Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 



Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Browser being redirected
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.


Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]
 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 05-08-2009, 07:15 PM   #1 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Browser being redirected
Greetings!

For the past month or so, my internet search results have been being redirected to random sites. I use Firefox and Google, but I've used IE, as well as different search engines, and the problem occurs with all of them.

I'll go to my internet search engine, type in my query, hit enter and view my results...all of that works fine. But, when I click on one of the links, THAT'S when I'm redirected to a random site. If I copy/paste the link or enter it manually, I'm sent to the corresponding, appropriate site.

I've scanned with McAfee, Spybot, Adaware, and Microsoft's MSRT, and all have given me a clean bill of health.

Thank you in advance for your assistance. Hope you all have a pleasant weekend.

Contents of DDS.txt follows:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Roger at 0:51:23.65 on Thu 05/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1406 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
D:\My Documents\My Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.live.com/default.aspx?mkt=en-us&wa=wsignin1.0
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {C333CF63-767F-4831-94AC-E683D962C63C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {DF159BE7-E9BF-4252-88DA-33CCA235B48C} - No File
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LClock] c:\program files\lclock\lclock.exe
uRun: [Core Temp] "c:\program files\core temp\Core Temp.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [MBM 5] "c:\program files\motherboard monitor 5\MBM5.EXE"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Flashget] c:\program files\flashget\flashget.exe /min
StartupFolder: c:\docume~1\roger\startm~1\programs\startup\stardock objectdock.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\roger\applic~1\mozilla\firefox\profiles\zk3z60m3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\roger\application data\mozilla\firefox\profiles\zk3z60m3.default\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\skyhook wireless\loki browser plugin\nploki.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-4 64160]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2008-11-8 12288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-5 214024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-8-5 394952]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-3-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-8-5 144704]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 ALSysIO;ALSysIO;\??\d:\temp\alsysio.sys --> d:\temp\ALSysIO.sys [?]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-4 36864]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-5 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-5 35272]
S2 0142001239197718mcinstcleanup;McAfee Application Installer Cleanup (0142001239197718);d:\temp\0142001239197718mcinst.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> d:\temp\0142001239197718mcinst.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 CachemanXPService;CachemanXP;c:\progra~1\cachem~1\CachemanXP.exe [2007-8-11 245248]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-5 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-5 40552]
S3 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2005-5-12 241731]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [2007-5-1 132232]
S3 samhid910;samhid910;c:\windows\system32\drivers\samhidb.sys [2008-11-13 22391]
S3 Sk9910uf;USB Keyboard Filter Driver;c:\windows\system32\drivers\sk9910uf.sys --> c:\windows\system32\drivers\Sk9910uf.sys [?]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\drivers\tiacxubt.sys --> c:\windows\system32\drivers\tiacxubt.sys [?]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\drivers\tiacxusb.sys --> c:\windows\system32\drivers\tiacxusb.sys [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-8-5 606736]

=============== Created Last 30 ================

2009-05-06 00:08 <DIR> --d----- c:\program files\Skyhook Wireless
2009-05-05 23:05 <DIR> --d----- c:\program files\Resource Hacker
2009-05-04 21:27 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-04 19:55 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-04 19:52 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-04 19:52 <DIR> --d----- c:\program files\Lavasoft
2009-04-28 16:03 <DIR> --d----- c:\program files\GPMC
2009-04-27 22:48 161,792 a------- c:\windows\SWREG.exe
2009-04-27 22:48 98,816 a------- c:\windows\sed.exe
2009-04-27 10:22 262,144 a------- c:\windows\system32\default_user_class.dat
2009-04-24 03:42 <DIR> --dsh--- C:\Diskeeper
2009-04-24 03:38 <DIR> --d----- c:\program files\Diskeeper Corporation
2009-04-22 18:42 <DIR> --d----- c:\program files\FolderSize
2009-04-15 16:13 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:13 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:13 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 16:13 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:13 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:13 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:13 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 16:13 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:13 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:11 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 16:11 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 16:11 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 00:33 <DIR> --d----- c:\program files\Hijack This
2009-04-09 08:30 <DIR> --d----- c:\program files\XML Notepad 2007
2009-04-08 13:51 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-08 13:48 <DIR> --d----- c:\windows\system32\Adobe
2009-04-07 19:22 <DIR> --d----- c:\program files\Batch Rename

==================== Find3M ====================

2009-04-18 21:15 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2008-11-17 14:08 62,792 a------- c:\docume~1\roger\applic~1\GDIPFONTCACHEV1.DAT
2006-06-23 23:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
2003-07-31 02:53 147,456 a------- c:\windows\inf\EL2K_XP.sys
2003-07-31 02:50 448,768 a------- c:\windows\inf\EL2K_N64.sys
2003-07-31 02:43 147,456 a------- c:\windows\inf\EL2K_2K.sys
2008-11-15 13:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111520081116\index.dat

============= FINISH: 0:51:45.23 ===============
Attached Files
File Type: zip Attach.zip (4.5 KB, 5 views)
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 05-08-2009, 07:30 PM   #2 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
I almost forgot something: Since I don't use System Restore,(I use ERUNT instead) I had turned it off and disabled the service. Yesterday (or possibly the day before) I noticed that the System Restore service had been re-enabled and turned on. I turned it back off and disabled it again.
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-08-2009, 11:43 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 28,066
OS: WinXP Home, Vista, Windows 7 64bit


Re: Browser being redirected
Hello roger97338,

That would be because you ran ComboFix. Post the C:\ComboFix.txt
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-09-2009, 03:05 AM   #4 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
Hello Ried,

Thank you for your prompt response. I'm sorry I didn't mention running ComboFix in my original post. Truth is, I forgot that I had ran it. That being said, I know I've ran other programs attempting to fix this problem myself, and their names escape me, too.

There was no longer any log from ComboFix left on my computer, so I ran it again for you.

Contents of ComboFix.txt follows:

ComboFix 09-05-08.03 - Roger 05/09/2009 0:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1440 [GMT -7:00]
Running from: d:\my documents\My Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.

2009-05-07 08:49 . 2009-05-07 09:06 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-07 08:29 . 2009-05-07 08:29 -------- d-----w C:\VundoFix Backups
2009-05-06 07:08 . 2009-05-07 08:38 -------- d-----w c:\program files\Skyhook Wireless
2009-05-06 06:05 . 2009-05-06 06:15 -------- d-----w c:\program files\Resource Hacker
2009-05-05 04:27 . 2009-05-05 02:55 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-05 02:55 . 2009-05-05 02:55 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-05 02:52 . 2009-05-05 02:52 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-05 02:52 . 2009-05-05 02:52 -------- d-----w c:\program files\Lavasoft
2009-05-05 02:52 . 2009-05-05 02:55 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-29 15:28 . 2009-04-29 15:28 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-28 23:03 . 2009-05-05 21:24 -------- d-----w c:\program files\GPMC
2009-04-27 17:22 . 2009-04-27 17:22 262144 ----a-w c:\windows\system32\default_user_class.dat
2009-04-24 10:42 . 2009-04-24 10:42 -------- d-sh--w C:\Diskeeper
2009-04-24 10:38 . 2009-04-24 10:38 -------- d-----w c:\program files\Diskeeper Corporation
2009-04-23 01:42 . 2009-04-23 01:42 -------- d-----w c:\program files\FolderSize
2009-04-19 15:34 . 2009-04-19 15:34 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-19 14:04 . 2009-04-19 14:04 -------- d-----w c:\documents and settings\Roger\Application Data\Leadertech
2009-04-19 04:28 . 2009-04-19 04:28 -------- d-----w c:\documents and settings\Roger\Local Settings\Application Data\Downloaded Installations
2009-04-15 23:13 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:13 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:13 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 23:13 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:13 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:13 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 23:13 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 23:13 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:13 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 23:11 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 23:11 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 07:33 . 2009-05-05 21:49 -------- d-----w c:\program files\Hijack This
2009-04-09 15:30 . 2009-04-09 15:30 -------- d-----w c:\program files\XML Notepad 2007

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 07:10 . 2007-08-06 08:49 -------- d-----w c:\program files\Zoom Player
2009-05-07 16:23 . 2007-08-06 05:29 -------- d-----w c:\program files\FlashGet
2009-05-07 13:47 . 2007-08-18 04:57 8 ----a-w c:\windows\system32\nvModes.dat
2009-05-07 00:42 . 2009-05-07 04:18 2142720 ----a-w c:\windows\Internet Logs\xDB128.tmp
2009-05-07 00:42 . 2009-05-07 04:18 8408576 ----a-w c:\windows\Internet Logs\xDB12A.tmp
2009-05-05 21:55 . 2007-09-13 04:05 -------- d-----w c:\program files\Java
2009-05-05 20:42 . 2008-12-10 10:53 -------- d-----w c:\program files\Core Temp
2009-05-05 18:52 . 2007-08-20 03:58 -------- d-----w c:\program files\StarWarsGalaxies
2009-05-05 16:41 . 2008-12-10 11:25 -------- d-----w c:\program files\SpeedFan
2009-05-05 05:10 . 2009-05-05 07:11 8385024 ----a-w c:\windows\Internet Logs\xDB129.tmp
2009-05-05 05:09 . 2009-05-05 07:11 1441792 ----a-w c:\windows\Internet Logs\xDB127.tmp
2009-04-29 12:05 . 2009-04-29 12:05 16276451 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_29_04_58_26_full.dmp.zip
2009-04-29 12:05 . 2009-04-29 12:05 51674 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_29_04_58_22_small.dmp.zip
2009-04-29 11:58 . 2009-03-06 05:12 -------- d-----w c:\program files\JDownloader
2009-04-28 17:31 . 2009-04-28 17:32 8351744 ----a-w c:\windows\Internet Logs\xDB125.tmp
2009-04-28 06:37 . 2009-04-28 06:37 58829 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_27_22_49_53_small.dmp.zip
2009-04-28 06:21 . 2007-08-19 21:53 36022299 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-25 22:32 . 2009-03-13 06:01 -------- d-----w c:\program files\Microsoft
2009-04-24 21:35 . 2009-04-25 00:20 8275456 ----a-w c:\windows\Internet Logs\xDB126.tmp
2009-04-24 21:35 . 2009-04-25 00:20 425472 ----a-w c:\windows\Internet Logs\xDB124.tmp
2009-04-24 07:13 . 2007-10-07 16:51 -------- d-----w c:\program files\SHOUTcast Source
2009-04-24 07:11 . 2007-10-07 16:52 -------- d-----w c:\program files\CD Audio Reader Filter
2009-04-24 07:11 . 2008-07-12 12:25 -------- d-----w c:\program files\DSP-worx
2009-04-24 05:23 . 2009-04-24 05:23 67808 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_23_22_14_35_small.dmp.zip
2009-04-24 05:23 . 2009-04-24 05:23 67277 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_23_22_14_33_small.dmp.zip
2009-04-24 05:23 . 2009-04-24 05:23 52890 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_23_22_14_28_small.dmp.zip
2009-04-23 17:43 . 2007-08-06 07:58 -------- d-----w c:\program files\Common Files\Stardock
2009-04-23 15:49 . 2008-12-03 17:11 -------- d-----w c:\program files\EVGA Precision
2009-04-23 00:37 . 2009-04-23 00:40 178176 ----a-w c:\windows\Internet Logs\xDB123.tmp
2009-04-23 00:28 . 2009-04-23 00:28 62792 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_22_17_28_16_small.dmp.zip
2009-04-23 00:28 . 2009-04-23 00:28 49829 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_22_17_28_14_small.dmp.zip
2009-04-19 04:15 . 2007-08-06 05:08 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-04-18 23:27 . 2009-04-18 23:29 8158720 ----a-w c:\windows\Internet Logs\xDB122.tmp
2009-04-18 23:27 . 2009-04-18 23:29 1800704 ----a-w c:\windows\Internet Logs\xDB121.tmp
2009-04-17 04:12 . 2007-08-06 05:09 -------- d-----w c:\program files\McAfee
2009-04-12 02:10 . 2009-04-12 03:09 8099328 ----a-w c:\windows\Internet Logs\xDB120.tmp
2009-04-12 02:10 . 2009-04-12 03:09 142848 ----a-w c:\windows\Internet Logs\xDB11E.tmp
2009-04-10 21:42 . 2009-04-11 03:16 8097280 ----a-w c:\windows\Internet Logs\xDB11F.tmp
2009-04-10 21:42 . 2009-04-11 03:16 459776 ----a-w c:\windows\Internet Logs\xDB11D.tmp
2009-04-08 17:26 . 2007-08-07 06:28 -------- d-----w c:\program files\Windows Live
2009-04-08 17:25 . 2009-04-08 17:25 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-08 02:32 . 2009-04-08 02:22 -------- d-----w c:\program files\Batch Rename
2009-04-07 12:09 . 2009-04-07 18:43 414720 ----a-w c:\windows\Internet Logs\xDB11A.tmp
2009-04-04 15:16 . 2009-04-04 15:38 487424 ----a-w c:\windows\Internet Logs\xDB119.tmp
2009-04-04 15:16 . 2009-04-04 15:38 7972864 ----a-w c:\windows\Internet Logs\xDB11B.tmp
2009-04-02 11:15 . 2009-04-02 11:07 -------- d-----w c:\program files\Diablo II
2009-04-02 11:08 . 2009-04-02 11:07 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-01 15:43 . 2009-04-01 15:58 1772544 ----a-w c:\windows\Internet Logs\xDB118.tmp
2009-03-26 14:26 . 2007-08-06 08:36 -------- d-----w c:\program files\IrfanView
2009-03-26 11:00 . 2009-03-26 11:01 2238976 ----a-w c:\windows\Internet Logs\xDB117.tmp
2009-03-26 10:58 . 2008-07-12 11:00 -------- d-----w c:\program files\Matroska
2009-03-25 18:06 . 2007-08-06 05:09 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 18:06 . 2007-08-06 05:09 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 18:06 . 2007-08-06 05:09 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 18:06 . 2007-08-06 05:09 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 18:05 . 2007-08-06 05:09 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-23 04:22 . 2009-03-23 04:22 -------- d---a-w c:\program files\CryptLoad_1.1.6
2009-03-23 04:17 . 2007-08-12 09:55 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-22 19:58 . 2009-03-13 07:52 -------- d-----w c:\program files\MSN Messenger
2009-03-19 06:38 . 2009-03-19 06:38 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 06:36 . 2007-08-06 04:21 105952 ----a-w c:\documents and settings\Roger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 06:34 . 2009-03-19 06:34 208440 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-18 23:18 . 2009-03-18 23:22 196608 ----a-w c:\windows\Internet Logs\xDB114.tmp
2009-03-18 23:18 . 2009-03-18 23:22 7596032 ----a-w c:\windows\Internet Logs\xDB116.tmp
2009-03-18 20:28 . 2009-03-18 20:28 -------- d-----w c:\program files\Windows Installer Clean Up
2009-03-18 20:28 . 2009-03-18 20:28 -------- d-----w c:\program files\MSECACHE
2009-03-18 12:18 . 2009-03-18 12:22 7584256 ----a-w c:\windows\Internet Logs\xDB115.tmp
2009-03-18 12:18 . 2009-03-18 12:22 779776 ----a-w c:\windows\Internet Logs\xDB113.tmp
2009-03-13 12:22 . 2007-10-07 16:52 -------- d-----w c:\program files\DScaler5
2009-03-13 06:03 . 2007-12-28 03:15 -------- d-----w c:\program files\Windows Live Toolbar
2009-03-13 05:50 . 2009-03-13 05:50 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-12 15:56 . 2009-03-12 21:51 1770496 ----a-w c:\windows\Internet Logs\xDB112.tmp
2009-03-12 02:16 . 2007-08-12 09:52 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-11 14:46 . 2007-08-24 05:44 -------- d-----w c:\program files\DivFix
2009-03-09 12:19 . 2009-04-08 20:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2003-03-31 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2003-03-31 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2003-03-31 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2003-03-31 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2003-03-31 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2003-03-31 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2003-03-31 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2003-03-31 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2003-03-31 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2003-03-31 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-28 20:17 . 2009-02-28 20:18 285184 ----a-w c:\windows\Internet Logs\xDB110.tmp
2009-02-28 20:17 . 2009-02-28 20:19 7397888 ----a-w c:\windows\Internet Logs\xDB111.tmp
2009-02-24 06:01 . 2009-02-25 01:06 1436672 ----a-w c:\windows\Internet Logs\xDB10E.tmp
2009-02-09 12:10 . 2003-03-31 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2003-03-31 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2003-03-31 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2003-03-31 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2003-03-31 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-28_06.27.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
- 2003-03-31 12:00 . 2009-04-28 06:25 71458 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2009-05-09 00:53 71458 c:\windows\system32\perfc009.dat
+ 2009-05-05 02:55 . 2009-05-05 02:55 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
- 2007-08-06 03:05 . 2009-04-28 05:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-06 03:05 . 2009-05-09 05:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-06 03:05 . 2009-05-09 05:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-06 03:05 . 2009-04-28 05:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-06 03:05 . 2009-04-28 05:03 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-08-06 03:05 . 2009-05-09 05:15 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-28 23:03 . 2009-04-28 23:03 4710 c:\windows\Installer\{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}\gpmcico.exe
+ 2009-05-07 08:05 . 2009-05-07 08:05 8192 c:\windows\ERDNT\5-7-2009\Users\00000004\UsrClass.dat
+ 2009-05-07 08:05 . 2009-05-07 08:05 8192 c:\windows\ERDNT\5-7-2009\Users\00000002\UsrClass.dat
+ 2009-05-05 15:18 . 2009-05-05 15:18 8192 c:\windows\ERDNT\5-5-2009\Users\00000004\UsrClass.dat
+ 2009-05-05 15:18 . 2009-05-05 15:18 8192 c:\windows\ERDNT\5-5-2009\Users\00000002\UsrClass.dat
+ 2009-05-06 06:24 . 2009-05-06 06:24 8192 c:\windows\ERDNT\5-5-2009-before removing all roger97338msn account information\Users\00000004\UsrClass.dat
+ 2009-05-06 06:24 . 2009-05-06 06:24 8192 c:\windows\ERDNT\5-5-2009-before removing all roger97338msn account information\Users\00000002\UsrClass.dat
+ 2009-05-05 22:44 . 2009-05-05 22:44 8192 c:\windows\ERDNT\5-5-2009-3\Users\00000004\UsrClass.dat
+ 2009-05-05 22:44 . 2009-05-05 22:44 8192 c:\windows\ERDNT\5-5-2009-3\Users\00000002\UsrClass.dat
+ 2009-05-05 21:49 . 2009-05-05 21:49 8192 c:\windows\ERDNT\5-5-2009-2\Users\00000004\UsrClass.dat
+ 2009-05-05 21:49 . 2009-05-05 21:49 8192 c:\windows\ERDNT\5-5-2009-2\Users\00000002\UsrClass.dat
+ 2009-04-28 10:22 . 2009-04-28 10:22 8192 c:\windows\ERDNT\4-28-2009\Users\00000004\UsrClass.dat
+ 2009-04-28 10:22 . 2009-04-28 10:22 8192 c:\windows\ERDNT\4-28-2009\Users\00000002\UsrClass.dat
+ 2009-04-28 22:13 . 2009-04-28 22:13 8192 c:\windows\ERDNT\4-28-2009-2\Users\00000004\UsrClass.dat
+ 2009-04-28 22:13 . 2009-04-28 22:13 8192 c:\windows\ERDNT\4-28-2009-2\Users\00000002\UsrClass.dat
+ 2008-07-29 15:05 . 2008-07-29 15:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2007-04-10 22:01 . 2009-03-11 05:18 934792 c:\windows\system32\WgaTray.exe
+ 2007-04-10 22:00 . 2009-03-11 05:18 239496 c:\windows\system32\WgaLogon.dll
- 2003-03-31 12:00 . 2009-04-28 06:25 441458 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2009-05-09 00:53 441458 c:\windows\system32\perfh009.dat
+ 2007-04-10 22:01 . 2009-03-11 05:18 934792 c:\windows\system32\dllcache\WgaTray.exe
+ 2007-04-10 22:00 . 2009-03-11 05:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
- 2009-04-01 19:17 . 2009-04-28 05:03 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-04-01 19:17 . 2009-05-09 05:15 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-05-07 08:05 . 2009-05-07 08:05 200704 c:\windows\ERDNT\5-7-2009\Users\00000006\UsrClass.dat
+ 2009-05-07 08:05 . 2005-10-20 19:02 163328 c:\windows\ERDNT\5-7-2009\ERDNT.EXE
+ 2009-05-05 15:18 . 2009-05-05 15:18 200704 c:\windows\ERDNT\5-5-2009\Users\00000006\UsrClass.dat
+ 2009-05-05 15:18 . 2005-10-20 19:02 163328 c:\windows\ERDNT\5-5-2009\ERDNT.EXE
+ 2009-05-06 06:24 . 2009-05-06 06:24 200704 c:\windows\ERDNT\5-5-2009-before removing all roger97338msn account information\Users\00000006\UsrClass.dat
+ 2009-05-06 06:24 . 2005-10-20 19:02 163328 c:\windows\ERDNT\5-5-2009-before removing all roger97338msn account information\ERDNT.EXE
+ 2009-05-05 22:44 . 2009-05-05 22:44 200704 c:\windows\ERDNT\5-5-2009-3\Users\00000006\UsrClass.dat
+ 2009-05-05 22:44 . 2005-10-20 19:02 163328 c:\windows\ERDNT\5-5-2009-3\ERDNT.EXE
+ 2009-05-05 21:49 . 2009-05-05 21:49 200704 c:\windows\ERDNT\5-5-2009-2\Users\00000006\UsrClass.dat
+ 2009-05-05 21:49 . 2005-10-20 19:02 163328 c:\windows\ERDNT\5-5-2009-2\ERDNT.EXE
+ 2009-04-28 10:22 . 2009-04-28 10:22 200704 c:\windows\ERDNT\4-28-2009\Users\00000006\UsrClass.dat
+ 2009-04-28 10:22 . 2005-10-20 19:02 163328 c:\windows\ERDNT\4-28-2009\ERDNT.EXE
+ 2009-04-28 22:13 . 2009-04-28 22:13 200704 c:\windows\ERDNT\4-28-2009-2\Users\00000006\UsrClass.dat
+ 2009-04-28 22:13 . 2005-10-20 19:02 163328 c:\windows\ERDNT\4-28-2009-2\ERDNT.EXE
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2007-04-24 18:32 . 2009-03-11 05:18 1482112 c:\windows\system32\LegitCheckControl.dll
+ 2009-05-07 08:05 . 2009-05-07 08:05 1495040 c:\windows\ERDNT\5-7-2009\Users\00000003\NTUSER.DAT
+ 2009-05-07 08:05 . 2009-05-07 08:05 1495040 c:\windows\ERDNT\5-7-2009\Users\00000001\NTUSER.DAT
+ 2009-05-05 15:18 . 2009-05-05 15:18 1495040 c:\windows\ERDNT\5-5-2009\Users\00000003\NTUSER.DAT
+ 2009-05-05 15:18 . 2009-05-05 15:18 1495040 c:\windows\ERDNT\5-5-2009\Users\00000001\NTUSER.DAT
+ 2009-05-06 06:24 . 2009-05-06 06:24 1495040 c:\windows\ERDNT\5-5-2009-before removing all roger97338msn account information\Users\00000003\NTUSER.DAT
+ 2009-05-06 06:24 . 2009-05-06 06:24 1495040 c:\windows\ERDNT\5-5-2009-before removing all roger97338msn account information\Users\00000001\NTUSER.DAT
+ 2009-05-05 22:44 . 2009-05-05 22:44 1495040 c:\windows\ERDNT\5-5-2009-3\Users\00000003\NTUSER.DAT
+ 2009-05-05 22:44 . 2009-05-05 22:44 1495040 c:\windows\ERDNT\5-5-2009-3\Users\00000001\NTUSER.DAT
+ 2009-05-05 21:49 . 2009-05-05 21:49 1495040 c:\windows\ERDNT\5-5-2009-2\Users\00000003\NTUSER.DAT
+ 2009-05-05 21:49 . 2009-05-05 21:49 1495040 c:\windows\ERDNT\5-5-2009-2\Users\00000001\NTUSER.DAT
+ 2009-04-28 10:22 . 2009-04-28 10:22 1495040 c:\windows\ERDNT\4-28-2009\Users\00000003\NTUSER.DAT
+ 2009-04-28 10:22 . 2009-04-28 10:22 1495040 c:\windows\ERDNT\4-28-2009\Users\00000001\NTUSER.DAT
+ 2009-04-28 22:13 . 2009-04-28 22:13 1495040 c:\windows\ERDNT\4-28-2009-2\Users\00000003\NTUSER.DAT
+ 2009-04-28 22:13 . 2009-04-28 22:13 1495040 c:\windows\ERDNT\4-28-2009-2\Users\00000001\NTUSER.DAT
+ 2007-08-06 05:08 . 2009-05-09 01:00 12111832 c:\windows\system32\ZoneLabs\spyware.dat
+ 2009-05-07 08:05 . 2009-05-07 08:05 10825728 c:\windows\ERDNT\5-7-2009\Users\00000005\NTUSER.DAT
+ 2009-05-05 15:18 . 2009-05-05 15:18 10825728 c:\windows\ERDNT\5-5-2009\Users\00000005\NTUSER.DAT
+ 2009-05-06 06:24 . 2009-05-06 06:24 10825728 c:\windows\ERDNT\5-5-2009-before removing all roger97338msn account information\Users\00000005\NTUSER.DAT
+ 2009-05-05 22:44 . 2009-05-05 22:44 10825728 c:\windows\ERDNT\5-5-2009-3\Users\00000005\NTUSER.DAT
+ 2009-05-05 21:49 . 2009-05-05 21:49 10825728 c:\windows\ERDNT\5-5-2009-2\Users\00000005\NTUSER.DAT
+ 2009-04-28 10:22 . 2009-04-28 10:22 10825728 c:\windows\ERDNT\4-28-2009\Users\00000005\NTUSER.DAT
+ 2009-04-28 22:13 . 2009-04-28 22:13 10825728 c:\windows\ERDNT\4-28-2009-2\Users\00000005\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2009-01-23 319504]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"MBM 5"="c:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-11-12 1630208]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-11-12 86016]

c:\documents and settings\Roger\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-29 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InternetOpenWith"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Start Menu^Programs^Startup^Thoosje Sidebar.lnk]
backup=c:\windows\pss\Thoosje Sidebar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Start Menu^Programs^Startup^Wallpaper Changer.lnk]
backup=c:\windows\pss\Wallpaper Changer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/4/2009 7:55 PM 64160]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [6/23/2008 3:21 PM 150568]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R3 ALSysIO;ALSysIO;\??\d:\temp\ALSysIO.sys --> d:\temp\ALSysIO.sys [?]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [11/4/2008 10:23 AM 36864]
S2 0142001239197718mcinstcleanup;McAfee Application Installer Cleanup (0142001239197718);d:\temp\0142001239197718mcinst.exe c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> d:\temp\0142001239197718mcinst.exe c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [8/11/2007 5:02 AM 245248]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 953168]
S3 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [5/12/2005 12:43 PM 241731]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [5/1/2007 5:08 PM 132232]
S3 samhid910;samhid910;c:\windows\system32\drivers\samhidb.sys [11/13/2008 8:39 PM 22391]
S3 Sk9910uf;USB Keyboard Filter Driver;c:\windows\system32\DRIVERS\Sk9910uf.sys --> c:\windows\system32\DRIVERS\Sk9910uf.sys [?]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\Drivers\tiacxubt.sys --> c:\windows\system32\Drivers\tiacxubt.sys [?]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\Drivers\tiacxusb.sys --> c:\windows\system32\Drivers\tiacxusb.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2077640f-d421-11dd-994a-002354318104}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:55]

2009-04-23 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-08-12 23:31]

2009-04-23 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-11-15 23:31]

2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{985E16CF-6B50-44BD-AB69-55D24FDAC8C0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.live.com/default.aspx?mkt=en-us&wa=wsignin1.0
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\zk3z60m3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\zk3z60m3.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 00:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-1532298954-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-725345543-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-725345543-1532298954-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-725345543-1532298954-839522115-1003)
@Allowed: (Read) (S-1-5-21-725345543-1532298954-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2100)
c:\windows\system32\nview.dll
c:\program files\PHM Plus!\FilesystemFlags.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-05-09 0:17
ComboFix-quarantined-files.txt 2009-05-09 07:17

Pre-Run: 11,439,255,552 bytes free
Post-Run: 11,413,188,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
405 --- E O F --- 2009-04-29 16:53
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-09-2009, 08:10 AM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 28,066
OS: WinXP Home, Vista, Windows 7 64bit


Re: Browser being redirected
Unfortunately, a new run does not help me. I needed to see what has been removed to give me some idea of what was on this system. I see no malware in any of the posted logs.

Given that the redirects happen in both IE and FF, and that I see no malware in the logs, do you use a wireless router? If so, what I'd like you to do is a hard reset with your router. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

Then change your admin login and password--make it a strong password.

You may also want to ask your ISP for help in case there are custom settings that need to be maintained.

If you need further assitance in carrying that out, let me know the brand of router you have.
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-10-2009, 10:08 PM   #6 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
Hello again Reid,

Currently, I don't have a wireless router. But, I just moved. Last week, I did. (I used to have DSL through Qwest, now I have cable internet through Charter.)

Also, after thinking about it for a day and a half, I remember why I don't have a log from ComboFix. When I ran it last time, my computer froze, and I had to hit the reset button. So, I'm assuming ComboFix didn't finish running.

Last night, I ran my McAfee virus scanner, and in the results, it targeted the ComboFix.txt file as a trojan. I took a screenshot of it, if you would like me to post it for you. Is that a normal occurrence?

I really appreciate your help, Reid, and I'm hoping that you can give me a little insight so that I can help myself. When you read the files from ComboFix, or Hijack This, or which ever, how do you know which one to use? Is one better suited for particular problems, or is it personal preference?

And I know you're looking for entries that aren't legitimate. But how do you know which ones aren't? I read through those log files, and kept seeing things that I hadn't seen before, but were just new, legitimate processes. (Such as seaport, for windows live) How do you know what to look for, and how do you look for it? Do you compose your own list of fraudulent processes, dll's, exe's and such? Are there ready-made lists for anyone to download? And do you read each log file yourself, do you use search one word at a time? Do you have a macro, or batch file?

I hope I'm not taking up a lot of your time by asking you that stuff Reid. But it does sound like you've hit a wall, what with me having had this problem for so long, and not being able to supply you with some log files that would have done you much good.

Oh, one last thing. Last night, I noticed that when a page is redirected, all I have to do is hit the back button, click the link again, and I'm taken to the correct page. I also recall installing a search bar on accident (I meant to click no, but I wasn't paying that much attention.) and this problem started soon after that. As soon as I can remember the details on that, I plan on searching the registry for anything with that name.

I'm not usually this inattentive to what I do with my computer, but if you've ever moved before, imagine moving AND finalizing the sale on your house at the same time. If I had any hair left, I'm sure it would be grey. :)

Thank you again, Reid, for your assistance. And a big thank you to not only you, but everyone else that volunteers their time here helping people out. That's a very cool thing of all of you to do.

Sincerely,

Roger
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-10-2009, 10:19 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 28,066
OS: WinXP Home, Vista, Windows 7 64bit


Re: Browser being redirected
Hi Roger,

I've not yet hit a wall, I've just begun.


It is very late at night my time, and I have other threads to tend to as well as yours. As such, I honestly don't have the time to answer all your questions at the moment.

Download HostsXpert.
  • Unzip HostsXpert to it's own folder.
  • Run HostsXpert.exe
  • Click "Restore MS Hosts file" and then click OK.
  • Close HostsXpert.
  • Note: If a custom Hosts file was in place, you'll have to edit those entries back in.


If you are still getting redirected when clicking on links, let's see if this online scanner reveals anything for us. It can take quite a bit of time, so please be patient and allow it to run it's full course:


**Vista users - right click on the IE icon and run as administrator


Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-12-2009, 09:23 PM   #8 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
I know you have other people to help Ried, that's why I appreciate your help so much.

I'm going to be busy for a day or two, but I'll run those next chance I get.

And please, help other people first. Mine is a low priority, given that everything still functions and I can work around the redirection.

Also, my apologies for constantly spelling your name wrong.
Last edited by roger97338; 05-12-2009 at 09:25 PM.
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-12-2009, 09:29 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 28,066
OS: WinXP Home, Vista, Windows 7 64bit


Re: Browser being redirected
No worries about the name being mispelled.

I appreciate your consideration of others seeking assistance, but you're mine now.

At least run HostXpert now. It shall only take you a minute or so. Let me know if you're still getting redirected after that.
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2009, 01:52 AM   #10 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
Hello again Ried!

Ok, I ran HostXpert. I looked over the host file, and everything there had been added by SpyBot. Even so, I restored it to an unaltered version. Afterward, my browser searches were still redirected.

And here are the results from the online scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 13, 2009 12:37:03
Records in database: 2172426
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 222988
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:12:36


File name / Threat name / Threats count
C:\Program Files\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1

The selected area was scanned.

And that's been it. I ran my virus scanner earlier this week, and the results came back clean. It's running again right now, and so far nothing is infected.
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2009, 09:57 AM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 28,066
OS: WinXP Home, Vista, Windows 7 64bit


Re: Browser being redirected
Hi Roger.

No worries about the Kaspersky finding. Leave that there.


Open Notepad and copy/paste the contents in the quotebox below, into Notepad.

Quote:
regedit /a peek.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32"
start notepad peek.txt
Save this as look.bat Choose to "Save type as - All Files"
It should look like this:

Double click on look.bat & allow it to run. Then post the log which it produces
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2009, 10:16 AM   #12 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
Reid, it's supposed to be beautiful here in Oregon this weekend. No rain, highs hi 70's-low 80's, the nicest weather we've had so far this year, is what the forecasters are saying. So, I'm going to go do some yard work, polish some chrome on the old Chevy, force the cats to catch some mice, and generally enjoy the weekend.

I've heard Ohio can be pretty cold...for a long time, too. Hope this glimpse of summer makes it your way soon!

Anyway, the following is the contents of peek.txt:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="i263_32.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="iyvu9_32.dll"
"vidc.yvyu"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"wave1"="serwvdrv.dll"
"msacm.iac2"="C:\\WINDOWS\\system32\\Iac25_32.ax"
"msacm.g723"="g723.acm"
"vidc.I263"="I263_32.drv"
"VIDC.IV41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"vidc.DIVX"="DivX.dll"
"vidc.yv12"="DivX.dll"
"VIDC.WMV3"="wmv9vcm.dll"
"VIDC.MPG4"="mpg4c32.dll"
"VIDC.MP42"="mpg4c32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"wave2"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux"="wdmaud.drv"
"msacm.dvacm"="C:\\PROGRA~1\\COMMON~1\\Ulead Systems\\vio\\dvacm.acm"
"VIDC.FFDS"="ff_vfw.dll"
"msacm.avis"="ff_acm.acm"
"msacm.siren"="sirenacm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
"mixer"="rdpsnd.dll"
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2009, 10:23 AM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 28,066
OS: WinXP Home, Vista, Windows 7 64bit


Re: Browser being redirected
We're slowly warming up. Yesterday and today are in the 70's, but tomorrow the bottom drops out with a high of only 55. The upcoming week we're supposed to recover and be in the 80's by Friday.

Enjoy your weekend and sunshine (it's going to rain here. )

McAfee interefers with our tools all the time. What I'd like you to do is totally disable McAfee, or uninstall it temporarily so we can run ComboFix.

Here are the instructions again so you don't have to scroll and find my previous post:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-22-2009, 05:42 PM   #14 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
Hello again, Ried!

Ok, even though I still had a copy of ComboFix from earlier, I downloaded a new copy. Ran it from my desktop, rather than from my download folder. McAfee has been completely uninstalled, and I'm using Avast! for the time being. My McAfee subscription ran out, and I haven't looked to see what my new ISP, Charter, is offering me.

Anyway, here's the contents of the ComboFix log:

ComboFix 09-05-21.08 - Roger 05/22/2009 10:21.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1513 [GMT -7:00]
Running from: c:\documents and settings\Roger\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090521-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Desktop.ini
E:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-22 03:28 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-22 03:28 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-22 03:28 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-22 03:28 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-22 03:28 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-22 03:28 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-22 03:28 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-22 03:28 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-22 03:28 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-22 03:28 . 2009-05-22 03:28 -------- d-----w c:\program files\Alwil Software
2009-05-17 10:17 . 2009-05-17 10:17 -------- d-----w c:\program files\UPHClean
2009-05-15 23:58 . 2009-05-15 23:58 -------- d-----w c:\documents and settings\All Users\Application Data\SRS Labs
2009-05-15 23:58 . 2007-03-12 18:15 44416 ----a-r c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2009-05-15 23:58 . 2007-03-12 18:15 37248 ----a-r c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2009-05-15 23:58 . 2007-03-12 18:15 46592 ----a-r c:\windows\system32\drivers\tshd4_kern_i386.sys
2009-05-15 23:58 . 2007-03-12 18:15 38400 ----a-r c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2009-05-15 23:58 . 2007-03-12 18:15 32000 ----a-r c:\windows\system32\drivers\wowhd_kern_i386.sys
2009-05-15 23:52 . 2009-05-16 00:04 -------- d-----w c:\program files\DFX
2009-05-14 13:05 . 2009-05-14 13:05 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-09 18:30 . 2008-04-13 17:47 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-09 18:30 . 2008-04-13 17:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-07 08:49 . 2009-05-07 09:06 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-06 07:08 . 2009-05-07 08:38 -------- d-----w c:\program files\Skyhook Wireless
2009-05-06 06:05 . 2009-05-06 06:15 -------- d-----w c:\program files\Resource Hacker
2009-05-05 04:27 . 2009-05-05 02:55 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-05 02:52 . 2009-05-05 02:52 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-05 02:52 . 2009-03-12 08:17 2902048 -c--a-w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-05 02:52 . 2009-05-05 02:55 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-05 02:52 . 2009-05-05 02:52 -------- d-----w c:\program files\Lavasoft
2009-04-29 15:28 . 2009-04-29 15:28 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-28 23:03 . 2009-05-05 21:24 -------- d-----w c:\program files\GPMC
2009-04-27 17:22 . 2009-04-27 17:22 262144 ----a-w c:\windows\system32\default_user_class.dat
2009-04-24 10:42 . 2009-04-24 10:42 -------- d-sh--w C:\Diskeeper
2009-04-24 10:38 . 2009-04-24 10:38 -------- d-----w c:\program files\Diskeeper Corporation
2009-04-23 01:42 . 2009-04-23 01:42 -------- d-----w c:\program files\FolderSize

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 17:08 . 2007-12-01 11:11 169936 ----a-w c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\zk3z60m3.default\FlashGot.exe
2009-05-22 17:08 . 2007-10-21 23:32 -------- d-----w c:\documents and settings\Roger\Application Data\nView_Wallpaper
2009-05-22 17:05 . 2009-05-22 17:07 59904 ----a-w c:\windows\Internet Logs\xDB136.tmp
2009-05-22 17:05 . 2009-05-22 17:07 8526336 ----a-w c:\windows\Internet Logs\xDB139.tmp
2009-05-22 16:50 . 2007-08-06 08:49 -------- d-----w c:\program files\Zoom Player
2009-05-22 13:49 . 2009-05-22 16:09 67072 ----a-w c:\windows\Internet Logs\xDB135.tmp
2009-05-22 12:56 . 2007-08-18 04:57 8 ----a-w c:\windows\system32\nvModes.dat
2009-05-22 11:37 . 2007-08-06 05:08 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-05-22 11:10 . 2009-05-22 11:37 901120 ----a-w c:\windows\Internet Logs\xDB132.tmp
2009-05-22 11:10 . 2009-05-22 11:37 8523776 ----a-w c:\windows\Internet Logs\xDB134.tmp
2009-05-22 08:51 . 2007-08-06 05:29 -------- d-----w c:\program files\FlashGet
2009-05-22 03:20 . 2007-08-06 04:47 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-05-19 20:11 . 2009-05-20 00:13 212480 ----a-w c:\windows\Internet Logs\xDB130.tmp
2009-05-19 20:11 . 2009-05-20 00:13 8493056 ----a-w c:\windows\Internet Logs\xDB131.tmp
2009-05-19 17:24 . 2007-08-20 03:58 -------- d-----w c:\program files\StarWarsGalaxies
2009-05-19 14:22 . 2009-03-06 05:12 -------- d-----w c:\program files\JDownloader
2009-05-19 11:08 . 2009-05-19 11:09 8489472 ----a-w c:\windows\Internet Logs\xDB133.tmp
2009-05-19 11:08 . 2009-05-19 11:09 423936 ----a-w c:\windows\Internet Logs\xDB12F.tmp
2009-05-19 09:00 . 2007-08-06 08:36 -------- d-----w c:\program files\IrfanView
2009-05-17 14:12 . 2009-05-17 14:12 62724 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_05_17_06_04_15_small.dmp.zip
2009-05-17 14:12 . 2009-05-17 14:12 50062 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_05_17_06_04_11_small.dmp.zip
2009-05-17 13:06 . 2009-05-17 14:07 726016 ----a-w c:\windows\Internet Logs\xDB12C.tmp
2009-05-17 13:06 . 2009-05-17 14:07 8484352 ----a-w c:\windows\Internet Logs\xDB12E.tmp
2009-05-16 00:04 . 2008-11-04 03:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-14 21:04 . 2009-05-14 22:49 2414592 ----a-w c:\windows\Internet Logs\xDB12B.tmp
2009-05-14 21:04 . 2009-05-14 22:49 8462336 ----a-w c:\windows\Internet Logs\xDB12D.tmp
2009-05-14 20:11 . 2007-08-18 04:51 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-05-14 08:42 . 2007-08-12 09:52 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-13 20:10 . 2008-12-10 10:53 -------- d-----w c:\program files\Core Temp
2009-05-09 16:29 . 2009-03-11 18:27 -------- d-----w c:\documents and settings\Roger\Application Data\vlc
2009-05-09 12:59 . 2008-12-10 11:25 -------- d-----w c:\program files\SpeedFan
2009-05-07 00:42 . 2009-05-07 04:18 2142720 ----a-w c:\windows\Internet Logs\xDB128.tmp
2009-05-07 00:42 . 2009-05-07 04:18 8408576 ----a-w c:\windows\Internet Logs\xDB12A.tmp
2009-05-05 21:55 . 2007-09-13 04:05 -------- d-----w c:\program files\Java
2009-05-05 21:49 . 2009-04-14 07:33 -------- d-----w c:\program files\Hijack This
2009-05-05 05:10 . 2009-05-05 07:11 8385024 ----a-w c:\windows\Internet Logs\xDB129.tmp
2009-05-05 05:09 . 2009-05-05 07:11 1441792 ----a-w c:\windows\Internet Logs\xDB127.tmp
2009-04-29 12:05 . 2009-04-29 12:05 16276451 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_29_04_58_26_full.dmp.zip
2009-04-29 12:05 . 2009-04-29 12:05 51674 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_29_04_58_22_small.dmp.zip
2009-04-28 17:31 . 2009-04-28 17:32 8351744 ----a-w c:\windows\Internet Logs\xDB125.tmp
2009-04-28 06:37 . 2009-04-28 06:37 58829 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_27_22_49_53_small.dmp.zip
2009-04-28 06:21 . 2007-08-19 21:53 36022299 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-25 22:32 . 2009-03-13 06:01 -------- d-----w c:\program files\Microsoft
2009-04-24 21:35 . 2009-04-25 00:20 8275456 ----a-w c:\windows\Internet Logs\xDB126.tmp
2009-04-24 21:35 . 2009-04-25 00:20 425472 ----a-w c:\windows\Internet Logs\xDB124.tmp
2009-04-24 07:13 . 2007-10-07 16:51 -------- d-----w c:\program files\SHOUTcast Source
2009-04-24 07:11 . 2007-10-07 16:52 -------- d-----w c:\program files\CD Audio Reader Filter
2009-04-24 07:11 . 2008-07-12 12:25 -------- d-----w c:\program files\DSP-worx
2009-04-24 05:23 . 2009-04-24 05:23 67808 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_23_22_14_35_small.dmp.zip
2009-04-24 05:23 . 2009-04-24 05:23 67277 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_23_22_14_33_small.dmp.zip
2009-04-23 17:43 . 2007-08-06 07:58 -------- d-----w c:\program files\Common Files\Stardock
2009-04-23 15:49 . 2008-12-03 17:11 -------- d-----w c:\program files\EVGA Precision
2009-04-23 00:37 . 2009-04-23 00:40 178176 ----a-w c:\windows\Internet Logs\xDB123.tmp
2009-04-19 14:04 . 2009-04-19 14:04 -------- d-----w c:\documents and settings\Roger\Application Data\Leadertech
2009-04-18 23:27 . 2009-04-18 23:29 8158720 ----a-w c:\windows\Internet Logs\xDB122.tmp
2009-04-18 23:27 . 2009-04-18 23:29 1800704 ----a-w c:\windows\Internet Logs\xDB121.tmp
2009-04-12 02:10 . 2009-04-12 03:09 8099328 ----a-w c:\windows\Internet Logs\xDB120.tmp
2009-04-12 02:10 . 2009-04-12 03:09 142848 ----a-w c:\windows\Internet Logs\xDB11E.tmp
2009-04-10 21:42 . 2009-04-11 03:16 8097280 ----a-w c:\windows\Internet Logs\xDB11F.tmp
2009-04-10 21:42 . 2009-04-11 03:16 459776 ----a-w c:\windows\Internet Logs\xDB11D.tmp
2009-04-09 15:30 . 2009-04-09 15:30 -------- d-----w c:\program files\XML Notepad 2007
2009-04-08 22:26 . 2009-04-08 22:26 152576 ----a-w c:\documents and settings\Roger\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-08 17:26 . 2007-08-07 06:28 -------- d-----w c:\program files\Windows Live
2009-04-08 17:25 . 2009-04-08 17:25 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-08 02:32 . 2009-04-08 02:22 -------- d-----w c:\program files\Batch Rename
2009-04-07 12:09 . 2009-04-07 18:43 414720 ----a-w c:\windows\Internet Logs\xDB11A.tmp
2009-04-04 15:16 . 2009-04-04 15:38 487424 ----a-w c:\windows\Internet Logs\xDB119.tmp
2009-04-04 15:16 . 2009-04-04 15:38 7972864 ----a-w c:\windows\Internet Logs\xDB11B.tmp
2009-04-02 11:15 . 2009-04-02 11:07 -------- d-----w c:\program files\Diablo II
2009-04-02 11:08 . 2009-04-02 11:07 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-02 10:48 . 2009-03-19 15:03 -------- d-----w c:\documents and settings\Roger\Application Data\dvdcss
2009-04-01 15:43 . 2009-04-01 15:58 1772544 ----a-w c:\windows\Internet Logs\xDB118.tmp
2009-03-26 11:00 . 2009-03-26 11:01 2238976 ----a-w c:\windows\Internet Logs\xDB117.tmp
2009-03-26 10:58 . 2008-07-12 11:00 -------- d-----w c:\program files\Matroska
2009-03-19 06:36 . 2007-08-06 04:21 105952 ----a-w c:\documents and settings\Roger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 06:34 . 2009-03-19 06:34 208440 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-18 23:18 . 2009-03-18 23:22 196608 ----a-w c:\windows\Internet Logs\xDB114.tmp
2009-03-18 23:18 . 2009-03-18 23:22 7596032 ----a-w c:\windows\Internet Logs\xDB116.tmp
2009-03-18 20:28 . 2009-03-18 20:28 3584 ----a-r c:\documents and settings\Roger\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-03-18 12:18 . 2009-03-18 12:22 7584256 ----a-w c:\windows\Internet Logs\xDB115.tmp
2009-03-18 12:18 . 2009-03-18 12:22 779776 ----a-w c:\windows\Internet Logs\xDB113.tmp
2009-03-12 15:56 . 2009-03-12 21:51 1770496 ----a-w c:\windows\Internet Logs\xDB112.tmp
2009-03-09 12:19 . 2009-04-08 20:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2003-03-31 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2003-03-31 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2003-03-31 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2003-03-31 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2003-03-31 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2003-03-31 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2003-03-31 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2003-03-31 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2003-03-31 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2003-03-31 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 16:51 . 2009-03-04 16:51 1078 ----a-r c:\documents and settings\Roger\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2009-03-04 16:51 . 2009-03-04 16:51 1078 ----a-r c:\documents and settings\Roger\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2009-03-04 16:51 . 2009-03-04 16:51 1078 ----a-r c:\documents and settings\Roger\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2009-03-04 16:51 . 2009-03-04 16:51 1078 ----a-r c:\documents and settings\Roger\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2009-02-28 20:17 . 2009-02-28 20:18 285184 ----a-w c:\windows\Internet Logs\xDB110.tmp
2009-02-28 20:17 . 2009-02-28 20:19 7397888 ----a-w c:\windows\Internet Logs\xDB111.tmp
.

((((((((((((((((((((((((((((( SnapShot_2009-05-09_07.16.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-12-18 03:06 . 2003-12-18 03:06 73728 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpztbi09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 49152 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzrer09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 81920 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzflt09.dll
- 2003-03-31 12:00 . 2009-05-09 00:53 71458 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2009-05-22 17:11 71458 c:\windows\system32\perfc009.dat
- 2002-08-29 01:32 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
+ 2002-08-29 01:32 . 2008-04-13 17:45 49408 c:\windows\system32\drivers\stream.sys
+ 2007-08-06 05:30 . 2008-04-13 17:45 60160 c:\windows\system32\drivers\drmk.sys
- 2007-08-06 05:30 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2002-08-29 01:32 . 2008-04-13 17:45 49408 c:\windows\system32\dllcache\stream.sys
+ 2007-08-06 05:30 . 2008-04-13 17:45 60160 c:\windows\system32\dllcache\drmk.sys
- 2007-08-06 03:05 . 2009-05-09 05:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-06 03:05 . 2009-05-22 02:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-06 03:05 . 2009-05-09 05:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-06 03:05 . 2009-05-22 02:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-06 03:05 . 2009-05-09 05:15 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-08-06 03:05 . 2009-05-22 02:29 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-08-12 09:51 . 2007-08-12 09:51 25214 c:\windows\Installer\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}\_294823.exe
+ 2009-05-17 10:17 . 2009-05-17 10:17 25214 c:\windows\Installer\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}\_294823.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-12-26 14:54 . 2008-12-31 11:00 12800 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2008-12-26 14:54 . 2009-05-09 17:16 12800 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\pubs.exe
- 2008-12-26 14:54 . 2008-12-31 11:00 16384 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-12-26 14:54 . 2009-05-09 17:16 16384 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-12-26 14:54 . 2008-12-31 11:00 34304 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-12-26 14:54 . 2009-05-09 17:16 34304 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-08-06 05:30 . 2008-04-13 23:11 4096 c:\windows\system32\ksuser.dll
- 2007-08-06 05:30 . 2008-04-14 00:11 4096 c:\windows\system32\ksuser.dll
+ 2007-08-06 05:30 . 2008-04-13 23:11 4096 c:\windows\system32\dllcache\ksuser.dll
- 2007-08-11 05:27 . 2009-04-25 23:30 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-12-26 14:54 . 2009-05-09 17:16 3584 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-12-26 14:54 . 2008-12-31 11:00 3584 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-12-26 14:54 . 2008-12-31 11:00 8192 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-12-26 14:54 . 2009-05-09 17:16 8192 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-12-26 14:54 . 2008-12-31 11:00 2560 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-12-26 14:54 . 2009-05-09 17:16 2560 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-05-19 14:17 . 2009-05-19 14:17 8192 c:\windows\ERDNT\5-19-2009\Users\00000004\UsrClass.dat
+ 2009-05-19 14:17 . 2009-05-19 14:17 8192 c:\windows\ERDNT\5-19-2009\Users\00000002\UsrClass.dat
+ 2009-05-16 16:04 . 2009-05-16 16:04 8192 c:\windows\ERDNT\5-16-2009\Users\00000004\UsrClass.dat
+ 2009-05-16 16:04 . 2009-05-16 16:04 8192 c:\windows\ERDNT\5-16-2009\Users\00000002\UsrClass.dat
+ 2009-05-13 10:18 . 2009-05-13 10:18 8192 c:\windows\ERDNT\5-13-2009\Users\00000004\UsrClass.dat
+ 2009-05-13 10:18 . 2009-05-13 10:18 8192 c:\windows\ERDNT\5-13-2009\Users\00000002\UsrClass.dat
+ 2009-05-10 08:26 . 2009-05-10 08:26 8192 c:\windows\ERDNT\5-10-2009\Users\00000004\UsrClass.dat
+ 2009-05-10 08:26 . 2009-05-10 08:26 8192 c:\windows\ERDNT\5-10-2009\Users\00000002\UsrClass.dat
+ 2003-12-18 03:06 . 2003-12-18 03:06 163891 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzvip09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 438272 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpztbx09.exe
+ 2003-12-18 03:06 . 2003-12-18 03:06 188416 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpztbu09.exe
+ 2003-12-18 03:06 . 2003-12-18 03:06 172032 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzstw09.exe
+ 2003-12-18 03:06 . 2003-12-18 03:06 376832 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzstc09.exe
+ 2003-12-18 03:06 . 2003-12-18 03:06 319488 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzrm309.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 380928 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzres09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 335872 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzpre09.exe
+ 2003-12-18 03:06 . 2003-12-18 03:06 479232 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzpm309.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 147512 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzlnt09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 200704 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzjui09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 217088 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzime09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 643072 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzeng09.exe
+ 2003-12-18 03:06 . 2003-12-18 03:06 270336 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzcon09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 208896 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzcoi09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 245760 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzcfg09.exe
+ 2003-12-18 03:06 . 2003-12-18 03:06 204800 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpz2ku09.dll
+ 2003-12-18 03:06 . 2003-12-18 03:06 120191 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpf4h409.dat
+ 2003-03-31 12:00 . 2009-05-22 17:11 441458 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2009-05-09 00:53 441458 c:\windows\system32\perfh009.dat
+ 2007-08-06 05:30 . 2008-04-13 18:19 146048 c:\windows\system32\drivers\portcls.sys
- 2007-08-06 05:30 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
+ 2002-08-29 02:13 . 2008-04-13 18:16 141056 c:\windows\system32\drivers\ks.sys
- 2002-08-29 02:13 . 2008-04-13 19:16 141056 c:\windows\system32\drivers\ks.sys
+ 2007-08-06 05:30 . 2008-04-13 18:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2002-08-29 02:13 . 2008-04-13 18:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-04-01 19:17 . 2009-05-22 02:29 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-04-01 19:17 . 2009-05-09 05:15 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2007-08-11 05:27 . 2009-04-25 23:30 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-08-11 05:27 . 2009-05-13 10:01 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2007-08-11 05:27 . 2009-04-25 23:30 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-05-19 14:17 . 2009-05-19 14:17 200704 c:\windows\ERDNT\5-19-2009\Users\00000006\UsrClass.dat
+ 2009-05-19 14:17 . 2005-10-20 19:02 163328 c:\windows\ERDNT\5-19-2009\ERDNT.EXE
+ 2009-05-16 16:04 . 2009-05-16 16:04 200704 c:\windows\ERDNT\5-16-2009\Users\00000006\UsrClass.dat
+ 2009-05-16 16:04 . 2005-10-20 19:02 163328 c:\windows\ERDNT\5-16-2009\ERDNT.EXE
+ 2009-05-13 10:18 . 2009-05-13 10:18 200704 c:\windows\ERDNT\5-13-2009\Users\00000006\UsrClass.dat
+ 2009-05-13 10:18 . 2005-10-20 19:02 163328 c:\windows\ERDNT\5-13-2009\ERDNT.EXE
+ 2009-05-10 08:26 . 2009-05-10 08:26 200704 c:\windows\ERDNT\5-10-2009\Users\00000006\UsrClass.dat
+ 2009-05-10 08:26 . 2005-10-20 19:02 163328 c:\windows\ERDNT\5-10-2009\ERDNT.EXE
+ 2003-12-18 03:06 . 2003-12-18 03:06 9707520 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_58003bc1\hpzr3209.dll
+ 2009-05-19 14:17 . 2009-05-19 14:17 1495040 c:\windows\ERDNT\5-19-2009\Users\00000003\NTUSER.DAT
+ 2009-05-19 14:17 . 2009-05-19 14:17 1495040 c:\windows\ERDNT\5-19-2009\Users\00000001\NTUSER.DAT
+ 2009-05-16 16:04 . 2009-05-16 16:04 1495040 c:\windows\ERDNT\5-16-2009\Users\00000003\NTUSER.DAT
+ 2009-05-16 16:04 . 2009-05-16 16:04 1495040 c:\windows\ERDNT\5-16-2009\Users\00000001\NTUSER.DAT
+ 2009-05-13 10:18 . 2009-05-13 10:18 1495040 c:\windows\ERDNT\5-13-2009\Users\00000003\NTUSER.DAT
+ 2009-05-13 10:18 . 2009-05-13 10:18 1495040 c:\windows\ERDNT\5-13-2009\Users\00000001\NTUSER.DAT
+ 2009-05-10 08:26 . 2009-05-10 08:26 1495040 c:\windows\ERDNT\5-10-2009\Users\00000003\NTUSER.DAT
+ 2009-05-10 08:26 . 2009-05-10 08:26 1495040 c:\windows\ERDNT\5-10-2009\Users\00000001\NTUSER.DAT
+ 2007-08-06 05:08 . 2009-05-22 16:21 12218052 c:\windows\system32\ZoneLabs\spyware.dat
+ 2007-08-06 04:51 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
+ 2009-05-19 14:17 . 2009-05-19 14:17 10825728 c:\windows\ERDNT\5-19-2009\Users\00000005\NTUSER.DAT
+ 2009-05-16 16:04 . 2009-05-16 16:04 10825728 c:\windows\ERDNT\5-16-2009\Users\00000005\NTUSER.DAT
+ 2009-05-13 10:18 . 2009-05-13 10:18 10825728 c:\windows\ERDNT\5-13-2009\Users\00000005\NTUSER.DAT
+ 2009-05-10 08:26 . 2009-05-10 08:26 10825728 c:\windows\ERDNT\5-10-2009\Users\00000005\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2009-01-23 319504]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"MBM 5"="c:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-11-12 1630208]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-11-12 86016]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

c:\documents and settings\Roger\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-29 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InternetOpenWith"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 01000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Start Menu^Programs^Startup^Thoosje Sidebar.lnk]
backup=c:\windows\pss\Thoosje Sidebar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Start Menu^Programs^Startup^Wallpaper Changer.lnk]
backup=c:\windows\pss\Wallpaper Changer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\StarWarsGalaxies\\SwgClient_r.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/4/2009 7:55 PM 64160]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [6/23/2008 3:21 PM 150568]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/21/2009 8:28 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/21/2009 8:28 PM 20560]
R3 ALSysIO;ALSysIO;\??\d:\temp\ALSysIO.sys --> d:\temp\ALSysIO.sys [?]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [11/4/2008 10:23 AM 36864]
S2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [8/11/2007 5:02 AM 245248]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 953168]
S3 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [5/12/2005 12:43 PM 241731]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [5/1/2007 5:08 PM 132232]
S3 samhid910;samhid910;c:\windows\system32\drivers\samhidb.sys [11/13/2008 8:39 PM 22391]
S3 Sk9910uf;USB Keyboard Filter Driver;c:\windows\system32\DRIVERS\Sk9910uf.sys --> c:\windows\system32\DRIVERS\Sk9910uf.sys [?]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\Drivers\tiacxubt.sys --> c:\windows\system32\Drivers\tiacxubt.sys [?]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\Drivers\tiacxusb.sys --> c:\windows\system32\Drivers\tiacxusb.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ALSYSIO
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-08-12 23:31]

2009-04-23 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-11-15 23:31]

2009-05-21 c:\windows\Tasks\User_Feed_Synchronization-{985E16CF-6B50-44BD-AB69-55D24FDAC8C0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.live.com/default.aspx?mkt=en-us&wa=wsignin1.0
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\zk3z60m3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\zk3z60m3.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 10:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-1532298954-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-725345543-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-725345543-1532298954-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-725345543-1532298954-839522115-1003)
@Allowed: (Read) (S-1-5-21-725345543-1532298954-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-05-22 10:23
ComboFix-quarantined-files.txt 2009-05-22 17:23

Pre-Run: 11,135,283,200 bytes free
Post-Run: 11,108,139,008 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
420 --- E O F --- 2009-05-13 10:01
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-22-2009, 08:23 PM   #15 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 28,066
OS: WinXP Home, Vista, Windows 7 64bit


Re: Browser being redirected
Hi Roger.


Open notepad and copy/paste the text in the code box below into it:

Quote:

RegLock::
[HKEY_USERS\S-1-5-21-725345543-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

FixCSet::
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Post that in your next reply, please.


=============================

I know you said you get redirects in both IE and FF, but I'd like you to run this next tool anyway. Download GooredFix and save it to your desktop.

Double-click Goored.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply
  • Note: Do not run Option #2 yet.
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-23-2009, 02:33 AM   #16 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
Happy Memorial Day Weekend to you, Ried!

I'll do both of those things for you soon.

I know I'm not an expert at this, and this may be a silly thing to suggest, but I've noticed that Windows Live has been installing a lot of stuff on my computer that I don't want. I use WL Messenger and WL Mail, but it's also added it's folder sync and desktop search components, just to name a few. I also know I've had a difficult time uninstalling things like WL Photoshare and Microsoft's Silverlight. So, could my browser redirection be caused by one of these partially-uninstalled pieces of Windows Live software?
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-23-2009, 06:11 AM   #17 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 28,066
OS: WinXP Home, Vista, Windows 7 64bit


Re: Browser being redirected
Windows Live installations should not be causing the browser redirection that you described to me earlier.

To be certain we are talking about the same type of redirect, give me an example of what you are doing when the redirection occurs, and where you are being redirected to.
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-24-2009, 11:44 PM   #18 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
I took some screen shots, zipped and attached them. I hope those are useful to you. Here's a run-down of what I did:

I was using Firefox, and using Google, I searched for a way to remove the Qwest branding from my messenger program.

Google returned the results, which it always does.

I middle-clicked the first link (That's how I have Firefox set up to open links in a new tab) until a tab opened at the web site corresponding to the link I was clicking.

Then I took some screen shots, zipped them, and now I'm here.

I'm not sure if this is relevant or not, but the result displayed on the superpages page, for the construction company, is less than 30 miles from where I live.
Attached Files
File Type: zip redirect ss.zip (1.29 MB, 2 views)
Last edited by roger97338; 05-24-2009 at 11:48 PM.
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-25-2009, 02:46 AM   #19 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
I almost forgot a few things:

If I copy/paste the link into the address bar, it always goes to the site that I copy/pasted into the address bar.
If I manually enter the address, it always goes to the site I entered.
If I use one of my bookmarks, it always goes to the correct site.
I do NOT get redirected every time.
I don't recall ever being sent to an adult web site. Nor do I recall ever being sent to a web site that was relevant to my search. (Other than the site the link corresponded to.)
It happens most often when searching for something computer-related. I was looking for car parts the other day, and didn't get redirected at all.
This behavior occurs in both IE and Firefox, and also occurs when using Google, Yahoo, and Windows Live search.
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-25-2009, 02:15 PM   #20 (permalink)
Registered User
 
roger97338's Avatar
 
Join Date: Apr 2009
Location: Oregon, U.S.A.
Posts: 16
OS: XP pro sp3


Re: Browser being redirected
Hello again, Ried!

I'm glad you're taking at least one day off of volunteering here. I'm sure that fixing other people's problems could get to a person.

Anyway, Avast! seems to be doing a much better job keeping me safe than McAfee did. Just a few moments ago, I was using Google to search for something. When I clicked on the link and was sent to a site other than the link, a notice from Avast! popped up letting me know that I'd been blocked from accessing a malicious site.

I don't remember what this website's policy is on posting web addresses, so I'll wait until you let me know how, or even if, you want those names.

Also, I haven't ran combofix with CFScript yet. Honestly, I keep forgetting.
roger97338 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:31 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2010, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84