I get redirected any time I use a search engine

**cavaliermarc** · 2009-03-18, 00:49

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:00 PM, on 3/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{188BA0EB-1DED-49FD-9A15-6C7E23508A09}: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6210 bytes

**pskelley** · 2009-03-18, 15:16

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Pinned (sticky) to the top of this forum, and posted above are the directions, make sure you have read and followed them.

85.255.112.188 <<< here is a look at the Ukrainian criminals who are redirecting you.
http://whois.domaintools.com/85.255.112.188

We will start with MBAM and see how it goes.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

http://www.besttechie.net/mbam/mbam-setup.exe <<< download

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum...ware-mbam.html

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg

Thanks

**cavaliermarc** · 2009-03-18, 20:57

I downloaded the malware program and installed, but when I run it nothing happens. I also just noticed that I can not update my AVG free, could what ever is affecting my computer be stopping me from running these programs? And thank you for helping me.

**pskelley** · 2009-03-18, 21:36

It's likely the junk the hackers put on your computer. Try booting into safe mode and running MBAM there.

http://spyware-free.us/tutorials/safemode/

Thanks

**cavaliermarc** · 2009-03-18, 22:00

It would not run in safe mode either

**pskelley** · 2009-03-18, 22:07

First delete anything you how downloaded so far, since it is not installed, right click and choose delete.

Try renaming the .exe before you save it to the Desktop, like this.

1) http://www.besttechie.net/mbam/mbam-setup.exe <<< click the link

2) Choose "Save this file now"

3) Make sure "Save in" says Desktop

4) File name: Change that to mbam-setup.cavaliermarc.exe

5) Click save

6) Follow the instructions posted earlier.

Thanks

**cavaliermarc** · 2009-03-18, 22:14

I did as you said, it goes through the installation, puts an icon on my desktop and shows up in add remove programs to uninstall. It just doesn't do any thing when i click to run it, I even opened task manager to see if it starts and then closes, but nothing happens.

**pskelley** · 2009-03-18, 22:21

OK, we will try another program first. You must understand, if you can not run the tools we need to use, I very likely not be able to help you. You should also realize reformat is also an option.
http://spyware-free.us/tutorials/reformat/
http://www.cyberwalker.net/faqs/how-...stall-faq.html
http://helpdesk.its.uiowa.edu/window...s/reformat.htm

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/comb...o-use-combofix

Thanks

**cavaliermarc** · 2009-03-18, 22:45

ComboFix 09-03-15.01 - kc 2009-03-18 15:36:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1358 [GMT -6:00]
Running from: c:\documents and settings\kc\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycler\S-2-5-39-100027701-100010435-100027552-1774.com
c:\windows\system32\drivers\gaopdxapkibpnosdoymuvohomqptbqgxlhyirj.sys
c:\windows\system32\drivers\gaopdxqucvaieanlgcrvobuhrcfudtdhnbbwkt.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxdydehnkttltkdswqugylkxwhrjgyodyq.dll
D:\Autorun.inf
d:\recycler\S-2-5-39-100027701-100010435-100027552-1774.com
d:\recycler\S-9-2-37-100029590-100006660-100007661-1008.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 15:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-17 17:44 . 2009-03-17 17:44 <DIR> d-------- c:\program files\ERUNT
2009-03-17 16:51 . 2009-03-17 17:02 <DIR> d-------- c:\documents and settings\kc\Application Data\W Photo Studio
2009-03-17 16:50 . 2009-03-17 16:50 <DIR> d-------- c:\program files\Walgreens
2009-03-17 16:50 . 2009-03-17 16:50 <DIR> d-------- c:\program files\Common Files\HP
2009-03-17 16:50 . 2009-03-17 16:50 <DIR> d-------- c:\documents and settings\kc\Application Data\Walgreens
2009-03-17 16:50 . 2009-03-17 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Walgreens
2009-03-17 11:24 . 2009-03-17 11:24 <DIR> d-------- c:\program files\Safari
2009-03-16 21:43 . 2009-03-16 21:43 29 --a------ c:\windows\DEBUGSM.INI
2009-03-16 21:38 . 2009-03-16 21:40 <DIR> d-------- c:\program files\EPSON
2009-03-16 21:38 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-03-16 21:38 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll
2009-03-16 21:38 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL
2009-03-16 21:38 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin
2009-03-16 21:38 . 2001-03-18 15:16 1,571 --a------ c:\windows\Faxcpp1.ini
2009-03-16 21:38 . 2001-03-18 15:16 422 --a------ c:\windows\Faxcpp.ini
2009-03-16 21:38 . 1999-08-09 23:50 72 --a------ c:\windows\system32\epDPE.ini
2009-03-16 21:36 . 2009-03-16 21:41 219 --a------ c:\windows\EPSON 1250 Installer.ini
2009-03-15 17:54 . 2009-03-15 17:54 <DIR> d-------- c:\documents and settings\Games\Application Data\Sunbelt
2009-03-13 23:44 . 2009-03-13 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2009-03-13 23:19 . 2009-03-13 23:19 <DIR> d-------- c:\program files\Trend Micro
2009-03-11 14:37 . 2009-01-18 15:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-11 12:28 . 2009-03-11 12:28 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 12:28 . 2009-01-18 15:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-11 12:27 . 2009-03-11 12:27 <DIR> d-------- c:\program files\Lavasoft
2009-03-11 12:27 . 2009-03-11 12:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-11 12:14 . 2009-03-17 14:26 36 -r-h----- c:\windows\sued.dat
2009-03-10 20:10 . 2009-03-10 20:10 <DIR> d-------- c:\documents and settings\kc\Application Data\HDRsoft
2009-03-10 19:27 . 2009-03-16 22:28 6,656 --a------ C:\palm.grf
2009-03-10 19:26 . 2009-03-10 19:26 <DIR> d-------- c:\program files\PhotomatixPro3
2009-03-10 16:58 . 2009-03-11 17:22 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-09 16:17 . 2009-03-09 16:17 <DIR> d-------- c:\documents and settings\Games\Application Data\MySpace
2009-03-09 14:29 . 2009-03-09 14:29 667,914 --a------ c:\windows\unins000.exe
2009-03-09 14:29 . 2009-03-09 14:29 883 --a------ c:\windows\unins000.dat
2009-03-09 13:58 . 2009-03-09 13:58 <DIR> d-------- c:\documents and settings\kc\Application Data\MySpace
2009-03-08 19:19 . 2009-03-08 19:20 <DIR> d-------- c:\program files\Any Video Converter
2009-03-08 19:19 . 2009-03-09 11:04 <DIR> d-------- c:\documents and settings\kc\Application Data\Any Video Converter
2009-03-08 19:01 . 2009-03-08 19:01 <DIR> d-------- c:\documents and settings\kc\Application Data\dvdcss
2009-03-08 19:00 . 2007-09-17 03:34 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-03-08 19:00 . 2007-09-17 03:34 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-03-08 18:38 . 2009-03-08 18:38 <DIR> d-------- c:\program files\Red Kawa
2009-03-08 18:38 . 2009-03-08 18:38 <DIR> d-------- c:\program files\AviSynth 2.5
2009-03-07 23:33 . 2009-03-07 23:33 <DIR> d-------- c:\program files\Illustrate
2009-03-07 23:33 . 2009-03-07 23:33 167,936 --a------ c:\windows\system32\SpoonUninstall.exe
2009-03-07 23:33 . 2009-03-07 23:32 27,958 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2009-03-07 23:33 . 2009-03-07 23:33 17,871 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-03-07 19:19 . 2009-03-07 19:19 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-07 19:19 . 2009-03-07 19:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-07 19:18 . 2009-03-10 19:46 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-07 19:18 . 2009-03-07 19:18 <DIR> d-------- c:\program files\AVG
2009-03-07 19:18 . 2009-03-07 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-07 19:18 . 2009-03-07 19:18 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-03 13:47 . 2009-03-11 16:34 <DIR> d-------- c:\program files\Incomplete
2009-03-02 09:42 . 2009-03-02 09:42 <DIR> d-------- c:\windows\.jagex_cache_32
2009-03-02 09:42 . 2009-03-02 09:44 34 --a------ c:\documents and settings\kc\jagex_runescape_preferences.dat
2009-02-27 12:42 . 2009-02-27 12:42 <DIR> d-------- c:\documents and settings\Games\Application Data\HotSync
2009-02-26 11:42 . 2009-02-26 11:42 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-25 13:06 . 2009-02-25 13:06 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-25 11:58 . 2009-02-25 11:58 <DIR> d-------- c:\program files\Common Files\Crystal Decisions
2009-02-25 11:57 . 2009-02-25 11:57 <DIR> d-------- c:\program files\Common Files\Nova Development
2009-02-25 11:56 . 2009-02-25 11:56 <DIR> d-------- c:\program files\Ideasoft
2009-02-25 11:35 . 2009-02-25 11:35 <DIR> d-------- c:\documents and settings\kc\Application Data\Canon
2009-02-25 11:32 . 2009-02-25 11:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-02-25 11:20 . 2009-02-25 11:20 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2009-02-25 11:20 . 2009-02-25 11:20 <DIR> d--h----- c:\program files\CanonBJ
2009-02-25 11:20 . 2007-10-21 23:00 223,744 --a------ c:\windows\system32\CNMLM97.DLL
2009-02-25 11:19 . 2009-02-25 11:32 <DIR> d-------- c:\program files\Canon
2009-02-24 13:34 . 2007-12-04 18:10 16,640 -ra------ c:\windows\system32\drivers\PalmUSBD.sys
2009-02-24 13:33 . 2009-02-24 13:33 <DIR> d-------- c:\documents and settings\kc\Application Data\Arcsoft
2009-02-24 13:32 . 2009-02-24 13:32 <DIR> d-------- c:\documents and settings\kc\Application Data\HotSync
2009-02-24 13:32 . 2009-02-24 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\HotSync
2009-02-24 13:31 . 2009-02-24 13:33 <DIR> d-------- c:\program files\Palm
2009-02-20 11:12 . 2009-02-20 11:12 <DIR> d-------- c:\documents and settings\Games\Application Data\ATI
2009-02-20 11:12 . 2009-03-13 23:33 <DIR> d-------- c:\documents and settings\Games
2009-02-20 01:03 . 2009-02-20 01:04 <DIR> d-------- c:\program files\Vertus Play With Pictures
2009-02-20 00:29 . 2009-02-20 00:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-19 14:23 . 2009-02-28 03:08 23 --a------ c:\windows\BlendSettings.ini
2009-02-19 14:09 . 2009-02-19 14:09 <DIR> d-------- c:\program files\Bethesda Softworks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 03:38 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-03-18 03:38 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-03-17 21:33 --------- d-----w c:\program files\Common Files\Adobe
2009-03-17 03:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 06:05 --------- d-----w c:\program files\PeerGuardian2
2009-03-14 06:05 --------- d-----w c:\program files\LimeWire
2009-03-11 22:21 --------- d-----w c:\documents and settings\kc\Application Data\LimeWire
2009-03-09 19:58 --------- d-----w c:\program files\MySpace
2009-03-09 16:05 --------- d-----w c:\documents and settings\kc\Application Data\OpenOffice.org2
2009-03-09 01:00 --------- d-----w c:\documents and settings\kc\Application Data\GetRightToGo
2009-03-05 03:27 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-25 19:06 --------- d-----w c:\program files\Google
2009-02-22 07:18 --------- d-----w c:\documents and settings\kc\Application Data\.purple
2009-02-20 06:25 --------- d-----w c:\program files\ATI Technologies
2009-02-06 06:54 --------- d-----w c:\documents and settings\kc\Application Data\Apple Computer
2009-01-30 19:00 57,344 ----a-w c:\windows\system32\ASTSRV.EXE
2009-01-25 00:12 --------- d-----w c:\program files\QuickTime
2009-01-25 00:12 --------- d-----w c:\program files\iTunes
2009-01-25 00:12 --------- d-----w c:\program files\iPod
2009-01-25 00:12 --------- d-----w c:\program files\Common Files\Apple
2009-01-25 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll
2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2009-01-14 04:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll
2009-01-14 04:36 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll
2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-01-14 04:34 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll
2009-01-14 04:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll
2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll
2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll
2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2009-01-14 03:37 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-09-06 14:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090620080907\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"="c:\program files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe" [2008-03-05 384512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-07 1932568]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-03-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-07 19:19 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^kc^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\kc\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 18:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-14 04:36 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"astcc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-11 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-07 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-07 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-07 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-07 298264]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{446dd4c3-9df1-11dc-9d85-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53095980-478f-11dd-9c2f-0015f2457aca}]
\Shell\AutoRun\command - G:\podcastready.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:34]

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send Image to Phone - http://www.freeringers.net/ezimage.php
FF - ProfilePath - c:\documents and settings\kc\Application Data\Mozilla\Firefox\Profiles\648zimzo.default\
FF - prefs.js: browser.search.selectedEngine - MySpace.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&skin=http%3A%2F%2Fwww.daylightmap.com%2Ftheme%2Flive_planet_n.xml
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 15:40:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-18 15:42:03
ComboFix-quarantined-files.txt 2009-03-18 21:41:08

Pre-Run: 23,803,240,448 bytes free
Post-Run: 26,186,280,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

298 --- E O F --- 2009-02-17 07:43:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:20 PM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5164 bytes

**pskelley** · 2009-03-18, 22:57

That should have given you some relief, we have more to do. Please see this:

LimeWire <<< all p2p programs must be uninstalled.
File Sharing, otherwise known as Peer To Peer. (P2P)
http://forums.spybot.info/showthread.php?t=282

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

Please post the uninstall list I requested earlier in instuction #3.

Thanks

Thread: I get redirected any time I use a search engine

Thread Tools

Display

Hybrid View

I get redirected any time I use a search engine

Posting Permissions