematic IE Redirects

Unread postby Kirellen1972 » June 28th, 2009, 6:20 pm

Well..I did some normal browsing on the internet after running the latest fixes..and am happy to say that I,m having no problems whatsoever now...all redirects are gone :)
Will Patiently wait for the final verdict...
Kirellen1972
Active Member
 
Posts: 10
Joined: June 25th, 2009, 6:26 pm

Re: Problematic IE Redirects

Unread postby dan12 » June 29th, 2009, 4:11 am

Pleased things are getting better, we have a little to do yet.
I'm going through your returned reports and will get back to you shortly.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Problematic IE Redirects

Unread postby dan12 » June 29th, 2009, 4:58 am

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
c:\windows\system32\DAFE9F2F8D.dll

Click Submit/Send File
Please post back, to let me know the results.


If Jotti is too busy please try Virustotal




1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
FCopy::
c:\windows\system32\dllcache\wininet.dll | c:\windows\SoftwareDistribution\Download\115be7432752f1eec2b0cdd6ef406571\sp2gdr\wininet.dll
c:\windows\system32\dllcache\wininet.dll | c:\windows\SoftwareDistribution\Download\115be7432752f1eec2b0cdd6ef406571\sp2qfe\wininet.dll



    


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Post the combofix.txt and kaspersky report.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Problematic IE Redirects

Unread postby dan12 » July 1st, 2009, 3:43 pm

Are you still needing help as were not finished just yet!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Problematic IE Redirects

Unread postby Kirellen1972 » July 1st, 2009, 5:09 pm

Sorry I havnt replied sooner..Work has been Keeping me busy..Here are the results.

Jotti Scan...
Filename: DAFE9F2F8D.dll
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Mon 29 Jun 2009 23:35:04 (CET)



ComboFix Log...
ComboFix 09-06-29.02 - Compaq_Owner 06/29/2009 16:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.680 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\wininet.dll --> c:\windows\SoftwareDistribution\Download\115be7432752f1eec2b0cdd6ef406571\sp2gdr\wininet.dll
c:\windows\system32\dllcache\wininet.dll --> c:\windows\SoftwareDistribution\Download\115be7432752f1eec2b0cdd6ef406571\sp2qfe\wininet.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 21:28 . 2009-06-29 21:28 -------- d-----w- c:\program files\MSXML 4.0
2009-06-28 22:12 . 2009-06-29 00:54 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-28 22:09 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-28 22:09 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-28 22:09 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-28 22:09 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-28 22:09 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-28 22:09 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-27 11:21 . 2009-06-27 11:21 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-06-27 11:21 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 11:21 . 2009-06-27 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-27 11:21 . 2009-06-27 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 11:21 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-24 22:10 . 2009-06-24 22:10 -------- d-----w- c:\program files\Trend Micro
2009-06-19 23:06 . 2009-06-19 23:06 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-09 22:43 . 2009-06-09 22:43 -------- d--h--r- C:\MSOCache
2009-06-07 14:43 . 2009-06-07 14:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Octoshape

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 21:30 . 2004-08-10 23:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 11:15 . 2006-01-15 00:24 -------- d-----w- c:\program files\Azureus
2009-06-04 22:04 . 2007-01-16 01:17 -------- d-----w- c:\program files\World of Warcraft
2009-05-07 15:44 . 2004-08-09 04:28 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 20:49 . 2009-05-02 20:49 -------- d-----w- c:\program files\Bytescout XLS Viewer
2009-05-02 20:46 . 2009-05-02 20:46 1078 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_294823.exe
2009-05-02 20:46 . 2009-05-02 20:46 1078 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_18be6784.exe
2009-05-02 20:46 . 2009-05-02 20:46 -------- d-----w- c:\program files\MindFusion Limited
2009-04-29 04:56 . 2004-08-09 04:28 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-09 04:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-09 04:28 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-09 04:28 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2005-05-13 23:12 . 2005-05-13 23:12 217073 -csha-r- c:\windows\meta4.exe
2005-10-24 17:13 . 2005-10-24 17:13 66560 -csha-r- c:\windows\MOTA113.exe
2005-10-14 03:27 . 2005-10-14 03:27 422400 -csha-r- c:\windows\x2.64.exe
2005-10-08 01:14 . 2005-10-08 01:14 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 18:31 . 2005-07-14 18:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 21:32 . 2005-06-26 21:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 04:37 . 2005-06-22 04:37 45568 --sha-r- c:\windows\system32\cygz.dll
2006-01-01 01:56 . 2006-01-01 01:54 80 --sh--r- c:\windows\system32\DAFE9F2F8D.dll
2004-01-25 06:00 . 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 16:24 . 2006-04-27 16:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 19:16 . 2005-02-28 19:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 06:00 . 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-28_21.46.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 21:45 . 2008-09-30 21:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-06-29 21:43 . 2009-06-29 21:43 16384 c:\windows\Temp\Perflib_Perfdata_5f4.dat
+ 2005-05-26 10:16 . 2008-10-16 19:09 43544 c:\windows\system32\wups2.dll
+ 2004-08-09 05:43 . 2008-10-16 19:08 34328 c:\windows\system32\wups.dll
+ 2004-08-09 05:43 . 2008-10-16 19:09 51224 c:\windows\system32\wuauclt.exe
+ 2008-10-22 09:47 . 2008-10-22 09:47 62976 c:\windows\system32\tzchange.exe
+ 2005-11-24 21:30 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-01-13 23:22 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2009-06-28 22:03 . 2008-10-16 19:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-06-28 22:03 . 2008-10-16 19:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2006-11-02 07:23 . 2006-11-20 08:42 33280 c:\windows\system32\snmp.exe
+ 2004-08-09 04:28 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 55808 c:\windows\system32\secur32.dll
+ 2005-11-24 21:10 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2004-08-09 04:28 . 2006-10-17 17:58 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
- 2004-08-09 04:28 . 2009-04-06 20:51 63016 c:\windows\system32\perfc009.dat
+ 2004-08-09 04:28 . 2009-06-29 21:48 63016 c:\windows\system32\perfc009.dat
+ 2004-08-09 05:41 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-09 04:28 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-09 04:28 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2006-11-08 03:03 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-09 05:41 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2004-08-09 05:41 . 2004-08-04 19:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-09 04:28 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
- 2004-08-09 04:28 . 2005-06-29 01:46 74240 c:\windows\system32\mscms.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 09:26 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-09 04:28 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
+ 2004-08-09 04:28 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 17:58 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2004-08-09 05:43 . 2008-10-16 19:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2004-08-09 05:43 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-11-02 07:23 . 2006-11-20 08:42 33280 c:\windows\system32\dllcache\snmp.exe
- 2004-08-09 04:28 . 2004-08-04 19:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-09 04:28 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2005-11-24 21:10 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-09 04:28 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-09 04:28 . 2006-10-17 17:58 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-09 05:41 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2004-08-09 04:28 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-09 04:28 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-04-29 04:55 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-09 05:41 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-09 05:41 . 2004-08-04 19:00 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-09 04:28 . 2005-06-29 01:46 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-09 04:28 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-28 09:05 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-09 04:28 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-09 04:28 . 2006-10-17 18:06 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-09 04:28 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-04-29 04:55 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-09 04:28 . 2008-10-16 19:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-09 04:28 . 2008-10-16 19:09 92696 c:\windows\system32\cdm.dll
+ 2004-07-15 06:34 . 2004-07-15 06:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_PerfCounter.dll
+ 2003-02-21 09:09 . 2003-02-21 09:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_mscorsn.dll
+ 2004-07-15 06:32 . 2004-07-15 06:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_CORPerfMonExt.dll
+ 2007-01-15 21:11 . 2007-01-15 21:11 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-21 09:09 . 2003-02-21 09:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-21 09:09 . 2003-02-21 09:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-15 06:32 . 2004-07-15 06:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 07:49 . 2004-07-15 07:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-06-29 21:28 . 2009-06-29 21:28 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-06-29 21:29 . 2006-10-17 17:58 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 50688 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 27136 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-29 21:29 . 2006-11-07 09:26 13312 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-29 21:29 . 2006-11-07 09:26 43008 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-29 21:29 . 2006-10-17 18:06 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-29 21:29 . 2006-11-07 09:26 54784 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-29 21:29 . 2006-10-17 17:58 61952 c:\windows\ie7updates\KB969897-IE7\icardie.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 10240 c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_3f0cbd73\VJSWfcBrowserStubLib.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 32768 c:\windows\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_e33d8987\vjslibcw.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 69632 c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_1da86e94\VJSharpCodeProvider.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 20480 c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_0fce8aa0\vjscor.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b924cb2b\System.Drawing.Design.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ab089005\CustomMarshalers.dll
- 2005-09-23 13:29 . 2005-09-23 13:29 6144 c:\windows\system32\mui\0409\mscorees.dll
+ 2006-12-22 18:02 . 2006-12-22 18:02 6144 c:\windows\system32\mui\0409\mscorees.dll
+ 2005-05-17 00:25 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
+ 2004-08-09 05:43 . 2008-10-16 19:13 202776 c:\windows\system32\wuweb.dll
+ 2004-08-09 05:43 . 2008-10-16 19:12 323608 c:\windows\system32\wucltui.dll
+ 2004-08-09 05:43 . 2008-10-16 19:12 561688 c:\windows\system32\wuapi.dll
- 2006-10-19 03:47 . 2006-10-19 03:47 295936 c:\windows\system32\wmpeffects.dll
+ 2006-10-19 03:47 . 2008-06-24 23:12 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-09 04:29 . 2008-06-18 10:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-09 04:29 . 2007-10-27 22:40 222720 c:\windows\system32\wmasf.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-09 04:28 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
+ 2004-08-09 05:41 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-09 05:41 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-09 05:41 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
- 2004-08-09 04:28 . 2006-10-17 18:05 105984 c:\windows\system32\url.dll
+ 2004-08-09 04:29 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-09 04:28 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
- 2004-08-09 04:28 . 2004-08-04 19:00 144896 c:\windows\system32\schannel.dll
+ 2004-08-09 04:28 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2004-08-09 04:28 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
- 2004-08-09 04:28 . 2009-04-06 20:51 402406 c:\windows\system32\perfh009.dat
+ 2004-08-09 04:28 . 2009-06-29 21:48 402406 c:\windows\system32\perfh009.dat
+ 2004-08-09 04:28 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
+ 2004-08-09 04:28 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-09 04:28 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2004-08-09 04:28 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 245248 c:\windows\system32\mswsock.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
+ 2004-08-09 04:29 . 2006-12-04 21:21 414720 c:\windows\system32\msscp.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-08 03:03 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-09 05:41 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-09 05:41 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-09 05:41 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2006-12-22 17:28 . 2006-12-22 17:28 271360 c:\windows\system32\mscoree.dll
+ 2004-08-09 04:28 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-09 04:29 . 2008-06-18 06:09 100864 c:\windows\system32\logagent.exe
- 2004-08-09 04:29 . 2006-10-19 02:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-09 04:28 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-09 05:43 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2006-10-17 17:57 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 17:27 . 2009-04-29 04:55 383488 c:\windows\system32\ieapfltr.dll
+ 2005-11-24 21:08 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
- 2005-11-24 21:08 . 2006-11-07 09:25 161792 c:\windows\system32\ieakui.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-09 04:28 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
+ 2004-08-08 22:36 . 2009-06-29 21:43 191384 c:\windows\system32\FNTCACHE.DAT
- 2004-08-08 22:36 . 2007-01-15 00:33 191384 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-09 04:28 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
+ 2004-08-09 04:28 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
- 2004-08-09 04:28 . 2006-10-17 17:57 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-09 04:28 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-09 04:28 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-09 04:28 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2005-11-24 21:10 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-09 04:28 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-09 04:28 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-09 04:28 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2004-08-09 05:43 . 2008-10-16 19:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-09 05:43 . 2008-10-16 19:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-09 05:43 . 2008-10-16 19:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-09 05:41 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-09 04:29 . 2008-06-18 10:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-09 05:41 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2004-08-09 05:41 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-09 04:29 . 2007-10-27 22:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-09 04:28 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-09 05:43 . 2006-11-08 03:03 765952 c:\windows\system32\dllcache\vgx.dll
+ 2004-08-09 05:43 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-09 04:28 . 2006-10-17 18:05 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-09 04:29 . 2007-06-27 03:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-09 04:28 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-09 04:28 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-09 04:29 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-09 04:28 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2004-08-09 04:28 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-09 04:28 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-09 04:28 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-09 04:28 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2005-11-24 21:10 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2004-08-09 04:28 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-09 04:28 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-09 04:28 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2004-08-09 04:28 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-09 04:29 . 2006-12-04 21:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-04-29 04:55 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-09 05:41 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-09 05:41 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-09 05:41 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-09 05:43 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
- 2004-08-09 05:43 . 2004-08-04 19:00 331776 c:\windows\system32\dllcache\msadce.dll
+ 2006-05-05 09:41 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-09 04:28 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-09 04:29 . 2008-06-18 06:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2004-08-09 04:29 . 2006-10-19 02:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-09 04:28 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-09 04:28 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-09 05:43 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-09 05:43 . 2009-04-25 05:27 636088 c:\windows\system32\dllcache\iexplore.exe
+ 2009-04-29 04:55 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-04-29 04:55 . 2009-04-29 04:55 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2005-11-24 21:08 . 2006-11-07 09:25 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2005-11-24 21:08 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-09 04:28 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2004-08-09 05:41 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-09 04:28 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
- 2004-08-09 04:28 . 2006-10-17 17:57 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-09 04:28 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-09 04:28 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2004-08-09 04:28 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-09 04:28 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-09 04:28 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
+ 2004-08-09 04:28 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2004-08-09 04:28 . 2004-08-04 19:00 616960 c:\windows\system32\advapi32.dll
+ 2003-02-21 18:42 . 2003-02-21 18:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_msvcr71.dll
+ 2004-07-15 06:25 . 2004-07-15 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_mscorjit.dll
+ 2004-07-15 06:24 . 2004-07-15 06:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_fusion.dll
+ 2004-07-15 07:49 . 2004-07-15 07:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_aspnet_isapi.dll
- 2004-07-15 06:33 . 2004-07-15 06:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 06:25 . 2004-07-15 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 07:49 . 2004-07-15 07:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-08-09 04:29 . 2007-06-27 03:10 317440 c:\windows\inf\unregmp2.exe
+ 2009-06-29 21:29 . 2006-11-08 03:03 818688 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 231424 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-29 21:29 . 2006-10-17 18:05 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-29 21:29 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-29 21:29 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-29 21:29 . 2006-10-17 18:04 101376 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 670720 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-29 21:29 . 2006-10-17 18:05 192000 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 475648 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 458752 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-29 21:29 . 2006-10-17 18:04 622080 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-29 21:29 . 2006-10-17 17:57 266752 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-29 21:29 . 2006-11-07 09:27 382976 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-29 21:29 . 2006-10-17 17:27 380928 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-29 21:29 . 2006-11-07 09:25 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-29 21:29 . 2006-11-07 09:27 229376 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-29 21:29 . 2006-11-07 09:26 152064 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 131584 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-29 21:29 . 2006-10-17 17:57 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-29 21:29 . 2006-10-17 17:58 346624 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-29 21:29 . 2006-11-07 09:26 123904 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2009-06-29 21:38 . 2006-11-08 03:03 765952 c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2009-06-29 21:38 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2009-06-29 21:38 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2005-01-19 04:26 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-06-28 22:09 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2009-06-29 21:36 . 2009-06-29 21:36 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_664592b4\System.Drawing.dll
+ 2009-06-28 22:08 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2008-09-30 21:42 . 2008-09-30 21:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2004-08-09 05:43 . 2008-10-16 19:13 1809944 c:\windows\system32\wuaueng.dll
+ 2004-08-09 04:29 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-09 04:28 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-09 04:28 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2004-08-09 04:28 . 2009-02-06 17:24 2180480 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 05:59 . 2009-02-06 16:49 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-30 21:43 . 2008-09-30 21:43 1286152 c:\windows\system32\msxml4.dll
+ 2004-08-09 04:28 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 3596288 c:\windows\system32\mshtml.dll
+ 2006-11-08 03:03 . 2009-04-29 04:55 6066176 c:\windows\system32\ieframe.dll
+ 2006-09-06 05:01 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
+ 2004-08-09 05:43 . 2008-10-16 19:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-09 04:29 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-09 04:28 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-09 04:28 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-09 04:28 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-09 04:28 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-09 04:28 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-09 04:28 . 2009-04-29 04:56 3596288 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-29 04:55 . 2009-04-29 04:55 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-07-09 14:25 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 06:28 . 2004-07-15 06:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_mscorwks.dll
+ 2004-07-15 06:26 . 2004-07-15 06:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_mscorsvr.dll
+ 2004-07-15 20:29 . 2004-07-15 20:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2984\_mscorlib.dll
+ 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 1162240 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 3577856 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-29 21:29 . 2006-11-08 03:03 6049280 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-29 21:29 . 2006-09-06 05:01 2451824 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2004-08-09 05:49 . 2006-08-21 20:57 1077321 c:\windows\Help\SBSI\Training\orun32.exe
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-06-29 21:36 . 2009-06-29 21:36 4468736 c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_f4fdb070\vjslib.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3f4063c7\System.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9dcb8cc1\System.Xml.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_1f49b5a2\System.Windows.Forms.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2b5dbf90\System.Design.dll
+ 2009-06-29 21:36 . 2009-06-29 21:36 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b088979\mscorlib.dll
+ 2009-06-29 21:35 . 2009-06-29 21:35 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-06-29 21:35 . 2009-06-29 21:35 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2004-08-09 04:29 . 2008-11-11 23:34 10838016 c:\windows\system32\wmp.dll
+ 2004-08-09 04:29 . 2008-11-11 23:34 10838016 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-11-24 95960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\Compaq_Owner\My Documents\RCA Detective\RCADetective.exe [2009-1-13 1069056]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Neverwinter Nights_ Platinum Edition Registration.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Neverwinter Nights_ Platinum Edition Registration.lnk
backup=c:\windows\pss\Neverwinter Nights_ Platinum Edition Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"TapiSrv"=2 (0x2)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Bittorrent
"6881:UDP"= 6881:UDP:Bittorrent2

S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [11/27/2005 11:06 AM 55936]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [11/27/2005 11:06 AM 19456]
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 16:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3052)
c:\windows\system32\msi.dll
c:\windows\system32\mshtml.dll
.
Completion time: 2009-06-29 17:00
ComboFix-quarantined-files.txt 2009-06-29 21:59
ComboFix2.txt 2009-06-28 21:48

Pre-Run: 4,866,027,520 bytes free
Post-Run: 4,845,645,824 bytes free

470 --- E O F --- 2009-06-29 21:39


Kapersky Scan Results...
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 1, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 01, 2009 13:11:30
Records in database: 2411096
--------------------------------------------------------------------------------

Infected: :
Scan using the following database: extended
Scan archives: no
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 95105
Threat name: 3
Infected objects: 9
Suspicious objects: 0
Infected: : 01:09:14


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETrvbqjwqx.dll.vir Infected: Trojan.Win32.Small.bzc 1
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP724\A0073399.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP724\A0073400.exe Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP724\A0073401.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP724\A0073404.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP724\A0073406.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP724\A0073408.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP724\A0073416.dll Infected: not-a-virus:WebToolbar.Win32.Zango.bd 1
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP779\A0075876.dll Infected: Trojan.Win32.Small.bzc 1

The selected area was scanned.
Kirellen1972
Active Member
 
Posts: 10
Joined: June 25th, 2009, 6:26 pm

Re: Problematic IE Redirects

Unread postby dan12 » July 2nd, 2009, 2:46 pm

Thanks for returned report, hope to be back with you soon as I've been working, hence delay.
Thanks dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 75 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware