[Closed] Possible malware (Google redirects when clicked on a pag

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Closed] Possible malware (Google redirects when clicked on a pag

Options

masterarchitect View Member Profile	Jul 3 2009, 03:09 AM Post #1
Authentic Member Group: Authentic Member Posts: 58 Joined: 20-March 07 Member No.: 68,926 Operating System: Windows XP	Hi there I've got two computer problems. One is my laptop.... it has been getting weird page redirects from Google whenever I searched for a page and clicked on what I want but it redirects to some other page (for example I clicked on a Spybot help forum but I got redirected to Spybot's own page for no reason). My second problem is my desktop computer where I got some popups from IE (even though I use Firefox and never touched IE) where it auto installs something that triggers opening IE and going into some online game page. Then when I tried updating Spybot, it says and error retrieving info date (or something like that) and when I tried going to Spybot's page, the page returned null (most likely blocked). It even cut off my internet access to other security sites. I think it has to do something with my Flash drive when I used it on previous occasions. I could not open Spybot on my desktop either... could it be blocked too? Could not find Hijack This on my desktop and can't transfer a new version to install from my laptop to my desktop either. Your help is greatly appreciated ( A BIG HEADACHE!!!!!) Here is the log from my laptop. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:00:35 AM, on 03/07/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\regsvr32.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sgicanada.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AcPePropertyEditorEnum] regsvr32 /s /u "C:\Users\Gent\AppData\Local\AcPePropertyEditorEnum\AcPePropertyEditorEnum.dll" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9332 bytes Thank you.

Replies

masterarchitect View Member Profile	Jul 6 2009, 11:02 AM Post #2
Authentic Member Group: Authentic Member Posts: 58 Joined: 20-March 07 Member No.: 68,926 Operating System: Windows XP	Hi there, thanks for the reply. Attached is the scan from GMER. And here is the scan from ComboFix. ComboFix 09-07-05.04 - Gent 06/07/2009 9:26.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.2.1033.18.2814.1273 [GMT -7:00] Running from: c:\users\Gent\Desktop\ComboFix.exe SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 ))))))))))))))))))))))))))))))) . 2009-07-06 15:45 . 2009-05-20 08:00 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVENG.SYS 2009-07-06 15:45 . 2009-05-20 08:00 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVEX15.SYS 2009-07-06 15:45 . 2009-05-20 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVENG32.DLL 2009-07-06 15:45 . 2009-05-20 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVEX32A.DLL 2009-07-06 15:45 . 2009-05-20 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\EECTRL.SYS 2009-07-06 15:45 . 2009-05-20 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\ECMSVR32.DLL 2009-07-06 15:45 . 2009-05-20 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\CCERASER.DLL 2009-07-06 15:45 . 2009-05-20 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\ERASER.SYS 2009-07-06 08:32 . 2009-07-06 08:32 -------- d-----w- c:\program files\7-Zip 2009-07-05 16:07 . 2009-07-05 16:07 -------- d-----w- c:\users\Gent\AppData\Roaming\Malwarebytes 2009-07-05 16:07 . 2009-07-05 16:07 -------- d-----w- c:\programdata\Malwarebytes 2009-07-05 08:33 . 2009-07-06 16:23 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-05 08:33 . 2009-07-06 16:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-07-03 07:56 . 2009-07-03 07:56 -------- d-----w- c:\program files\Trend Micro 2009-07-03 02:36 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll 2009-06-30 21:16 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll 2009-06-30 21:16 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys 2009-06-30 21:16 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys 2009-06-30 21:16 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll 2009-06-30 21:16 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys 2009-06-24 02:19 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll 2009-06-24 02:19 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys 2009-06-24 02:19 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys 2009-06-24 02:19 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll 2009-06-24 02:19 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys 2009-06-23 18:37 . 2009-06-23 18:37 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2009-06-16 08:55 . 2009-06-16 08:55 -------- d-----w- c:\users\Gent\AppData\Roaming\YoudaGames 2009-06-16 07:33 . 2009-06-16 07:33 -------- d-----w- c:\windows\Youda Marina 2009-06-16 07:33 . 2009-06-16 07:33 -------- d-----w- c:\program files\Youda Marina 2009-06-15 07:55 . 2009-06-15 07:55 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-12 02:53 . 2009-07-04 06:27 680 ----a-w- c:\users\Gent\AppData\Local\d3d9caps.dat 2009-06-10 02:11 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-10 02:11 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2009-06-10 02:11 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-09 19:00 . 2009-06-09 19:00 -------- d-----w- c:\programdata\Grass Valley 2009-06-09 18:11 . 2005-07-28 15:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys 2009-06-09 18:11 . 2006-09-21 23:22 69632 ----a-w- c:\windows\system32\cdv5codc.dll 2009-06-09 18:11 . 2002-12-02 17:42 49152 ----a-w- c:\windows\system32\cvpcdvc.dll 2009-06-09 18:11 . 2006-10-30 16:56 69632 ----a-w- c:\windows\system32\cuvccodc.dll 2009-06-09 18:11 . 2006-10-30 16:56 258048 ----a-w- c:\windows\system32\cllccodc.dll 2009-06-09 18:11 . 2006-09-21 23:22 65536 ----a-w- c:\windows\system32\cdvhcodc.dll 2009-06-09 18:11 . 2006-05-01 18:08 4096 ----a-w- c:\windows\system32\paveno.dll 2009-06-09 18:09 . 2006-03-08 22:36 1085520 ----a-w- c:\windows\system32\csedvh.dll 2009-06-09 18:09 . 2004-05-07 06:28 376832 ----a-w- c:\windows\system32\hlCDVC.dll 2009-06-09 18:09 . 2000-02-03 00:30 22528 ----a-w- c:\windows\system32\csthread.dll 2009-06-09 18:09 . 2006-11-01 17:01 69632 ----a-w- c:\windows\system32\cdvccodc.dll 2009-06-09 18:09 . 2002-11-01 01:11 385108 ----a-w- c:\windows\system32\csedv.dll 2009-06-09 18:09 . 2002-10-29 19:29 159832 ----a-w- c:\windows\system32\csccdvc.dll 2009-06-09 18:09 . 2002-05-29 17:20 147456 ----a-w- c:\windows\system32\csccdvcx.dll 2009-06-09 18:09 . 2009-06-09 18:09 -------- d-----w- c:\program files\Grass Valley 2009-06-09 18:09 . 2009-06-09 18:09 -------- d-----w- c:\program files\Common Files\Grass Valley 2009-06-09 18:06 . 2009-06-09 18:06 -------- d-----w- c:\users\Gent\AppData\Local\Apple Computer 2009-06-09 17:57 . 2009-06-09 17:58 -------- d-----w- c:\program files\QuickTime 2009-06-09 17:57 . 2009-06-09 17:57 -------- d-----w- c:\programdata\Apple Computer 2009-06-09 17:56 . 2009-06-09 17:56 -------- d-----w- c:\users\Gent\AppData\Local\Apple 2009-06-09 17:56 . 2009-06-09 17:56 -------- d-----w- c:\program files\Apple Software Update 2009-06-09 17:56 . 2009-06-09 17:56 -------- d-----w- c:\programdata\Apple 2009-06-09 08:01 . 2009-06-09 08:01 -------- d-----w- c:\programdata\Minnetonka Audio Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-06 02:12 . 2008-10-25 09:45 672380 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-06 02:12 . 2008-10-25 09:45 127578 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-03 16:12 . 2009-07-03 16:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-07-03 07:56 . 2009-05-20 09:01 -------- d-----w- c:\users\Gent\AppData\Roaming\uTorrent 2009-07-03 04:32 . 2009-05-23 07:20 -------- d-----w- c:\program files\Microsoft 2009-07-03 04:32 . 2009-05-20 07:33 -------- d-----w- c:\programdata\Microsoft Help 2009-06-23 18:44 . 2009-05-20 07:45 150288 ----a-w- c:\users\Gent\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-23 18:37 . 2009-05-20 07:32 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-22 00:16 . 2009-05-21 20:32 88648 ----a-w- c:\programdata\nvModes.dat 2009-06-15 07:54 . 2008-10-25 11:30 -------- d-----w- c:\program files\Java 2009-06-12 23:06 . 2009-05-20 07:35 -------- d-----w- c:\program files\Microsoft Works 2009-06-11 20:37 . 2009-05-24 20:25 -------- d-----w- c:\programdata\Autodesk 2009-06-11 20:37 . 2009-05-24 07:38 -------- d-----w- c:\users\Gent\AppData\Roaming\Autodesk 2009-06-09 18:11 . 2009-06-09 18:09 -------- d-----w- c:\program files\Common Files\Canopus Shared 2009-06-09 18:11 . 2008-10-25 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-09 18:10 . 2009-06-09 18:10 -------- d-----w- c:\program files\Common Files\Snell & Wilcox Shared 2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_A8CFB739A582B239DA1395.exe 2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_6FEFF9B68218417F98F549.exe 2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_32B9DA17A711D180F7570A.exe 2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_21F3885A18D238E15AAE81.exe 2009-06-04 03:17 . 2009-06-04 03:17 -------- d-----w- c:\program files\Phanku eTaxCanada 2008 2009-06-03 11:15 . 2009-06-03 11:15 -------- d-----w- c:\program files\Portrait Professional Max 6 2009-06-03 09:50 . 2009-06-03 09:50 -------- d-----w- c:\users\Gent\AppData\Roaming\Anthropics 2009-06-02 18:16 . 2008-10-25 11:09 -------- d-----w- c:\program files\Microsoft Silverlight 2009-06-02 18:04 . 2009-06-02 18:04 -------- d-----w- c:\program files\MSXML 4.0 2009-05-31 07:15 . 2009-05-31 06:56 -------- d-----w- c:\programdata\Logitech 2009-05-31 07:15 . 2009-05-31 07:15 -------- d-----w- c:\users\Gent\AppData\Roaming\Logitech 2009-05-31 07:00 . 2009-05-31 07:00 -------- d-----w- c:\users\Gent\AppData\Roaming\Leadertech 2009-05-31 07:00 . 2009-05-31 07:00 53248 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2009-05-31 07:00 . 2009-05-31 06:56 -------- d-----w- c:\program files\Common Files\Logishrd 2009-05-31 06:58 . 2009-05-31 06:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-05-31 06:55 . 2009-05-31 06:55 -------- d-----w- c:\program files\Logitech 2009-05-31 06:55 . 2009-05-31 06:55 -------- d-----w- c:\users\Gent\AppData\Roaming\InstallShield 2009-05-31 06:55 . 2009-05-31 06:55 -------- d-----w- c:\programdata\LogiShrd 2009-05-29 22:55 . 2009-05-21 21:39 -------- d-----w- c:\users\Gent\AppData\Roaming\CyberLink 2009-05-29 22:53 . 2008-10-25 10:48 -------- d-----w- c:\programdata\CyberLink 2009-05-27 00:24 . 2009-05-27 00:24 -------- d-----w- c:\program files\PowerISO 2009-05-26 11:03 . 2009-05-26 11:03 49152 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2009-05-26 11:03 . 2009-05-26 10:32 -------- d-----w- c:\program files\Common Files\Nikon 2009-05-26 10:57 . 2009-05-26 10:32 -------- d-----w- c:\program files\Nikon 2009-05-26 10:31 . 2009-05-26 10:31 -------- d-----w- c:\programdata\Ultima_T15 2009-05-26 10:31 . 2009-05-26 10:31 -------- d-----w- c:\programdata\EnterNHelp 2009-05-26 10:31 . 2009-05-26 10:31 0 ----a-w- c:\programdata\PKP_DLdy.DAT 2009-05-26 10:13 . 2009-05-26 10:13 -------- d-----w- c:\program files\Total Video Converter 2009-05-26 09:56 . 2009-05-26 09:34 -------- d-----w- c:\programdata\WinZip 2009-05-24 22:47 . 2009-05-24 21:35 -------- d-----w- c:\programdata\FLEXnet 2009-05-24 22:25 . 2009-05-24 22:25 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-05-24 22:22 . 2009-05-24 22:22 -------- d-----w- c:\program files\Adobe Media Player 2009-05-24 22:20 . 2009-05-24 22:20 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-05-24 21:40 . 2009-05-24 21:40 57344 ----a-w- c:\users\Gent\AppData\Roaming\Autodesk\ACA 2010\enu\ContextualTabSelectorRules.dll 2009-05-24 21:38 . 2009-05-24 20:26 -------- d-----w- c:\program files\AutoCAD Architecture 2010 2009-05-24 20:32 . 2009-05-24 07:10 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-05-24 20:30 . 2009-05-24 20:30 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-05-24 20:22 . 2009-05-24 07:10 -------- d-----w- c:\program files\Autodesk 2009-05-23 07:20 . 2009-05-23 07:19 -------- d-----w- c:\program files\Windows Live 2009-05-23 07:19 . 2009-05-23 07:19 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-05-23 06:54 . 2009-05-23 06:54 -------- d-----w- c:\program files\Common Files\Windows Live 2009-05-21 23:00 . 2008-10-25 10:48 -------- d-----w- c:\program files\CyberLink 2009-05-21 22:55 . 2008-10-25 10:51 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe 2009-05-21 20:46 . 2009-05-21 20:46 -------- d-----w- c:\programdata\Symantec 2009-05-21 20:26 . 2009-05-21 20:26 -------- d-----w- c:\program files\Microsoft.NET 2009-05-21 20:14 . 2009-05-21 20:13 -------- d-----w- c:\program files\MagicDisc 2009-05-21 19:50 . 2009-05-21 19:49 -------- d-----w- c:\program files\MagicISO 2009-05-21 09:53 . 2008-10-25 12:13 -------- d-----w- c:\program files\SMINST 2009-05-21 08:53 . 2009-05-20 07:55 -------- d-----w- c:\program files\Symantec 2009-05-21 08:53 . 2009-05-20 07:55 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-05-21 08:53 . 2009-05-20 07:55 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-05-21 08:53 . 2009-05-20 07:55 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-20 09:01 . 2009-05-20 09:01 -------- d-----w- c:\program files\uTorrent 2009-05-20 08:55 . 2009-05-20 08:55 167376 ----a-w- c:\users\Gent\AppData\Roaming\Mozilla\Firefox\Profiles\l5skqxo9.default\FlashGot.exe 2009-05-20 08:23 . 2009-05-20 07:55 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-05-20 08:08 . 2008-10-25 10:04 -------- d-----w- c:\programdata\WildTangent 2009-05-20 08:00 . 2009-05-21 19:36 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVENG.SYS 2009-05-20 08:00 . 2009-05-21 19:36 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVEX15.SYS 2009-05-20 08:00 . 2009-05-21 19:36 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVENG32.DLL 2009-05-20 08:00 . 2009-05-21 19:36 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVEX32A.DLL 2009-05-20 08:00 . 2009-05-21 19:36 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\EECTRL.SYS 2009-05-20 08:00 . 2009-05-21 19:36 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\ECMSVR32.DLL 2009-05-20 08:00 . 2009-05-21 19:36 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\CCERASER.DLL 2009-05-20 08:00 . 2009-05-21 19:36 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\ERASER.SYS 2009-05-20 07:59 . 2009-05-20 07:59 -------- d-----w- c:\users\Gent\AppData\Roaming\GTek 2009-05-20 07:55 . 2008-10-25 09:48 -------- d-----w- c:\programdata\Norton 2009-05-20 07:54 . 2009-05-20 07:54 -------- d-----w- c:\users\Gent\AppData\Roaming\Hewlett-Packard 2009-05-20 07:40 . 2009-05-20 07:40 -------- d-----w- c:\users\Gent\AppData\Roaming\HP TCS 2009-05-20 07:40 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2009-05-20 07:31 . 2009-05-20 07:31 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE910153Y_E508164-121_4A_I303C_SWistron_V08.49_F.35_T090217_WV2-1_L409_M2814_J250_7AMD_8F31_92.10_#090310_N168C002A;10DE0760_(NM341UA#ABC)_XMOBI LE_CN10_Z_2F.35_G10DE0845.MRK 2009-05-08 11:21 . 2009-05-08 11:21 42304 ----a-w- c:\windows\system32\fmrsslink.dll 2009-05-08 11:20 . 2009-05-08 11:20 427328 ----a-w- c:\windows\system32\TXGYMailActiveX.dll 2009-05-08 11:20 . 2009-05-08 11:20 261256 ----a-w- c:\windows\system32\TXGYMailCamera.dll 2009-04-24 16:05 . 2009-06-10 02:12 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-10 02:12 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-10 02:12 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2008-10-25 10:05 . 2008-10-25 09:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-07-05_08.02.02 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-21 14:35 . 2009-07-06 16:24 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-05-21 14:35 . 2009-07-03 04:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-05-21 14:35 . 2009-07-03 04:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-05-21 14:35 . 2009-07-06 16:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-05-21 14:35 . 2009-07-03 04:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-05-21 14:35 . 2009-07-06 16:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-05-20 08:10 . 2009-07-06 06:14 340424 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2006-11-02 10:33 . 2009-07-06 02:12 600378 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-07-05 00:35 600378 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-07-05 00:35 105852 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-07-06 02:12 105852 c:\windows\System32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] "AcPePropertyEditorEnum"="c:\users\Gent\AppData\Local\AcPePropertyEditorEnum\AcPePropertyEditorEnum.dll" [2009-06-03 118784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304] c:\users\Gent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-5-21 576000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-3 809488] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{79B4DE72-5E75-481E-858A-4D2AF261A01D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{A4DAB41D-4D79-49DF-B676-AEC868294579}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{6762B2CC-103B-4F81-9B43-E4561D2F6B79}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{178BD9E4-38EA-4475-83DC-75B273085579}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{D9D8544F-D588-4041-B755-495A28B97DE0}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8D7B994D-EB16-467A-B3DF-2069D7C78E17}"= UDP:5353:Adobe CSI CS4 "{AA05704C-FB60-4786-900B-14C02B79879D}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{68F73200-2C2E-4012-AA52-C7500505FEC9}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [21/05/2009 1:52 AM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [21/05/2009 1:52 AM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [21/05/2009 1:52 AM 482352] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys [30/06/2009 2:16 PM 292912] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [21/05/2009 1:52 AM 115560] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [25/10/2008 5:13 AM 365952] R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 4:28 PM 1533808] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/10/2008 3:01 AM 193840] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20/05/2009 1:00 AM 101936] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 12:17 PM 43040] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [21/05/2009 1:52 AM 39984] --- Other Services/Drivers In Memory --- NewlyCreated - AUJASNKJ Deregistered - aujasnkj [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sgicanada.org/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Gent\AppData\Roaming\Mozilla\Firefox\Profiles\l5skqxo9.default\ FF - prefs.js: browser.search.selectedEngine - YouTube Video Search FF - prefs.js: browser.startup.homepage - www.sgicanada.org FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-06 09:36 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(5124) c:\users\Gent\AppData\Local\AcPePropertyEditorEnum\AcPePropertyEditorEnum.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2009-07-06 9:40 ComboFix-quarantined-files.txt 2009-07-06 16:40 ComboFix2.txt 2009-07-05 08:05 Pre-Run: 109,119,684,608 bytes free Post-Run: 109,101,092,864 bytes free 296 --- E O F --- 2009-07-03 04:35

Posts in this topic

masterarchitect [Closed] Possible malware (Google redirects when clicked on a pag Jul 3 2009, 03:09 AM

masterarchitect Can anybody please help me on this? Thank you. Jul 5 2009, 05:00 PM

CatByte Hi and Welcome, NOTE:Malware removal is NOT insta... Jul 5 2009, 07:05 PM

masterarchitect I am posting and attaching the results from the St... Jul 6 2009, 02:42 AM

CatByte Hi, You can try zipping the GMER.txt and attachin... Jul 6 2009, 05:58 AM

masterarchitect Hi there, thanks for the reply. Attached is the sc... Jul 6 2009, 11:02 AM

masterarchitect Here's the scan from GooredFix: GooredFix by ... Jul 6 2009, 11:04 AM

CatByte No, that's OK the GMER scan didn't attach... Jul 6 2009, 11:19 AM

masterarchitect here is the GMER scan GMER 1.0.15.14972 - http:/... Jul 6 2009, 11:44 AM

CatByte Ok, sorry, I'm not really making myself clear... Jul 6 2009, 11:50 AM

masterarchitect The underlying issues with my laptop are still bei... Jul 6 2009, 11:50 AM

CatByte Hi, Please do the following: Please open your Ma... Jul 6 2009, 11:53 AM

masterarchitect MBAM log: Malwarebytes' Anti-Malware 1.38 Dat... Jul 6 2009, 12:44 PM

masterarchitect I also have previous logs....: Malwarebytes' ... Jul 6 2009, 12:46 PM

CatByte OK, thank-you Please continue with the kaspersky ... Jul 6 2009, 12:54 PM

masterarchitect Here is the Kaspersky scan. Jul 6 2009, 06:06 PM

CatByte Well, the laptop is clean, lets clean up the lapt... Jul 6 2009, 06:33 PM

masterarchitect Actually for some reason I still do have that prob... Jul 6 2009, 07:03 PM

CatByte Hi, does this redirection also happen when you us... Jul 6 2009, 07:30 PM

masterarchitect It happens in both IE and Firefox. After using Hos... Jul 6 2009, 11:21 PM

CatByte that will reset your hosts file and should stop th... Jul 6 2009, 11:23 PM

masterarchitect Everything seems to be working normally now (at th... Jul 7 2009, 12:37 AM

CatByte OK good, Use that one as normal and advise after ... Jul 7 2009, 04:44 AM

masterarchitect For some reason my desktop is not able to connect ... Jul 9 2009, 01:29 AM

CatByte Can you log onto the desktop in safemode with netw... Jul 9 2009, 01:39 AM

masterarchitect QUOTE (CatByte @ Jul 9 2009, 12:39 AM) Ca... Jul 13 2009, 02:10 AM

masterarchitect QUOTE (masterarchitect @ Jul 13 2009, 01... Jul 13 2009, 12:51 PM

masterarchitect What is the keyboard shortcut for logging in to Sa... Jul 10 2009, 04:16 PM

masterarchitect I tried finding HJT on my computer but it doesn... Jul 10 2009, 04:17 PM

masterarchitect And BTW, I still am getting redirects on my laptop... Jul 10 2009, 04:24 PM

CatByte To Enter Safemode Go to Start> Shut off your C... Jul 10 2009, 04:55 PM

CatByte Hi, Run this program on the laptop: Download and... Jul 10 2009, 04:58 PM

CatByte Hi, HJT was probably installed in your root direc... Jul 13 2009, 06:45 AM

CatByte what is the status of the computer now...are you a... Jul 13 2009, 01:14 PM

masterarchitect QUOTE (CatByte @ Jul 13 2009, 12:14 PM) w... Jul 13 2009, 02:20 PM

masterarchitect QUOTE (CatByte @ Jul 13 2009, 12:14 PM) w... Jul 13 2009, 02:21 PM

CatByte QUOTE Do I still have to do the next steps as you ... Jul 13 2009, 03:38 PM

masterarchitect QUOTE (CatByte @ Jul 13 2009, 02:38 PM) Q... Jul 14 2009, 04:13 PM

CatByte Try searcing for HJt in windows explorer (windows ... Jul 14 2009, 04:30 PM

masterarchitect QUOTE (CatByte @ Jul 14 2009, 03:30 PM) T... Jul 14 2009, 11:50 PM

masterarchitect OK... I managed to open a DDS scan on my desktop (... Jul 15 2009, 02:01 AM

masterarchitect However, I have some difficulty opening HJT (the T... Jul 15 2009, 02:09 AM

CatByte Hi, Please do the following: Open Notepad Click... Jul 15 2009, 05:20 AM

masterarchitect QUOTE (CatByte @ Jul 15 2009, 04:20 AM) H... Jul 16 2009, 10:39 AM

masterarchitect QUOTE (CatByte @ Jul 15 2009, 04:20 AM) H... Jul 16 2009, 12:09 PM

masterarchitect Hi, Here is the log from Super AntiSpyware for th... Jul 16 2009, 09:51 AM

masterarchitect I am now working on your instructions regarding Co... Jul 16 2009, 09:52 AM

CatByte RE: [Closed] Possible malware (Google redirects when clicked on a pag Jul 16 2009, 09:56 AM

masterarchitect Still not shutting down........... Jul 16 2009, 10:52 AM

CatByte Hi, give it a hard reboot (hold down the power but... Jul 16 2009, 11:22 AM

masterarchitect QUOTE (CatByte @ Jul 16 2009, 10:22 AM) H... Jul 16 2009, 11:37 AM

CatByte If you are using Firefox, make sure that your down... Jul 16 2009, 12:37 PM

masterarchitect I have a problem connecting to the internet in nor... Jul 16 2009, 01:11 PM

CatByte Hi, Try this Start, Programs\Accessories an... Jul 16 2009, 01:24 PM

masterarchitect QUOTE (CatByte @ Jul 16 2009, 12:24 PM) H... Jul 16 2009, 01:50 PM

masterarchitect QUOTE (CatByte @ Jul 16 2009, 12:24 PM) H... Jul 16 2009, 01:56 PM

CatByte you could try uninstalling then reinstalling AVG o... Jul 16 2009, 01:53 PM

masterarchitect QUOTE (CatByte @ Jul 16 2009, 12:53 PM) y... Jul 16 2009, 02:02 PM

CatByte Ok...reboot, try running ComboFix in safe mode (... Jul 16 2009, 01:58 PM

masterarchitect Sorry for the quotes. Just trying to be cooperativ... Jul 16 2009, 02:04 PM

CatByte No problem, try running ComboFix in safe mode..as ... Jul 16 2009, 02:56 PM

masterarchitect I'm getting a message stating that "This ... Jul 16 2009, 03:05 PM

CatByte We will have to manage with out it right now, the ... Jul 16 2009, 03:22 PM

masterarchitect I have run ComboFix and it has detected rootkit ac... Jul 16 2009, 04:35 PM

CatByte ComboFix will reboot the machine, when it boots ba... Jul 16 2009, 06:48 PM

masterarchitect I got this when I started up in normal mode: Prep... Jul 16 2009, 11:33 PM

masterarchitect Here is the ComboFix log: ComboFix 09-07-14.08 - ... Jul 17 2009, 12:12 AM

CatByte Hi, QUOTE Is this the way it should behave? yes,... Jul 17 2009, 05:44 AM

masterarchitect I was able to see the link and power lights again ... Jul 17 2009, 03:42 PM

CatByte yes please please also run the MalwareBytes prog... Jul 17 2009, 03:42 PM

masterarchitect Question.... do I drag the CFScript into "Com... Jul 17 2009, 04:27 PM

CatByte Hi, whichever is the newest ComboFix - the older ... Jul 17 2009, 04:58 PM

masterarchitect Oh no, I just had a confusion with the animation w... Jul 17 2009, 05:29 PM

masterarchitect I still don't have internet access yet. So I a... Jul 17 2009, 05:33 PM

masterarchitect Here is the malwarebytes log (without updates): C... Jul 17 2009, 05:43 PM

CatByte Hi, that's the same ComboFix log Jul 17 2009, 05:47 PM

masterarchitect But I ran the ComboFix as you told me to...? It... Jul 17 2009, 05:55 PM

masterarchitect Or I didn't copy and paste the code right? Jul 17 2009, 05:56 PM

CatByte No, you did that correctly. There was another req... Jul 17 2009, 05:58 PM

masterarchitect I actually downloaded Malwarebytes from my laptop ... Jul 17 2009, 06:04 PM

masterarchitect I guess I'll post the Malwarebytes log again. ... Jul 17 2009, 06:04 PM

CatByte Thank-you for posting the Malwarebytes log. what ... Jul 17 2009, 06:21 PM

masterarchitect I still do not have access to the internet after t... Jul 17 2009, 06:39 PM

masterarchitect second scan reveals no new threats. Should I conti... Jul 17 2009, 06:43 PM

CatByte yes please...hopefully one of the steps will resol... Jul 17 2009, 06:43 PM

masterarchitect Sorry I have been dormant in this forum for the pa... Jul 22 2009, 09:59 PM

CatByte RE: [Closed] Possible malware (Google redirects when clicked on a pag Jul 22 2009, 10:32 PM

masterarchitect Hi there, sorry for the really late attempt. I jus... Jul 29 2009, 02:08 AM

CatByte Try this Press Start > Run type CMD in the ... Jul 29 2009, 04:22 AM

masterarchitect Hi there, I am finally back.... and for some reaso... Aug 5 2009, 11:45 PM

CatByte Hi, It is certainly sounding more like a hardware... Aug 6 2009, 05:02 AM

masterarchitect Ok.... On a side note, I'm noticing the redi... Aug 6 2009, 12:01 PM

CatByte If all these computers are on the same network or ... Aug 6 2009, 12:30 PM

CatByte Due to inactivity this topic will be closed. If yo... Aug 18 2009, 02:56 PM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Security advisories and vulnerabilities info SPAM frauds, fakes, and other MALWARE deliveries... 123	268	AplusWebMaster	19,723	Yesterday, 06:33 PM Last post by: AplusWebMaster
Infections Removal Google Redirect Virus	4	ladykrimson	93	Yesterday, 06:16 PM Last post by: ladykrimson
Infections Removal Firefox google redirect and random popups	0	chaoticflash	26	Yesterday, 05:08 PM Last post by: chaoticflash
Infections Removal Google Redirect - help with hijackthis	5	tomryan222	70	Yesterday, 04:52 PM Last post by: oldman960