Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page Search Engine Results Redirecting to odd sites
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 10-22-2009, 04:26 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 2
OS: Windows XP


Search Engine Results Redirecting to odd sites
When I use search engines (Google, Yahoo, etc.) and click on the links of the results page, 80% of the time it gets redirected to an ad site (ebay, etc.). When I click back and try a few more times, sometimes it goes to the correct site, but it seems to be random. I scanned with norton antivirus and malwarebytes, only to find nothing... please help!

Below is my DDS.txt


DDS (Ver_09-10-13.01) - NTFSx86
Run by Reina Saiki at 18:17:43.82 on Thu 10/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1172 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Reina Saiki\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Reina Saiki\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.0.0.136\IPSBHO.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\reinas~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\reina saiki\application data\dropbox\bin\Dropbox.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\reinas~1\applic~1\mozilla\firefox\profiles\lwaygnsu.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1100000.088\SymDS.sys [2009-10-22 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1100000.088\SymEFA.sys [2009-10-22 169008]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1100000.088\ccHPx86.sys [2009-10-22 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1100000.088\Ironx86.sys [2009-10-22 114736]
R2 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20090829.001\BHDrvx86.sys [2009-10-22 506928]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.0.0.136\ccSvcHst.exe [2009-10-22 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-22 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20090828.002\IDSxpx86.sys [2009-10-22 329080]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-22 105984]
S2 .1256227688;1256227688;c:\program files\1256227688\Reina Saiki1256227688L.exe [2009-9-10 423016]

=============== Created Last 30 ================

2009-10-22 17:09 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-10-22 17:09 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-10-22 17:09 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-10-22 17:09 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-10-22 17:09 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-10-22 17:09 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-10-22 16:45 <DIR> --d----- c:\program files\Trend Micro
2009-10-22 16:11 <DIR> --d----- c:\docume~1\reinas~1\applic~1\Malwarebytes
2009-10-22 16:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 16:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-22 16:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 15:54 <DIR> --d----- c:\program files\1256227688
2009-10-22 15:49 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-22 15:49 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-10-22 15:49 7,443 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-22 15:49 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-22 15:49 <DIR> --d----- c:\program files\Symantec
2009-10-22 15:49 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-10-22 15:49 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-10-22 15:49 <DIR> --d----- c:\program files\Norton AntiVirus
2009-10-22 15:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-10-22 15:48 <DIR> --d----- c:\program files\NortonInstaller
2009-10-22 15:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-10-22 15:47 <DIR> --d----- c:\program files\jZip
2009-10-22 15:36 216,800 a------- c:\windows\system32\drivers\SynTP.sys
2009-10-22 15:36 196,608 a------- c:\windows\system32\SynCtrl.dll
2009-10-22 15:36 163,840 a------- c:\windows\system32\SynCOM.dll
2009-10-22 15:36 147,456 a------- c:\windows\system32\SynTPAPI.dll
2009-10-22 15:36 110,592 a------- c:\windows\system32\SynTPCo4.dll
2009-10-22 15:36 <DIR> --d----- c:\program files\Synaptics
2009-10-22 15:27 <DIR> --d----- c:\docume~1\reinas~1\applic~1\Dropbox
2009-10-22 15:12 172,032 a------- c:\windows\system32\igfxres.dll
2009-10-22 15:08 <DIR> --d----- c:\program files\SigmaTel
2009-10-22 15:07 <DIR> --d----- c:\program files\uTorrent
2009-10-22 15:07 <DIR> --d----- c:\docume~1\reinas~1\applic~1\uTorrent
2009-10-22 15:06 16,128 a------- c:\windows\system32\drivers\APPDRV.SYS
2009-10-22 15:02 <DIR> --d----- c:\program files\Dell
2009-10-22 15:01 22,729 a------- C:\newkey
2009-10-22 15:00 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-10-22 14:59 <DIR> --d----- C:\dell
2009-10-22 14:59 <DIR> --d----- c:\program files\Marvell
2009-10-22 14:34 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-10-22 13:05 32,592 a------- c:\windows\system32\msonpmon.dll
2009-10-22 12:58 <DIR> --d----- c:\windows\SHELLNEW
2009-10-22 12:45 <DIR> --d----- c:\documents and settings\Reina Saiki
2009-10-22 12:39 <DIR> --ds---- c:\windows\system32\Microsoft
2009-10-22 12:09 8,192 a------- c:\windows\REGLOCS.OLD
2009-10-22 12:06 64,694,869 a------- c:\windows\taskman.exe
2009-10-22 12:05 119,808 ac------ c:\windows\system32\dllcache\mtstocom.exe
2009-10-22 12:04 42,496 ac------ c:\windows\system32\dllcache\davcdata.exe
2009-10-22 12:02 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-10-22 12:02 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-10-22 12:02 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-10-22 12:02 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-10-22 12:02 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-10-22 12:02 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-10-22 12:02 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-10-22 12:02 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-10-22 12:02 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-10-22 12:02 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-10-22 12:02 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-10-22 12:01 <DIR> --d----- c:\program files\common files\MSSoap
2009-10-22 11:59 <DIR> --d----- c:\program files\Online Services
2009-10-22 11:59 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-10-22 11:58 <DIR> --d----- c:\program files\Messenger
2009-10-22 11:58 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-10-22 11:58 <DIR> --d----- c:\program files\Windows NT
2009-10-22 07:18 <DIR> --d----- c:\program files\common files\ODBC
2009-10-22 07:18 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-10-22 07:16 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-10-22 13:46 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-10-22 12:00 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-09-28 05:22 364,544 a------- c:\windows\system32\yk51x86.dll
2009-09-28 05:22 298,752 a------- c:\windows\system32\drivers\yk51x86.sys

============= FINISH: 18:19:37.90 ===============


Thank you in advance!
Attached Files
File Type: zip attach.zip (3.5 KB, 1 views)
skylark820 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-24-2009, 10:52 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,776
OS: 2000 Pro; XP Pro; XP Home


Re: Search Engine Results Redirecting to odd sites
Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-27-2009, 11:00 AM   #3 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 2
OS: Windows XP


Re: Search Engine Results Redirecting to odd sites
Thank you, here is the log!


++++++++++++++++++++++++++++++++++++++++++++

ComboFix 09-10-25.02 - Reina Saiki 10/27/2009 12:48.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1670 [GMT -5:00]
Running from: c:\documents and settings\Reina Saiki\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation


((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-26 20:27 . 2009-10-26 20:27 -------- d-----w- c:\documents and settings\Reina Saiki\Local Settings\Application Data\Unity
2009-10-26 16:11 . 2009-10-26 16:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-26 16:11 . 2009-10-26 16:11 -------- d-----w- c:\documents and settings\Reina Saiki\Application Data\skypePM
2009-10-26 16:08 . 2009-10-26 16:13 -------- d-----w- c:\documents and settings\Reina Saiki\Application Data\Skype
2009-10-26 16:01 . 2009-10-26 16:01 -------- d-----w- c:\program files\Common Files\Skype
2009-10-26 16:01 . 2009-10-26 16:05 -------- d-----r- c:\program files\Skype
2009-10-26 16:01 . 2009-10-26 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-24 01:13 . 2009-10-24 01:13 -------- d-----w- c:\windows\system32\LogFiles
2009-10-23 16:25 . 2009-10-23 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-23 14:48 . 2008-09-04 18:17 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-10-23 14:48 . 2009-10-23 14:48 -------- d-----w- c:\program files\Microsoft WSE
2009-10-23 14:44 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-10-23 14:44 . 2009-10-23 14:44 -------- d-----w- c:\windows\Logs
2009-10-23 14:39 . 2009-10-23 14:39 -------- d-----w- c:\program files\Electronic Arts
2009-10-23 14:20 . 2009-10-23 14:20 -------- d-----w- c:\program files\Bonjour
2009-10-23 14:06 . 2009-10-23 14:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-10-23 14:03 . 2009-10-23 14:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-23 14:02 . 2009-10-23 14:02 -------- d-----w- c:\documents and settings\Reina Saiki\Application Data\Palo Alto Software
2009-10-23 14:02 . 2009-10-23 14:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-23 14:01 . 2009-10-23 14:01 -------- d-----w- c:\program files\Common Files\Intuit
2009-10-23 14:01 . 2009-10-23 14:01 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2009-10-23 14:01 . 2009-10-23 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Palo Alto Software
2009-10-23 14:01 . 2009-10-23 14:01 -------- d-----w- c:\program files\Palo Alto Software
2009-10-23 14:00 . 2009-10-23 16:28 -------- d-----w- c:\documents and settings\Reina Saiki\Local Settings\Application Data\Adobe
2009-10-23 14:00 . 2009-10-23 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-23 13:58 . 2009-10-23 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PAS
2009-10-23 05:04 . 2009-10-23 14:00 -------- d-----w- c:\documents and settings\Reina Saiki\Application Data\Move Networks
2009-10-23 02:38 . 2009-10-27 05:53 -------- d-----w- c:\documents and settings\Reina Saiki\Application Data\vlc
2009-10-23 02:37 . 2009-10-23 02:37 -------- d-----w- c:\program files\VideoLAN
2009-10-23 00:09 . 2006-10-09 01:51 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-23 00:09 . 2009-10-23 00:09 -------- d-----w- c:\program files\DellTPad
2009-10-23 00:09 . 2007-12-27 00:02 164400 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2009-10-23 00:09 . 2007-11-02 23:52 100542 ----a-w- c:\windows\system32\Vxdif.dll
2009-10-23 00:09 . 2006-11-02 12:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2009-10-22 21:09 . 2001-08-17 10:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-22 21:09 . 2001-08-17 10:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-22 21:09 . 2008-04-13 21:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-10-22 21:09 . 2008-04-13 21:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-22 21:09 . 2008-04-13 21:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-22 21:09 . 2008-04-13 21:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-22 20:45 . 2009-10-22 20:45 -------- d-----w- c:\program files\Trend Micro
2009-10-22 20:11 . 2009-10-22 20:11 -------- d-----w- c:\documents and settings\Reina Saiki\Application Data\Malwarebytes
2009-10-22 20:10 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 20:10 . 2009-10-22 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 20:10 . 2009-10-22 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 20:10 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 19:54 . 2009-10-22 19:54 -------- d-----w- c:\program files\1256227688
2009-10-22 19:49 . 2009-10-22 19:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-22 19:49 . 2009-10-22 19:49 -------- d-----w- c:\program files\Symantec
2009-10-22 19:49 . 2009-10-22 19:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-22 19:49 . 2009-10-22 19:49 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-22 19:49 . 2009-10-22 19:49 -------- d-----w- c:\windows\system32\drivers\NAV
2009-10-22 19:49 . 2009-10-22 19:49 -------- d-----w- c:\program files\Windows Sidebar
2009-10-22 19:49 . 2009-10-22 19:49 -------- d-----w- c:\program files\Norton AntiVirus
2009-10-22 19:49 . 2009-10-27 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-22 19:48 . 2009-10-22 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-22 19:48 . 2009-10-22 19:48 -------- d-----w- c:\program files\NortonInstaller
2009-10-22 19:48 . 2009-10-22 19:48 -------- d-----w- c:\documents and settings\Reina Saiki\Local Settings\Application Data\jZip
2009-10-22 19:47 . 2009-10-22 19:48 -------- d-----w- c:\program files\jZip
2009-10-22 19:36 . 2009-10-22 19:36 -------- d-----w- c:\program files\Synaptics
2009-10-22 19:36 . 2007-10-26 18:38 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-10-22 19:36 . 2007-10-26 18:09 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-10-22 19:36 . 2007-10-26 18:01 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2009-10-22 19:36 . 2007-10-26 18:01 163840 ----a-w- c:\windows\system32\SynCOM.dll
2009-10-22 19:36 . 2007-10-26 17:57 216800 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-10-22 19:27 . 2009-10-27 17:15 -------- d-----w- c:\documents and settings\Reina Saiki\Application Data\Dropbox
2009-10-22 19:12 . 2007-10-30 19:39 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-22 19:07 . 2009-10-22 19:07 -------- d-----w- c:\program files\uTorrent
2009-10-22 19:07 . 2009-10-27 15:57 -------- d-----w- c:\documents and settings\Reina Saiki\Application Data\uTorrent
2009-10-22 19:06 . 2009-10-23 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 19:06 . 2009-10-22 19:06 0 ----a-w- c:\windows\nsreg.dat
2009-10-22 19:02 . 2007-10-09 23:17 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2009-10-22 19:02 . 2007-10-09 23:17 24064 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2009-10-22 19:02 . 2007-10-09 23:17 1123328 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2009-10-22 19:02 . 2007-10-09 23:17 1921024 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-10-22 19:02 . 2007-10-09 23:17 753664 ----a-w- c:\windows\system32\bcm1xsup.dll
2009-10-22 19:00 . 2008-04-14 02:41 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-10-22 18:59 . 2009-10-22 18:59 -------- d-----w- C:\dell
2009-10-22 18:59 . 2009-10-22 18:59 -------- d-----w- c:\program files\Marvell
2009-10-22 18:34 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-22 17:39 . 2009-10-23 14:17 35360 ----a-w- c:\documents and settings\Reina Saiki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-22 17:05 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-22 17:04 . 2009-10-22 17:04 -------- d-----w- c:\program files\Microsoft Works

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 00:10 . 2009-10-23 00:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-10-23 00:10 . 2009-10-23 00:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-22 19:49 . 2009-10-22 19:49 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-22 19:49 . 2009-10-22 19:49 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-22 19:36 . 2009-10-22 19:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-22 19:08 . 2009-10-22 19:08 -------- d-----w- c:\program files\SigmaTel
2009-10-22 19:06 . 2009-10-22 19:02 -------- d-----w- c:\program files\Dell
2009-10-22 19:01 . 2009-10-22 19:01 -------- d-----w- c:\documents and settings\Reina Saiki\Application Data\InstallShield
2009-10-22 17:05 . 2009-10-22 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-22 16:04 . 2009-10-22 16:04 -------- d-----w- c:\program files\microsoft frontpage
2009-10-22 16:00 . 2009-10-22 16:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-22 15:59 . 2009-10-22 15:59 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-28 09:22 . 2009-09-28 09:22 364544 ----a-w- c:\windows\system32\yk51x86.dll
2009-09-28 09:22 . 2009-09-28 09:22 298752 ----a-w- c:\windows\system32\drivers\yk51x86.sys
.

------- Sigcheck -------

[-] 2008-04-28 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-28 . AF8ED52D2A32C7729C7F91C72B8CCB10 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2008-03-21 . 9A8D604748D9FE73B66021E5782A4A3C . 989696 . . [5.1.2600.5508] . . c:\windows\system32\kernel32.dll

[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\sp3gdr\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\sp3qfe\mshtml.dll
[-] 2008-04-28 . CC429B729FA7B5C39F26A0954D8BA0BB . 3803136 . . [7.00.5730.13] . . c:\windows\system32\mshtml.dll

[-] 2008-03-21 . 1CA39C7E1423FF8821664E0E06FEA55E . 343040 . . [7.0.2600.5508] . . c:\windows\system32\msvcrt.dll

[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-04-26 . 0F733106A818383806060ABC29FE0F3A . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

[-] 2008-03-21 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508] . . c:\windows\system32\user32.dll

[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\sp3gdr\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\sp3qfe\wininet.dll
[-] 2008-04-28 . 88348F8C92C28BA99FE49BD392100CE0 . 920064 . . [7.00.5730.13] . . c:\windows\system32\wininet.dll

[-] 2008-08-18 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-26 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-28 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntkrnlpa.exe
[-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-04-26 . E184A0CF10CADD2B4F5AF0A31E8627D6 . 2185216 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Reina Saiki\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Reina Saiki\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Reina Saiki\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-15 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-28 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-26 123904]

c:\documents and settings\Reina Saiki\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Reina Saiki\Application Data\Dropbox\bin\Dropbox.exe [2009-10-8 26805255]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1100000.088\SymDS.sys [10/22/2009 2:49 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1100000.088\SymEFA.sys [10/22/2009 2:49 PM 169008]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1100000.088\ccHPx86.sys [10/22/2009 2:49 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1100000.088\Ironx86.sys [10/22/2009 2:49 PM 114736]
R2 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090921.001\BHDrvx86.sys [9/21/2009 6:07 PM 507440]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [10/22/2009 2:49 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/22/2009 2:49 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091021.001\IDSXpx86.sys [10/22/2009 10:27 PM 329080]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/22/2009 2:00 PM 105984]
S2 .1256227688;1256227688;c:\program files\1256227688\Reina Saiki1256227688L.exe [9/9/2009 11:44 PM 423016]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Reina Saiki\Application Data\Mozilla\Firefox\Profiles\lwaygnsu.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Reina Saiki\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Reina Saiki\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-UnityWebPlayer - c:\documents and settings\Reina Saiki\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 12:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\documents and settings\Reina Saiki\Application Data\Dropbox\bin\DropboxExt.3.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\bcmwltry.exe
c:\combofix\CF19290.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
c:\windows\system32\wscntfy.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-27 12:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-27 17:56

Pre-Run: 186,210,672,640 bytes free
Post-Run: 186,264,010,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7A24C7E1E0C5C64793D5EC2CCF79BB26
skylark820 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-27-2009, 11:43 AM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,776
OS: 2000 Pro; XP Pro; XP Home


Re: Search Engine Results Redirecting to odd sites
Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following:

    c:\program files\1256227688\Reina Saiki1256227688L.exe

  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 07:09 PM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,776
OS: 2000 Pro; XP Pro; XP Home


Re: Search Engine Results Redirecting to odd sites
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:25 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85