Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page My Search Results are redirected
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-30-2009, 08:49 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 35
OS: XP


My Search Results are redirected
When ever I do a search and click a link it gets redirected to some ad info or hotel thing. About the second time this has happened and my fault because i usually don't use Chrome when doing a search,but this time i wasn't thinking of the security of NoScript on my firefox and became a victim once again.

Anyways long story short my previous analyst says to repost again because it could be a new threat so here's the the DDS.
==========================================================

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 14:58:56.48 on Thu 07/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.113 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202279246312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\nidoynur.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\nidoynur.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\nidoynur.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-15 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-14 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-4 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-14 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-31 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-8 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-9-22 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-9-22 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-9-22 23680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-07-28 03:01 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-07-28 02:56 <DIR> --d----- c:\program files\AIM Toolbar
2009-07-28 02:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2009-07-04 01:36 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-07-04 01:36 21,504 a------- c:\windows\system32\hidserv.dll
2009-07-04 01:32 31,048 a------- c:\windows\system32\drivers\point32.sys
2009-07-04 01:31 <DIR> --d----- c:\program files\Microsoft IntelliPoint

==================== Find3M ====================

2009-07-18 13:44 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-23 14:55 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-08 08:10 155,136 a------- c:\windows\PEV.exe
2009-06-07 01:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-04 12:41 61,224 a------- c:\documents and settings\owner\GoToAssistDownloadHelper.exe

============= FINISH: 15:02:18.40 ===============
Attached Files
File Type: zip Attach.zip (5.6 KB, 2 views)
Shadowkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-03-2009, 09:31 AM   #2 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,147
OS: XP sp3


Re: My Search Results are redirected
Download Combofix from either of the links below. You must rename it before saving it.
Save it to your desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".


Link 1
Link 2



During the download, rename Combofix to Combo-Fix as follows:





--------------------------------------------------------------------
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.


-----------------------------------------------------------
  • Double click on Combo-Fix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


    -----------------------------------------------------------
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    -----------------------------------------------------------
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-03-2009, 01:45 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 35
OS: XP


Re: My Search Results are redirected
Thanks For responded Man, just let u know as soon as i disabled my avg for combofix, my background changed to a spyware warning and the little X symbol appeared near the clock. Its back to normal now after the scan just thought id let u know what happen. Combofix had also asked me if i wanted to update but i said no because the pc was getting infected by the second.
Here's the log

ComboFix 09-08-02.04 - Owner 08/03/2009 15:11.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.348 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\10037654
c:\docume~1\ALLUSE~1\APPLIC~1\10037654\10037654
c:\docume~1\ALLUSE~1\APPLIC~1\10037654\10037654.exe
c:\windows\system32\drivers\geyekrdomsregf.sys
c:\windows\system32\geyekrkalirkdx.dll
c:\windows\system32\geyekrkjlcttuu.dat
c:\windows\system32\geyekrlqrjyvtq.dat
c:\windows\system32\geyekrotvgdvwh.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekraojklymx


((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-07-28 07:01 . 2009-07-28 07:01 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-07-28 06:56 . 2009-07-28 06:56 -------- d-----w- c:\program files\AIM Toolbar
2009-07-28 06:56 . 2009-07-28 06:56 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AIM Toolbar
2009-07-28 06:53 . 2009-07-28 06:53 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL Downloads
2009-07-22 18:20 . 2009-07-29 07:04 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-07-18 01:25 . 2009-07-18 01:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 08:09 . 2008-06-06 16:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 17:45 . 2009-05-14 23:57 -------- d-----w- c:\program files\BitComet
2009-07-29 18:58 . 2009-02-15 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 06:56 . 2008-02-08 04:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
2009-07-28 06:55 . 2008-02-08 04:53 -------- d-----w- c:\program files\AIM6
2009-07-18 17:44 . 2008-05-14 18:19 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-13 17:36 . 2009-02-15 00:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-02-15 00:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 08:26 . 2008-12-01 21:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-07 21:03 . 2008-02-05 01:21 32560 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 05:32 . 2009-07-04 05:31 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-07-02 06:24 . 2009-05-14 06:10 -------- d-----w- c:\documents and settings\Owner\Application Data\.purple
2009-06-30 16:30 . 2009-05-14 06:43 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-06-30 16:03 . 2008-02-04 23:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-30 07:10 . 2009-06-30 07:10 1048576 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nidoynur.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash\components\IBitCometExtension.dll
2009-06-30 07:09 . 2008-12-28 07:08 -------- d--h--w- c:\documents and settings\Owner\Application Data\ijjigame
2009-06-30 06:48 . 2008-11-20 18:53 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-06-30 06:47 . 2008-02-13 16:24 -------- d-----w- c:\program files\SpywareBlaster
2009-06-29 16:12 . 2002-09-03 17:12 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-02-05 00:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-09-03 16:29 17408 ------w- c:\windows\system32\corpol.dll
2009-06-23 18:56 . 2009-06-23 18:56 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-06-23 18:56 . 2009-06-23 18:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-23 18:55 . 2008-05-14 18:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 18:55 . 2008-02-05 01:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 16:09 . 2009-06-22 16:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-06-22 02:50 . 2009-06-22 02:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2009-06-22 02:50 . 2009-06-22 02:50 -------- d-----w- c:\program files\Auslogics
2009-06-20 18:40 . 2008-02-04 23:54 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-19 15:00 . 2008-02-20 07:31 -------- d-----w- c:\program files\Java
2009-06-19 14:59 . 2009-06-19 14:59 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-16 14:36 . 2002-09-03 17:06 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2002-09-03 16:33 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 16:11 . 2008-02-11 06:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-06-07 05:43 . 2009-02-15 17:07 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-06 18:58 . 2009-06-06 18:53 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-06-06 18:53 . 2009-06-06 18:52 -------- d-----w- c:\program files\Yahoo!
2009-06-05 04:58 . 2009-06-05 04:57 -------- d-----w- c:\program files\iTunes
2009-06-05 04:57 . 2009-06-05 04:57 -------- d-----w- c:\program files\iPod
2009-06-05 04:57 . 2008-02-05 06:29 -------- d-----w- c:\program files\Common Files\Apple
2009-06-05 04:47 . 2008-02-05 05:33 -------- d-----w- c:\program files\QuickTime
2009-06-03 19:09 . 2002-09-03 16:53 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 17:36 . 2009-06-05 04:31 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 17:36 . 2008-02-05 06:30 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-21 15:33 . 2008-12-26 18:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 17:51 . 2009-05-13 17:51 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-07 15:32 . 2002-09-03 16:39 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-31 15:46 . 2008-07-14 05:31 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-26_16.50.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-08-03 19:26 . 2009-08-03 19:26 16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat
- 2008-02-05 02:24 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2008-02-05 02:24 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2002-09-03 16:52 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
+ 2002-09-03 16:52 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
- 2007-08-13 23:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
- 2008-08-06 20:49 . 2008-11-05 21:06 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-08-06 20:49 . 2009-07-14 19:12 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2002-09-03 16:37 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
- 2002-09-03 16:37 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 23:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 23:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
- 2002-09-03 16:35 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
+ 2002-09-03 16:35 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
- 2002-09-03 16:34 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
+ 2002-09-03 16:34 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 23:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 23:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2009-07-04 05:36 . 2008-04-14 00:11 21504 c:\windows\system32\hidserv.dll
+ 2009-07-04 05:32 . 2008-06-10 20:04 31048 c:\windows\system32\DRVSTORE\pnt32uw_667890F3485BB5D1C47F7877D51185D7490A7A6A\point32.sys
+ 2009-07-04 05:32 . 2008-06-10 20:04 33352 c:\windows\system32\DRVSTORE\pnt32uk_8477F1120BF994C8009DDB48E4DD8FA85A9039FC\point32k.sys
+ 2009-07-04 05:32 . 2008-06-10 20:04 31048 c:\windows\system32\DRVSTORE\pnt32pw_81F87EB3DFFD672CD4DE30C5341B8C7F08DA9486\point32.sys
+ 2009-07-04 05:32 . 2008-06-10 20:04 33352 c:\windows\system32\DRVSTORE\pnt32pk_10A740FB87D0ACA33593A12D9BBD5CBB5DED03D4\point32k.sys
+ 2009-07-04 05:32 . 2008-06-09 20:12 18504 c:\windows\system32\DRVSTORE\nuidfltr_E8F8C714821A786671DE95508EA821EFC993B9E1\NuidFltr.sys
+ 2009-07-04 05:32 . 2008-06-10 20:04 31048 c:\windows\system32\drivers\point32.sys
+ 2007-10-11 06:13 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-10-11 06:13 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-02-06 02:55 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-02-06 02:55 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-10-11 06:13 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-10-11 06:13 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-02-06 02:55 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-02-06 02:55 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-13 23:39 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 23:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 23:45 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 23:45 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 23:39 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 23:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-02-06 02:55 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-02-06 02:55 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-07-04 05:36 . 2008-04-14 00:11 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2007-08-13 23:42 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
- 2007-08-13 23:42 . 2007-08-13 23:42 17408 c:\windows\system32\dllcache\corpol.dll
- 2008-02-04 23:49 . 2009-06-26 14:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-02-04 23:49 . 2009-08-03 18:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-02-04 23:49 . 2009-08-03 18:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-02-04 23:49 . 2009-06-26 14:30 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-22 22:11 . 2009-02-22 22:11 29696 c:\windows\Installer\e7b39.msi
+ 2009-02-22 22:11 . 2009-02-22 22:11 29184 c:\windows\Installer\e7b26.msi
+ 2008-06-06 16:42 . 2008-06-06 16:42 55296 c:\windows\Installer\a8447.msi
+ 2008-02-11 06:47 . 2008-02-11 06:47 48128 c:\windows\Installer\7aeea3.msi
+ 2008-07-30 01:07 . 2008-07-30 01:07 23040 c:\windows\Installer\422c6e.msp
+ 2009-03-31 19:58 . 2009-03-31 19:58 88576 c:\windows\Installer\3903f8.msi
+ 2009-07-04 05:32 . 2009-07-04 05:32 65536 c:\windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\NewShortcut4_66A9D30D14644C7FB2F3507DADAF2595.exe
+ 2009-07-04 05:32 . 2009-07-04 05:32 65536 c:\windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\NewShortcut3_4748AC220AD3439FA5EECE4BB6C12AAC.exe
+ 2009-07-04 05:32 . 2009-07-04 05:32 29926 c:\windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\NewShortcut2_6463554370E7436D8D6D4A721595029E.exe
+ 2009-07-04 05:32 . 2009-07-04 05:32 29926 c:\windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\NewShortcut1_6463554370E7436D8D6D4A721595029E.exe
+ 2009-07-04 05:32 . 2009-07-04 05:32 25214 c:\windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\HCG_SC.exe
+ 2009-07-04 05:32 . 2009-07-04 05:32 25214 c:\windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\CPL_SC.exe
+ 2009-07-04 05:32 . 2009-07-04 05:32 25214 c:\windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\CPL_DTSC.exe
+ 2009-07-04 05:32 . 2009-07-04 05:32 25214 c:\windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\ARPPRODUCTICON.exe
+ 2009-07-29 07:17 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-07-29 07:17 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-07-29 07:17 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-07-29 07:17 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-07-29 07:17 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-07-29 07:17 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2008-02-08 04:54 . 2009-07-28 06:55 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
- 2008-02-08 04:54 . 2008-06-29 19:18 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2008-02-20 09:00 . 2009-06-30 07:49 3692 c:\windows\system32\Restore\rstrlog.dat
+ 2009-07-04 05:32 . 2009-07-04 05:32 4846 c:\windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\MouseUG.exe
- 2002-09-03 17:11 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
+ 2002-09-03 17:11 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
- 2002-09-03 17:08 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
+ 2002-09-03 17:08 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2002-09-03 16:50 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
- 2002-09-03 16:50 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
- 2002-09-03 16:46 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
+ 2002-09-03 16:46 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2002-09-03 16:46 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2002-09-03 16:46 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
+ 2002-09-03 16:44 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
- 2002-09-03 16:44 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-08-13 23:34 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 23:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
- 2002-09-03 16:34 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
+ 2002-09-03 16:34 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 17:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2002-09-03 16:34 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2002-09-03 16:34 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
- 2002-09-03 16:34 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
+ 2002-09-03 16:34 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2002-09-03 16:34 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
- 2002-09-03 16:34 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
- 2008-02-05 00:58 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
+ 2008-02-05 00:58 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2002-09-03 16:32 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
- 2002-09-03 16:32 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
- 2002-09-03 16:32 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2002-09-03 16:32 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2007-10-11 06:13 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
- 2007-10-11 06:13 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 23:54 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 23:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 23:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 23:44 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
- 2007-08-13 23:44 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 23:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
- 2007-10-11 06:13 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-10-11 06:13 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-10-11 06:13 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-10-11 06:13 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-10-11 06:13 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-10-11 06:13 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-02-06 02:55 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-02-06 02:55 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-08-13 23:43 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
- 2008-02-06 02:55 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-02-06 02:55 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 23:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 23:39 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-02-06 02:55 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2002-09-03 16:34 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2002-09-03 16:34 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 23:39 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 23:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 23:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 23:39 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-10-11 06:13 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-10-11 06:13 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-10-11 06:13 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-10-11 06:13 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-10-11 06:13 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-10-11 06:13 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-13 23:39 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-13 23:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2002-09-03 16:27 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
- 2002-09-03 16:27 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
+ 2008-09-18 17:01 . 2007-04-02 18:34 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-09-18 17:01 . 2007-04-02 18:34 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-03-31 20:06 . 2009-03-31 20:06 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-02-22 22:09 . 2009-02-22 22:09 623616 c:\windows\Installer\e7b13.msi
+ 2008-02-04 23:50 . 2008-02-04 23:50 264704 c:\windows\Installer\c085.msi
+ 2009-02-15 06:26 . 2009-02-15 06:26 569856 c:\windows\Installer\ae24c.msi
+ 2009-02-15 06:26 . 2009-02-15 06:26 236032 c:\windows\Installer\ae246.msi
+ 2008-02-11 06:47 . 2008-02-11 06:47 501248 c:\windows\Installer\7aee9a.msi
+ 2008-02-11 06:47 . 2008-02-11 06:47 506880 c:\windows\Installer\7aee94.msi
+ 2008-02-11 06:46 . 2008-02-11 06:46 516608 c:\windows\Installer\7aee8d.msi
+ 2008-02-11 06:46 . 2008-02-11 06:46 513024 c:\windows\Installer\7aee86.msi
+ 2008-02-11 06:46 . 2008-02-11 06:46 501248 c:\windows\Installer\7aee80.msi
+ 2008-05-14 18:17 . 2008-05-14 18:17 337408 c:\windows\Installer\6f30bd.msi
+ 2008-02-27 20:31 . 2008-02-27 20:31 366592 c:\windows\Installer\66869e1.msi
+ 2008-09-22 20:35 . 2008-09-22 20:35 118272 c:\windows\Installer\63922b6.msi
+ 2009-03-31 21:58 . 2009-03-31 21:58 598016 c:\windows\Installer\562ac.msi
+ 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\54f601e.msp
+ 2008-08-05 07:01 . 2008-08-05 07:01 431104 c:\windows\Installer\50ed717.msi
+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\455abe.msp
+ 2009-03-31 20:07 . 2009-03-31 20:07 648192 c:\windows\Installer\455a98.msi
+ 2008-07-30 01:23 . 2008-07-30 01:23 250880 c:\windows\Installer\422c77.msp
+ 2008-07-30 01:28 . 2008-07-30 01:28 278016 c:\windows\Installer\422c75.msp
+ 2008-07-29 23:40 . 2008-07-29 23:40 291840 c:\windows\Installer\422c73.msp
+ 2009-03-31 20:05 . 2009-03-31 20:05 137728 c:\windows\Installer\422c6d.msi
+ 2008-07-29 21:35 . 2008-07-29 21:35 553472 c:\windows\Installer\3903fd.msp
+ 2008-07-29 21:33 . 2008-07-29 21:33 506368 c:\windows\Installer\3903fb.msp
+ 2008-07-29 21:37 . 2008-07-29 21:37 911360 c:\windows\Installer\3903fa.msp
+ 2009-07-29 07:16 . 2009-07-29 07:16 248832 c:\windows\Installer\325774c.msi
+ 2007-10-15 03:44 . 2007-10-15 03:44 324608 c:\windows\Installer\31ec439.msp
+ 2007-10-15 03:46 . 2007-10-15 03:46 324608 c:\windows\Installer\31ec432.msp
+ 2009-01-14 04:29 . 2009-01-14 04:29 683008 c:\windows\Installer\2dae459.msi
+ 2009-07-28 06:55 . 2009-07-28 06:55 122880 c:\windows\Installer\2d879b.msi
+ 2008-08-04 05:04 . 2008-08-04 05:04 100352 c:\windows\Installer\22827e3.msi
+ 2009-07-04 05:31 . 2009-07-04 05:31 301056 c:\windows\Installer\2246e2c.msi
+ 2008-11-12 06:02 . 2008-11-12 06:02 432640 c:\windows\Installer\1a53d8c.msi
+ 2009-07-29 07:17 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-07-29 07:17 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-07-29 07:17 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-07-29 07:17 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-07-29 07:17 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-07-29 07:17 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-07-29 07:17 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-07-29 07:17 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-07-29 07:17 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-07-29 07:17 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-07-29 07:17 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-07-29 07:17 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2002-09-03 17:11 . 2004-07-17 16:35 1326080 c:\windows\system32\webfldrs.msi
+ 2002-09-03 17:08 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll
- 2002-09-03 17:08 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
+ 2002-09-03 16:44 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 23:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 21:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2008-02-04 18:23 . 2009-07-04 16:27 1481688 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-04 05:32 . 2008-06-09 20:12 1421384 c:\windows\system32\DRVSTORE\nuidfltr_E8F8C714821A786671DE95508EA821EFC993B9E1\wdfcoinstaller01005.dll
+ 2007-10-11 06:13 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
- 2007-10-11 06:13 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2007-10-30 10:16 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2008-02-06 02:55 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-02-06 02:55 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-02-05 00:57 . 2004-07-17 16:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-09-18 17:03 . 2007-04-02 18:42 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2009-01-10 18:19 . 2009-01-10 18:19 7606272 c:\windows\Installer\a9155.msi
+ 2008-04-01 02:11 . 2008-04-01 02:11 1298432 c:\windows\Installer\a844e.msp
+ 2008-02-05 05:54 . 2008-02-05 05:54 1785344 c:\windows\Installer\a23ba8.msi
+ 2008-02-05 05:54 . 2008-02-05 05:54 2435072 c:\windows\Installer\a23ba1.msi
+ 2008-02-05 05:52 . 2008-02-05 05:52 2399744 c:\windows\Installer\a23b9a.msi
+ 2008-02-05 05:50 . 2008-02-05 05:50 2437632 c:\windows\Installer\a23b92.msi
+ 2008-02-05 05:48 . 2008-02-05 05:48 2999808 c:\windows\Installer\a23b8b.msi
+ 2008-02-05 05:46 . 2008-02-05 05:46 2962432 c:\windows\Installer\a23b84.msi
+ 2008-02-05 05:44 . 2008-02-05 05:44 3037184 c:\windows\Installer\a23b76.msi
+ 2008-02-05 05:42 . 2008-02-05 05:42 2485760 c:\windows\Installer\a23b62.msi
+ 2008-02-05 05:41 . 2008-02-05 05:41 2423808 c:\windows\Installer\a23b4e.msi
+ 2008-02-05 05:39 . 2008-02-05 05:39 2344448 c:\windows\Installer\a23b3a.msi
+ 2008-02-05 05:38 . 2008-02-05 05:38 3240448 c:\windows\Installer\a23b33.msi
+ 2008-02-05 05:35 . 2008-02-05 05:35 2771456 c:\windows\Installer\a23b2c.msi
+ 2008-02-05 05:34 . 2008-02-05 05:34 2242048 c:\windows\Installer\a23b25.msi
+ 2008-02-05 05:33 . 2008-02-05 05:33 1888256 c:\windows\Installer\a23b1e.msi
+ 2008-02-05 05:32 . 2008-02-05 05:32 1786368 c:\windows\Installer\a23b17.msi
+ 2008-02-05 05:32 . 2008-02-05 05:32 1784832 c:\windows\Installer\a23b10.msi
+ 2008-02-05 05:32 . 2008-02-05 05:32 1786880 c:\windows\Installer\a23b02.msi
+ 2008-02-05 04:33 . 2008-02-05 04:33 1727488 c:\windows\Installer\a23ae2.msi
+ 2008-02-05 04:32 . 2008-02-05 04:32 1898496 c:\windows\Installer\a23adc.msi
+ 2008-02-05 04:31 . 2008-02-05 04:31 1765888 c:\windows\Installer\a23ac9.msi
+ 2008-02-05 04:31 . 2008-02-05 04:31 1784832 c:\windows\Installer\a23ac3.msi
+ 2008-02-05 04:30 . 2008-02-05 04:30 1723904 c:\windows\Installer\a23abd.msi
+ 2008-02-05 04:30 . 2008-02-05 04:30 1763840 c:\windows\Installer\a23ab7.msi
+ 2008-02-05 04:30 . 2008-02-05 04:30 1728000 c:\windows\Installer\a23ab1.msi
+ 2008-02-05 04:29 . 2008-02-05 04:29 1794560 c:\windows\Installer\a23aab.msi
+ 2008-02-05 04:29 . 2008-02-05 04:29 1891840 c:\windows\Installer\a23aa5.msi
+ 2008-02-05 04:29 . 2008-02-05 04:29 2084864 c:\windows\Installer\a23a9e.msi
+ 2008-02-05 04:27 . 2008-02-05 04:27 1724928 c:\windows\Installer\a23a97.msi
+ 2008-02-05 04:27 . 2008-02-05 04:27 1885696 c:\windows\Installer\a23a91.msi
+ 2008-02-05 04:27 . 2008-02-05 04:27 1786880 c:\windows\Installer\a23a8b.msi
+ 2008-02-05 04:26 . 2008-02-05 04:26 1765376 c:\windows\Installer\a23a85.msi
+ 2008-02-05 04:26 . 2008-02-05 04:26 1733120 c:\windows\Installer\a23a7f.msi
+ 2008-02-05 04:26 . 2008-02-05 04:26 1722880 c:\windows\Installer\a23a79.msi
+ 2008-02-05 04:26 . 2008-02-05 04:26 1723904 c:\windows\Installer\a23a72.msi
+ 2008-02-05 04:25 . 2008-02-05 04:25 1722880 c:\windows\Installer\a23a6b.msi
+ 2008-02-05 04:25 . 2008-02-05 04:25 1751040 c:\windows\Installer\a23a64.msi
+ 2008-02-05 04:25 . 2008-02-05 04:25 1768448 c:\windows\Installer\a23a5e.msi
+ 2008-02-05 04:24 . 2008-02-05 04:24 1734656 c:\windows\Installer\a23a58.msi
+ 2008-02-05 04:24 . 2008-02-05 04:24 1766400 c:\windows\Installer\a23a52.msi
+ 2008-02-05 04:24 . 2008-02-05 04:24 2166272 c:\windows\Installer\a23a4c.msi
+ 2008-02-05 04:23 . 2008-02-05 04:23 1722880 c:\windows\Installer\a23a46.msi
+ 2008-02-05 04:22 . 2008-02-05 04:22 1960960 c:\windows\Installer\a23a3f.msi
+ 2008-02-05 04:22 . 2008-02-05 04:22 1786880 c:\windows\Installer\a23a39.msi
+ 2008-02-05 04:22 . 2008-02-05 04:22 1849344 c:\windows\Installer\a23a33.msi
+ 2008-02-05 04:22 . 2008-02-05 04:22 1727488 c:\windows\Installer\a23a2c.msi
+ 2008-02-05 04:21 . 2008-02-05 04:21 2602496 c:\windows\Installer\a23a26.msi
+ 2008-02-05 04:19 . 2008-02-05 04:19 1733632 c:\windows\Installer\a23a20.msi
+ 2008-02-05 04:18 . 2008-02-05 04:18 1736704 c:\windows\Installer\a23a1a.msi
+ 2008-02-05 04:18 . 2008-02-05 04:18 1768448 c:\windows\Installer\a23a14.msi
+ 2008-02-05 04:18 . 2008-02-05 04:18 1759744 c:\windows\Installer\a23a0e.msi
+ 2008-02-05 04:17 . 2008-02-05 04:17 1833472 c:\windows\Installer\a23a08.msi
+ 2008-02-05 04:17 . 2008-02-05 04:17 1723392 c:\windows\Installer\a23a02.msi
+ 2008-02-05 04:17 . 2008-02-05 04:17 1833984 c:\windows\Installer\a239fc.msi
+ 2008-02-05 04:06 . 2008-02-05 04:06 1792512 c:\windows\Installer\989e55.msi
+ 2007-03-27 20:14 . 2007-03-27 20:14 5566464 c:\windows\Installer\7d5926f.msp
+ 2007-07-21 17:26 . 2007-07-21 17:26 7574016 c:\windows\Installer\7d59261.msp
+ 2008-02-11 06:52 . 2008-02-11 06:52 6366208 c:\windows\Installer\7aeeb2.msi
+ 2008-02-11 06:47 . 2008-02-11 06:47 1652736 c:\windows\Installer\7aeea9.msi
+ 2008-02-11 06:46 . 2008-02-11 06:46 2397184 c:\windows\Installer\7aee7a.msi
+ 2008-09-22 18:34 . 2008-09-22 18:34 2842624 c:\windows\Installer\5c9bc98.msi
+ 2009-01-15 08:35 . 2009-01-15 08:35 4830720 c:\windows\Installer\5784468.msp
+ 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\54f602e.msp
+ 2009-04-24 16:29 . 2009-04-24 16:29 9013760 c:\windows\Installer\54f600f.msp
+ 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\455aa7.msp
+ 2008-07-29 23:26 . 2008-07-29 23:26 1043456 c:\windows\Installer\422c76.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 2679808 c:\windows\Installer\422c74.msp
+ 2008-07-30 01:15 . 2008-07-30 01:15 3697664 c:\windows\Installer\422c72.msp
+ 2008-07-29 23:34 . 2008-07-29 23:34 1448448 c:\windows\Installer\422c71.msp
+ 2008-07-30 00:22 . 2008-07-30 00:22 4137984 c:\windows\Installer\422c70.msp
+ 2008-07-29 23:18 . 2008-07-29 23:18 3376640 c:\windows\Installer\422c6f.msp
+ 2008-10-05 08:12 . 2008-10-05 08:12 4784128 c:\windows\Installer\390c72b.msp
+ 2008-07-29 21:45 . 2008-07-29 21:45 2543616 c:\windows\Installer\390401.msp
+ 2008-07-29 21:29 . 2008-07-29 21:29 2926080 c:\windows\Installer\390400.msp
+ 2008-07-29 21:41 . 2008-07-29 21:41 6487040 c:\windows\Installer\3903ff.msp
+ 2008-07-29 21:39 . 2008-07-29 21:39 3403264 c:\windows\Installer\3903fe.msp
+ 2008-07-29 21:43 . 2008-07-29 21:43 1013248 c:\windows\Installer\3903fc.msp
+ 2008-07-29 21:31 . 2008-07-29 21:31 6083072 c:\windows\Installer\3903f9.msp
+ 2009-02-07 07:11 . 2009-02-07 07:11 1845760 c:\windows\Installer\3468266.msi
+ 2009-02-07 07:10 . 2009-02-07 07:10 1775104 c:\windows\Installer\3468258.msi
+ 2009-06-05 04:59 . 2009-06-05 04:59 4074496 c:\windows\Installer\33e67e.msi
+ 2009-06-05 04:49 . 2009-06-05 04:49 1665024 c:\windows\Installer\33e344.msi
+ 2009-06-05 04:46 . 2009-06-05 04:46 8992256 c:\windows\Installer\33e2ff.msi
+ 2009-06-05 04:32 . 2009-06-05 04:32 3295232 c:\windows\Installer\33e06b.msi
+ 2007-10-15 03:43 . 2007-10-15 03:43 5749760 c:\windows\Installer\31ec40e.msp
+ 2008-07-16 03:12 . 2008-07-16 03:12 1298432 c:\windows\Installer\2d732d2.msp
+ 2007-03-31 02:20 . 2007-03-31 02:20 5800960 c:\windows\Installer\2c36678.msp
+ 2009-07-04 05:32 . 2009-07-04 05:32 3841536 c:\windows\Installer\2246e33.msi
+ 2009-02-14 16:23 . 2009-02-14 16:23 1155072 c:\windows\Installer\21526fc.msi
+ 2008-08-04 05:46 . 2008-08-04 05:46 7163904 c:\windows\Installer\20647f.msi
+ 2009-04-18 00:42 . 2009-04-18 00:42 1659392 c:\windows\Installer\1fd4b4a.msi
+ 2008-09-01 04:27 . 2008-09-01 04:27 5646336 c:\windows\Installer\1d8287f.msi
+ 2009-02-25 23:08 . 2009-02-25 23:08 8311808 c:\windows\Installer\1709e03.msp
+ 2008-02-15 12:54 . 2008-02-15 12:54 9736192 c:\windows\Installer\13c0d1a.msp
+ 2008-08-05 20:29 . 2008-08-05 20:29 1549312 c:\windows\Installer\1342427.msi
+ 2009-07-29 07:17 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-07-29 07:17 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-07-29 07:17 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-07-29 07:17 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2009-05-13 16:02 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2009-07-22 20:12 . 2009-07-22 20:12 15706112 c:\windows\Installer\eaa04b.msp
+ 2009-02-25 23:07 . 2009-02-25 23:07 11646464 c:\windows\Installer\da41d.msp
+ 2007-06-15 12:29 . 2007-06-15 12:29 37983232 c:\windows\Installer\a23afa.msp
+ 2008-02-05 05:31 . 2008-02-05 05:31 10476544 c:\windows\Installer\a23af9.msi
+ 2008-04-11 22:07 . 2008-04-11 22:07 13257728 c:\windows\Installer\82b174.msp
+ 2007-04-22 00:16 . 2007-04-22 00:16 12490752 c:\windows\Installer\7d5927e.msp
+ 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\455ab2.msp
+ 2007-10-15 03:43 . 2007-10-15 03:43 12743168 c:\windows\Installer\31ec420.msp
+ 2007-10-15 03:43 . 2007-10-15 03:43 21981184 c:\windows\Installer\31ec405.msp
+ 2008-08-11 15:51 . 2008-08-11 15:51 15916544 c:\windows\Installer\2ef3aaf.msp
+ 2008-08-11 15:49 . 2008-08-11 15:49 22457344 c:\windows\Installer\2ef3aa0.msp
+ 2008-07-03 15:37 . 2008-07-03 15:37 11759104 c:\windows\Installer\2db86cd.msp
+ 2009-07-31 08:07 . 2009-07-31 08:07 15705600 c:\windows\Installer\25969b2.msp
+ 2008-02-25 19:07 . 2008-02-25 19:07 11772416 c:\windows\Installer\20aa48f.msp
+ 2008-09-24 17:05 . 2008-09-24 17:05 16381440 c:\windows\Installer\1a53d9a.msp
+ 2008-10-20 15:22 . 2008-10-20 15:22 11758592 c:\windows\Installer\1a45fc6.msp
+ 2008-10-20 15:16 . 2008-10-20 15:16 13211648 c:\windows\Installer\1a45fb7.msp
+ 2008-07-30 03:20 . 2008-07-30 03:20 11767296 c:\windows\Installer\18a8de9.msp
+ 2008-04-08 04:22 . 2008-04-08 04:22 12461568 c:\windows\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\veoh.msi
+ 2008-02-17 21:11 . 2008-02-17 21:11 13625856 c:\windows\Downloaded Installations\{310310A5-0EAF-4C57-9297-238DF1179025}\veoh.msi
+ 2008-09-01 04:20 . 2008-09-01 04:20 14589440 c:\windows\Downloaded Installations\{048F086D-DCFD-489D-831E-C1D60FEC1300}\veoh.msi
+ 2007-10-15 03:43 . 2007-10-15 03:43 229852160 c:\windows\Installer\31ec3fd.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-16 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-05 520024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-13 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-23 18:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KeyHoleTV\\KeyHoleTV.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"27580:TCP"= 27580:TCP:BitComet 27580 TCP
"27580:UDP"= 27580:UDP:BitComet 27580 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2009 2:42 AM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/14/2008 2:19 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/14/2008 2:19 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 1:40 PM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 1:40 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/31/2008 2:38 PM 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/8/2008 12:54 AM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/22/2008 4:53 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/22/2008 4:53 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [9/22/2008 4:53 PM 23680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-10037654 - c:\documents and settings\All Users\Application Data\10037654\10037654.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\nidoynur.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nidoynur.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nidoynur.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 15:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Œ[hQHr]
@Class="Shell"

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Œ[hQHr\OpenWithList]
@Class="Shell"
"a"="BitComet.exe"
"MRUList"="ba"
"b"="wmplayer.exe"

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Œ[hQHr\OpenWithProgids]
"???_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*Œ[hQHr]
"0"=hex:d8,9a,4b,6a,42,30,93,30,2e,00,2d,00,2e,00,e1,30,a4,30,c9,30,eb,30,42,
30,93,30,68,30,57,30,88,30,46,30,88,30,2e,00,61,00,76,00,69,00,2e,00,8c,5b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\software\Classes\.*Œ[hQHr]
@="???_auto_file"

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell]
@="open"

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell\open]
@="&Open"

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Open \"%L\""

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Play \"%L\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3636)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-03 15:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 19:40
ComboFix2.txt 2009-06-26 17:02

Pre-Run: 14,273,957,888 bytes free
Post-Run: 14,239,727,616 bytes free

619 --- E O F --- 2009-08-03 14:51
Last edited by Shadowkid; 08-03-2009 at 01:48 PM.
Shadowkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-03-2009, 02:33 PM   #4 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,147
OS: XP sp3


Re: My Search Results are redirected
Hi,

Please do the following:
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    c:\windows\system32\ieudinit.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-03-2009, 02:48 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 35
OS: XP


Re: My Search Results are redirected
Alright thanks ill do that after work
Shadowkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 12:06 AM   #6 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 35
OS: XP


Re: My Search Results are redirected
VirSCAN.org Scanned Report :
Scanned time : 2009/08/04 01:57:31 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : ieudinit.exe
File Size : 13824 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 65f1e2baa2be3d6aca1d4708190e8fdf
SHA1 : f5bda8055e17548e8a382d97730d49f9faf68eb0
Online report : http://virscan.org/report/da03508819...dc4be5b24.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090803230129 2009-08-03 0.68 -
AhnLab V3 2009.08.03.08 2009.08.03 2009-08-03 0.99 -
AntiVir 8.2.0.240 7.1.5.66 2009-08-03 0.18 -
Antiy 2.0.18 20090803.2669463 2009-08-03 0.12 -
Arcavir 2009 200908031615 2009-08-03 0.03 -
Authentium 5.1.1 200908031816 2009-08-03 1.19 -
AVAST! 4.7.4 090804-0 2009-08-04 0.00 -
AVG 8.5.288 270.13.43/2280 2009-08-04 0.32 -
BitDefender 7.81008.3833311 7.26984 2009-08-04 3.32 -
CA (VET) 9.0.0.143 31.6.6655 2009-08-04 9.43 -
ClamAV 0.95.2 9649 2009-08-04 0.01 -
Comodo 3.10 1858 2009-08-04 0.80 -
CP Secure 1.1.0.715 2009.08.04 2009-08-04 11.46 -
Dr.Web 4.44.0.9170 2009.08.03 2009-08-03 5.02 -
F-Prot 4.4.4.56 20090803 2009-08-03 1.17 -
F-Secure 7.02.73807 2009.07.29.10 2009-07-29 7.62 -
Fortinet 2.81-3.120 10.677 2009-08-03 0.26 -
GData 19.6861/19.425 20090804 2009-08-04 4.51 -
ViRobot 20090730 2009.07.30 2009-07-30 0.41 -
Ikarus T3.1.01.64 2009.08.04.73154 2009-08-04 3.06 -
JiangMin 11.0.800 2009.08.03 2009-08-03 3.46 -
Kaspersky 5.5.10 2009.08.04 2009-08-04 0.05 -
KingSoft 2009.2.5.15 2009.8.4.7 2009-08-04 0.45 -
McAfee 5.3.00 5697 2009-08-03 3.00 -
Microsoft 1.4903 2009.08.03 2009-08-03 4.98 -
Norman 6.01.09 6.01.00 2009-08-03 4.01 -
Panda 9.05.01 2009.08.03 2009-08-03 1.96 -
Trend Micro 8.700-1004 6.338.10 2009-08-03 0.03 -
Quick Heal 10.00 2009.08.04 2009-08-04 1.08 -
Rising 20.0 21.41.10.00 2009-08-04 0.79 -
Sophos 2.89.1 4.44 2009-08-04 2.79 -
Sunbelt 5310 5310 2009-08-03 1.07 -
Symantec 1.3.0.24 20090803.005 2009-08-03 0.05 -
nProtect 20090804.01 4961121 2009-08-04 5.85 -
The Hacker 6.3.4.3 v00375 2009-07-31 0.67 -
VBA32 3.12.10.9 20090803.1538 2009-08-03 1.80 -
VirusBuster 4.5.11.10 10.111.2/1826084 2009-08-04 2.21 -
Shadowkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 12:15 AM   #7 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 35
OS: XP


Re: My Search Results are redirected
Malwarebytes' Anti-Malware 1.40
Database version: 2556
Windows 5.1.2600 Service Pack 3

8/4/2009 2:14:59 AM
mbam-log-2009-08-04 (02-14-59).txt

Scan type: Quick Scan
Objects scanned: 95737
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Shadowkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 08:54 AM   #8 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 35
OS: XP


Re: My Search Results are redirected
My AVG Also caught "Virus identified as Win32/cryptor" after the scanned finished
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, August 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, August 04, 2009 0957
Records in database: 2579186
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 202893
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 06:36:50


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\geyekrotvgdvwh.dll.vir Infected: Trojan.Win32.Agent.crez 1

The selected area was scanned.
Shadowkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 08:59 AM   #9 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,147
OS: XP sp3


Re: My Search Results are redirected
Hi,

that file is in quarantine, so can no longer harm the computer.

Please post a fresh DDS log and advise how the computer is running now
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 09:30 AM   #10 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 35
OS: XP


Re: My Search Results are redirected
Do you want the Attached as well?


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 11:27:58.79 on Tue 08/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.346 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202279246312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\nidoynur.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\nidoynur.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\nidoynur.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-15 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-14 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-4 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-14 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-31 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-8 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-9-22 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-9-22 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-9-22 23680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-07-28 03:01 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-07-28 02:56 <DIR> --d----- c:\program files\AIM Toolbar
2009-07-28 02:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar

==================== Find3M ====================

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-18 13:44 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-13 05:48 219,648 a------- c:\windows\PEV.exe
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-23 14:55 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-07 01:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-04 12:41 61,224 a------- c:\documents and settings\owner\GoToAssistDownloadHelper.exe

============= FINISH: 11:29:19.75 ===============
Shadowkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 09:41 AM   #11 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,147
OS: XP sp3


Re: My Search Results are redirected
Hi,

Your log is clean

BitComet 1.13 is probably the root of your issues. I suggest you remove it via Add/Remove programs.

(did I not suggest that last time before you became re-infected?)

We just have some housekeeping to do now. Please do the following:

You can delete the DDS and GMER folders from your desktop.

NEXT

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.



Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 10:11 AM   #12 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 35
OS: XP


Re: My Search Results are redirected
No you didn't suggest to remove it before but i know its not the problem because i haven't been using it. Everything was fine until i clicked on a unsafe link in google chrome. But i appreciate all your help man. Ive done most of your suggests with No Script, ATF Cleaner and WOT.

Thanks Again
Shadowkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 10:28 AM   #13 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,147
OS: XP sp3


Re: My Search Results are redirected
You are more than welcome

Stay safe

~CB
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:59 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85