Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Help! i.i.com.com page redirecting!!

  1. #1
    Junior Member blueberryd's Avatar
    Join Date
    Jan 2008
    Location
    USA
    Posts
    18

    Default Help! i.i.com.com page redirecting!!

    I'm sorry I didn't follow directions accurately in first posting- so this is now accurate info- (merge with old Title, "Need advice" thank you) - I was going to add this as a reply, but I don't want someone to think I'm already being helped - just trying to get accurate info on my error(s) Edit http://forums.spybot.info/showthread.php?t=59229

    I disabled teatime, and made msconfig normal start, instead of selective - here is the DDS-

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by ** at 14:38:51.14 on Tue 08/31/2010
    Internet Explorer: 8.0.6001.18943
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1095 [GMT -7:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Starfield\offSyncService.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\Browser Guard 2010\BGUI.exe
    C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
    C:\Program Files\IObit\IObit Security 360\is360tray.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Starfield\wben.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\Browser Guard 2010\tmiegsrv.exe
    C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Users\Waitin4Interest\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://www.search.com
    uStart Page = hxxp://www.search.com/
    uLocal Page = about:blank
    uSearch Page = about:blank
    mStart Page = about:blank
    mDefault_Page_URL = about:blank
    mDefault_Search_URL = about:blank
    mSearch Page = about:blank
    mLocal Page = about:blank
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - c:\program files\trend micro\browser guard 2010\TMAMS.dll
    TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - c:\program files\trend micro\browser guard 2010\tmeig.dll
    uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
    uRun: [wben] "c:\program files\starfield\wben.exe"
    mRun: [Trend Micro Browser Guard v2.0 Beta] "c:\program files\trend micro\browser guard 2010\BGUI.EXE"
    mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
    mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    StartupFolder: c:\users\waitin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\waitin4interest\appdata\roaming\microsoft\windows\start menu\programs\startup\Reconnect.url
    StartupFolder: c:\users\waitin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{e7875036-3cfc-4f0f-a470-8eadffe43f6c}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: microsoft.com\update
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://drpitcairn.webex.com/client/T27LB/webex/ieatgpc1.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\waitin~1\appdata\roaming\mozilla\firefox\profiles\cn71hvwq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.search.com/
    FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\waitin4interest\appdata\roaming\mozilla\plugins\npoff.dll
    FF - plugin: c:\users\waitin4interest\appdata\roaming\mozilla\plugins\npoff.dll
    FF - plugin: c:\users\waitin4interest\appdata\roaming\mozilla\plugins\npwbe.dll
    FF - plugin: c:\users\waitin4interest\appdata\roaming\mozilla\plugins\npwbe.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2010-8-28 28184]
    R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1310960]
    R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-8-28 312152]
    R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-8-27 582992]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-29 1153368]
    R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-8-27 206608]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2010-8-22 39048]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-8-27 206608]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-08-30 15:40:36 65536 --sha-w- c:\users\waitin4interest\NTUSER.DAT{ebd433e2-b3d3-11df-b773-001422f3b827}.TM.blf
    2010-08-30 15:40:36 524288 --sha-w- c:\users\waitin4interest\NTUSER.DAT{ebd433e2-b3d3-11df-b773-001422f3b827}.TMContainer00000000000000000002.regtrans-ms
    2010-08-30 15:40:36 524288 --sha-w- c:\users\waitin4interest\NTUSER.DAT{ebd433e2-b3d3-11df-b773-001422f3b827}.TMContainer00000000000000000001.regtrans-ms
    2010-08-30 04:19:03 262144 ---ha-w- c:\users\waitin4interest\NTUSER.tmp.LOG1
    2010-08-30 04:19:03 0 ---ha-w- c:\users\waitin4interest\NTUSER.tmp.LOG2
    2010-08-30 03:42:34 0 d-----w- c:\program files\Safer Networking
    2010-08-30 00:16:10 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-08-30 00:16:10 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-29 06:41:44 0 d-----w- c:\users\waitin~1\appdata\roaming\Colasoft MAC Scanner
    2010-08-29 06:41:44 0 d-----w- c:\program files\common files\Colasoft Shared
    2010-08-29 06:41:43 0 d-----w- c:\users\waitin~1\appdata\roaming\Colasoft Capsa 7 Free
    2010-08-29 06:41:43 0 d-----w- c:\programdata\Colasoft Capsa 7 Free
    2010-08-29 06:40:39 28184 ----a-w- c:\windows\system32\drivers\CSN5PDTS82.sys
    2010-08-29 06:40:35 0 d-----w- c:\program files\Colasoft Capsa 7 Free Edition
    2010-08-29 06:38:37 0 d-----w- c:\users\waitin~1\appdata\roaming\Malwarebytes
    2010-08-29 06:38:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-29 06:38:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-29 06:38:19 0 d-----w- c:\programdata\Malwarebytes
    2010-08-29 06:38:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-29 06:14:27 0 d-----w- c:\program files\Microsoft Analysis Services
    2010-08-29 06:13:34 0 d-----w- c:\programdata\Microsoft Help
    2010-08-29 01:01:50 0 d-----w- c:\users\waitin~1\appdata\roaming\IObit
    2010-08-29 01:01:49 0 d-----w- c:\programdata\IObit
    2010-08-29 01:01:47 0 d-----w- c:\program files\IObit
    2010-08-28 16:19:24 856064 ----a-w- c:\windows\system32\XpsFilt.dll
    2010-08-28 16:19:24 74748 ----a-w- c:\windows\system32\xpsrchvw.xml
    2010-08-28 16:19:24 4637520 ----a-w- c:\windows\system32\xpsrchvw.exe
    2010-08-28 16:19:24 31444 ----a-w- c:\windows\system32\xpsrchvw.chm
    2010-08-28 01:50:50 0 d-----w- c:\windows\pss
    2010-08-27 15:49:28 0 ----a-w- c:\users\waitin~1\appdata\roaming\wklnhst.dat
    2010-08-27 14:51:23 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-08-27 14:51:23 0 d-----w- c:\windows\system32\log
    2010-08-27 14:44:08 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
    2010-08-25 23:38:22 0 d-----w- c:\program files\Flash4D Flash Intro Builder
    2010-08-25 20:47:37 0 d-----w- c:\programdata\Citrix
    2010-08-25 20:46:56 0 d-----w- c:\program files\Citrix
    2010-08-25 20:46:37 103784 ----a-w- c:\users\waitin4interest\GoToAssistDownloadHelper.exe
    2010-08-25 14:49:41 856064 ----a-w- c:\windows\system32\swfgen.dll
    2010-08-25 02:36:33 0 d-----w- c:\users\waitin4interest\Tracing
    2010-08-25 02:34:13 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-08-25 02:34:10 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-08-25 02:33:22 0 d-----w- c:\program files\Microsoft
    2010-08-25 02:33:06 0 d-----w- c:\program files\Windows Live SkyDrive
    2010-08-25 02:32:37 0 d-----w- c:\windows\PCHEALTH
    2010-08-25 00:57:14 0 d-----w- c:\users\waitin~1\appdata\roaming\webex
    2010-08-25 00:56:30 0 d-----w- c:\programdata\WebEx
    2010-08-25 00:54:49 0 d-----w- c:\programdata\Apple Computer
    2010-08-25 00:51:20 0 d-----w- c:\programdata\Apple
    2010-08-25 00:36:31 0 d-----w- c:\program files\common files\Windows Live
    2010-08-25 00:22:25 54156 ---ha-w- c:\windows\QTFont.qfn
    2010-08-25 00:22:25 1409 ----a-w- c:\windows\QTFont.for
    2010-08-24 21:34:58 65536 ------w- c:\windows\system32\Ikeext.etl
    2010-08-24 07:00:05 22 ----a-w- c:\windows\kodakpcd.ini
    2010-08-24 02:40:31 0 d-----w- C:\temp
    2010-08-24 02:12:11 0 d-----w- c:\users\waitin4interest\LapNet
    2010-08-23 21:08:38 0 d-----w- c:\program files\Windows Portable Devices
    2010-08-23 21:08:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2010-08-23 21:08:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2010-08-23 20:27:59 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2010-08-23 20:26:10 389120 ----a-w- c:\windows\system32\igxpun.exe
    2010-08-23 20:26:10 121232 ----a-w- c:\windows\system32\IScrNBR.bmp
    2010-08-23 20:26:10 121232 ----a-w- c:\windows\system32\IScrNB.bmp
    2010-08-23 20:07:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-08-23 20:07:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-08-23 20:07:53 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-08-23 19:54:06 0 d-----w- c:\program files\MSXML 4.0
    2010-08-23 08:52:28 0 d-----w- c:\users\waitin~1\appdata\roaming\Hallmark
    2010-08-23 08:35:59 22912 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
    2010-08-23 08:35:59 21248 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
    2010-08-23 08:35:59 12672 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
    2010-08-23 08:35:58 0 d-----w- c:\program files\LG Electronics
    2010-08-23 08:33:13 0 d-----w- c:\programdata\InstallShield
    2010-08-23 08:32:55 0 d-----w- c:\programdata\Sonic
    2010-08-23 08:32:15 0 d-----w- c:\program files\common files\SureThing Shared
    2010-08-23 08:32:07 120 ----a-w- c:\windows\wininit.ini
    2010-08-23 08:29:59 0 d-----w- c:\programdata\Roxio
    2010-08-23 08:29:58 0 d-----w- c:\program files\common files\Sonic Shared
    2010-08-23 08:28:39 0 d-----w- c:\program files\Roxio
    2010-08-23 08:26:28 0 d-----w- c:\programdata\QuickTime
    2010-08-23 08:26:23 0 d-----w- c:\windows\system32\BWKDLogs
    2010-08-23 08:26:17 0 d-----w- c:\program files\common files\Kodak
    2010-08-23 08:26:10 0 d-----w- C:\KPCMS
    2010-08-23 08:26:08 0 d-----w- c:\windows\system32\color
    2010-08-23 08:25:20 0 d-----w- c:\program files\Kodak
    2010-08-23 08:25:20 0 d-----w- c:\program files\common files\MSSoap
    2010-08-23 08:24:08 0 d-----w- c:\programdata\Kodak
    2010-08-23 07:20:11 0 ----a-w- c:\windows\DVEdit.INI
    2010-08-23 06:43:32 252981211 ----a-w- c:\windows\MEMORY.DMP
    2010-08-23 06:25:32 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
    2010-08-23 06:25:31 0 d-----w- c:\program files\common files\PX Storage Engine
    2010-08-23 06:24:40 31744 ----a-w- c:\windows\system32\drivers\ICDSX.sys
    2010-08-23 06:22:16 39048 ----a-w- c:\windows\system32\drivers\IcdUsb2.sys
    2010-08-23 06:22:14 122880 ------w- c:\windows\system32\trc.dll
    2010-08-23 06:21:14 0 d-----w- c:\program files\Sony
    2010-08-22 23:44:27 0 d-----w- c:\users\waitin~1\appdata\roaming\Avanquest
    2010-08-20 22:52:40 0 d-----w- c:\users\waitin~1\appdata\roaming\OpenOffice.org
    2010-08-20 22:47:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2010-08-20 22:32:32 0 d-----w- c:\program files\JRE
    2010-08-20 22:32:29 0 d-----w- c:\program files\OpenOffice.org 3
    2010-08-20 19:48:31 0 d-----w- c:\users\waitin~1\appdata\roaming\Smith Micro
    2010-08-20 19:18:25 0 d-----w- c:\programdata\Browser Guard 2010
    2010-08-20 19:18:25 0 d-----w- c:\program files\Trend Micro
    2010-08-20 17:17:23 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-08-20 16:43:59 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-08-20 09:04:47 72704 ----a-w- c:\windows\system32\admparse.dll
    2010-08-20 08:50:36 0 d-----w- c:\windows\system32\vi-VN
    2010-08-20 08:50:36 0 d-----w- c:\windows\system32\eu-ES
    2010-08-20 08:50:36 0 d-----w- c:\windows\system32\ca-ES
    2010-08-20 08:28:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2010-08-20 07:39:47 0 d-----w- c:\users\waitin4interest\Bluetooth Software
    2010-08-20 07:39:40 12 ----a-w- c:\windows\bthservsdp.dat
    2010-08-20 07:23:57 0 d-----w- c:\users\waitin~1\appdata\roaming\Verizon Wireless
    2010-08-20 05:51:04 0 d-----w- c:\program files\Starfield
    2010-08-20 00:09:19 0 d-----w- c:\programdata\WEngineLite
    2010-08-20 00:09:19 0 d-----w- c:\programdata\Verizon Wireless
    2010-08-20 00:09:19 0 d-----w- c:\program files\Verizon Wireless
    2010-08-20 00:08:33 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
    2010-08-20 00:08:33 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
    2010-08-20 00:08:33 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
    2010-08-20 00:08:33 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
    2010-08-20 00:08:33 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
    2010-08-20 00:08:33 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
    2010-08-20 00:08:33 110280 ----a-w- c:\windows\system32\drivers\sscdserd.sys
    2010-08-20 00:08:33 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
    2010-08-20 00:08:33 0 d-----w- c:\program files\SAMSUNG
    2010-08-20 00:08:27 0 d-----w- c:\programdata\Samsung
    2010-08-20 00:03:20 0 d-----w- c:\windows\system32\EventProviders
    2010-08-20 00:01:59 83456 ----a-w- c:\windows\system32\wlgpclnt.dll
    2010-08-19 23:41:19 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-08-19 23:41:19 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-08-19 23:41:19 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-08-19 23:41:19 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-08-19 23:41:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-08-19 23:40:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-08-19 23:40:21 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-08-19 23:40:21 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-08-19 23:35:15 81920 ----a-w- c:\windows\system32\iccvid.dll
    2010-08-19 23:35:14 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-08-19 23:35:13 67072 ----a-w- c:\windows\system32\asycfilt.dll
    2010-08-19 23:34:12 36864 ----a-w- c:\windows\system32\rtutils.dll
    2010-08-19 23:34:04 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2010-08-19 23:33:49 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-08-19 23:33:49 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-08-19 23:33:48 2037760 ----a-w- c:\windows\system32\win32k.sys
    2010-08-19 23:33:47 302080 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-19 23:33:47 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-19 23:33:44 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-08-19 23:33:44 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-19 23:33:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-08-19 23:24:33 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-19 23:12:47 2421760 ----a-w- c:\windows\system32\wucltux.dll
    2010-08-19 23:12:36 87552 ----a-w- c:\windows\system32\wudriver.dll
    2010-08-19 23:12:30 33792 ----a-w- c:\windows\system32\wuapp.exe
    2010-08-19 23:12:30 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2010-08-19 21:06:54 0 d-----w- c:\program files\common files\Nova Development
    2010-08-19 21:05:50 0 d-----w- c:\program files\Creative Home
    2010-08-19 21:04:06 0 d-----w- c:\programdata\Avanquest
    2010-08-19 20:55:48 0 d-----w- c:\program files\common files\Crystal Decisions
    2010-08-19 20:54:14 0 d-----w- c:\program files\Ideasoft
    2010-08-19 20:49:32 0 d-----w- c:\programdata\BVRP Software
    2010-08-19 20:49:32 0 d-----w- c:\program files\Avanquest update
    2010-08-19 20:47:33 647872 ------w- c:\windows\system32\MSCOMCT2.OCX
    2010-08-19 20:47:33 1508 ----a-w- c:\windows\bizpub32.INI
    2010-08-19 20:47:33 118784 ------w- c:\windows\system32\MSSTDFMT.DLL
    2010-08-19 20:47:32 565760 ------w- c:\windows\system32\msvcp50.DLL
    2010-08-19 20:47:32 348160 ------w- c:\windows\system32\MFC30.DLL
    2010-08-19 20:47:17 0 d-----w- c:\program files\common files\MySoftware
    2010-08-19 20:47:16 0 d-----w- c:\program files\MySoftware
    2010-08-19 20:37:01 0 d-----w- c:\programdata\Adobe
    2010-08-19 19:07:27 0 d-sh--we c:\programdata\Documents
    2010-08-19 19:07:27 0 d-sh--we C:\Documents and Settings
    2010-08-19 16:22:16 155648 ----a-w- c:\windows\system32\igfxres.dll
    2010-08-19 16:19:17 90112 ----a-w- c:\windows\system32\stacsv.exe
    2010-08-19 16:19:17 4931584 ----a-w- c:\windows\system32\stacgui.cpl
    2010-08-19 16:19:17 303104 ----a-w- c:\windows\sttray.exe
    2010-08-19 16:19:17 1458176 ----a-w- c:\windows\system32\stlang.dll
    2010-08-19 16:18:59 141824 ----a-w- c:\windows\system32\staco.dll
    2010-08-19 16:18:58 647680 ----a-w- c:\windows\system32\drivers\stwrt.sys
    2010-08-19 16:18:57 535552 ----a-w- c:\windows\system32\stapo.dll
    2010-08-19 16:18:57 238592 ----a-w- c:\windows\system32\stapi32.dll
    2010-08-19 16:18:56 45568 ----a-w- c:\windows\system32\ctppld.dll
    2010-08-19 16:18:56 416256 ----a-w- c:\windows\system32\ctapo32.dll
    2010-08-19 16:18:56 0 d-----w- c:\program files\SigmaTel
    2010-08-19 16:18:26 0 d-----w- c:\program files\Digital Line Detect
    2010-08-19 16:17:55 0 d-----w- c:\program files\NetWaiting
    2010-08-19 16:17:51 0 d-----w- c:\program files\Modem Diagnostic Tool
    2010-08-19 16:17:45 0 d-----w- c:\program files\Dell
    2010-08-19 16:16:50 80176 ----a-w- c:\windows\system32\drivers\btwavdt.sys
    2010-08-19 16:16:50 16560 ----a-w- c:\windows\system32\drivers\btwrchid.sys
    2010-08-19 16:16:49 78128 ----a-w- c:\windows\system32\drivers\btwaudio.sys
    2010-08-19 16:16:45 229376 ----a-w- c:\windows\system32\BtwRSupport.dll
    2010-08-19 16:16:23 0 d-----w- c:\windows\system32\es-MX
    2010-08-19 16:16:23 0 d-----w- c:\windows\system32\es-AR
    2010-08-19 16:16:23 0 d-----w- c:\program files\WIDCOMM
    2010-08-19 16:16:18 0 d-----w- c:\program files\Dell Inc
    2010-08-19 16:16:16 0 d-----w- c:\programdata\Sun
    2010-08-19 16:16:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-19 16:09:31 65536 ----a-w- c:\windows\ocsetup_cbs_install_OEMHelpCustomization.dpx
    2010-08-19 16:09:31 196608 ----a-w- c:\windows\ocsetup_cbs_install_OEMHelpCustomization.perf
    2010-08-19 16:09:31 134086656 ----a-w- c:\windows\ocsetup_install_OEMHelpCustomization.etl
    2010-08-19 10:58:51 0 d-----w- c:\program files\CONEXANT
    2010-08-19 10:58:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
    2010-08-19 10:57:58 0 d-----w- c:\windows\system32\x64
    2010-08-19 02:06:21 0 d-----w- c:\program files\Synaptics
    2010-08-19 02:03:49 68096 ----a-w- c:\windows\system32\wlanhlp.dll
    2010-08-19 02:03:49 65024 ----a-w- c:\windows\system32\wlanapi.dll
    2010-08-19 02:03:49 2501921 ----a-w- c:\windows\system32\wlan.tmf
    2010-08-19 02:03:49 127488 ----a-w- c:\windows\system32\L2SecHC.dll
    2010-08-19 02:03:48 513536 ----a-w- c:\windows\system32\wlansvc.dll
    2010-08-19 02:03:48 302592 ----a-w- c:\windows\system32\wlansec.dll
    2010-08-19 02:03:48 293376 ----a-w- c:\windows\system32\wlanmsm.dll
    2010-08-19 02:03:15 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-08-19 02:03:15 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-08-19 02:03:15 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-08-19 02:02:06 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2010-08-19 02:00:27 72704 ----a-w- c:\windows\system32\fontsub.dll
    2010-08-19 02:00:27 156672 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-19 01:59:24 355328 ----a-w- c:\windows\system32\WSDApi.dll
    2010-08-19 01:58:54 714240 ----a-w- c:\windows\system32\timedate.cpl
    2010-08-19 01:58:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
    2010-08-19 01:58:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
    2010-08-19 01:57:55 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-19 01:56:27 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
    2010-08-19 01:56:27 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
    2010-08-19 01:56:27 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
    2010-08-19 01:56:27 196608 ----a-w- c:\windows\system32\fsquirt.exe
    2010-08-19 01:55:58 499712 ----a-w- c:\windows\system32\kerberos.dll
    2010-08-19 01:53:18 60928 ----a-w- c:\windows\system32\msasn1.dll
    2010-08-19 01:52:20 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-08-19 01:52:20 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-08-19 01:52:20 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-08-19 01:52:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-08-19 01:52:20 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-08-19 01:52:20 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-08-19 01:52:20 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-08-19 01:52:19 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-08-19 01:52:19 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-08-19 01:51:45 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2010-08-19 01:51:12 98816 ----a-w- c:\windows\system32\mfps.dll
    2010-08-19 01:51:12 53248 ----a-w- c:\windows\system32\rrinstaller.exe
    2010-08-19 01:51:12 2868224 ----a-w- c:\windows\system32\mf.dll
    2010-08-19 01:51:12 24576 ----a-w- c:\windows\system32\mfpmp.exe
    2010-08-19 01:51:12 2048 ----a-w- c:\windows\system32\mferror.dll
    2010-08-19 01:50:38 98304 ----a-w- c:\windows\system32\cabview.dll
    2010-08-19 01:50:10 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
    2010-08-19 01:45:23 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-19 01:44:54 23552 ----a-w- c:\windows\system32\lpk.dll
    2010-08-19 01:44:54 10240 ----a-w- c:\windows\system32\dciman32.dll
    2010-08-19 01:40:23 243712 ----a-w- c:\windows\system32\rastls.dll
    2010-08-19 01:39:52 43520 ----a-w- c:\windows\system32\msdxm.tlb
    2010-08-19 01:39:52 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2010-08-19 01:39:52 18432 ----a-w- c:\windows\system32\amcompat.tlb
    2010-08-19 01:39:10 91136 ----a-w- c:\windows\system32\avifil32.dll
    2010-08-19 01:39:10 82944 ----a-w- c:\windows\system32\mciavi32.dll
    2010-08-19 01:39:10 31744 ----a-w- c:\windows\system32\msvidc32.dll
    2010-08-19 01:39:10 13312 ----a-w- c:\windows\system32\msrle32.dll
    2010-08-19 01:39:10 1314816 ----a-w- c:\windows\system32\quartz.dll
    2010-08-19 01:39:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
    2010-08-19 01:39:09 50176 ----a-w- c:\windows\system32\iyuv_32.dll
    2010-08-19 01:39:09 22528 ----a-w- c:\windows\system32\msyuv.dll
    2010-08-19 01:39:09 12288 ----a-w- c:\windows\system32\tsbyuv.dll
    2010-08-19 01:38:37 377344 ----a-w- c:\windows\system32\winhttp.dll
    2010-08-19 01:36:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-08-19 01:36:44 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2010-08-19 01:36:43 7680 ----a-w- c:\windows\system32\spwmp.dll
    2010-08-19 01:36:43 4096 ----a-w- c:\windows\system32\msdxm.ocx
    2010-08-19 01:36:43 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2010-08-19 01:34:01 46080 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2010-08-19 01:34:01 44544 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
    2010-08-19 01:34:01 36864 ----a-w- c:\windows\system32\tsgqec.dll
    2010-08-19 01:34:01 2689024 ----a-w- c:\windows\system32\mstscax.dll
    2010-08-19 01:34:01 223232 ----a-w- c:\windows\system32\wksprt.exe
    2010-08-19 01:34:01 130560 ----a-w- c:\windows\system32\aaclient.dll
    2010-08-19 01:34:01 12800 ----a-w- c:\windows\system32\wksprtPS.dll
    2010-08-19 01:34:01 1033728 ----a-w- c:\windows\system32\mstsc.exe
    2010-08-19 01:33:34 623616 ----a-w- c:\windows\system32\localspl.dll
    2010-08-19 01:33:08 9728 ----a-w- c:\windows\system32\lsass.exe
    2010-08-19 01:33:08 72704 ----a-w- c:\windows\system32\secur32.dll
    2010-08-19 01:33:08 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2010-08-19 01:33:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2010-08-19 01:33:08 175104 ----a-w- c:\windows\system32\wdigest.dll
    2010-08-19 01:33:08 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2010-08-19 01:31:47 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2010-08-19 01:31:47 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2010-08-19 01:31:18 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2010-08-19 01:30:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2010-08-19 01:30:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2010-08-19 01:30:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2010-08-19 01:30:23 19968 ----a-w- c:\windows\system32\ARP.EXE
    2010-08-19 01:30:23 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2010-08-19 01:30:23 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-08-19 01:30:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2010-08-19 01:30:23 105984 ----a-w- c:\windows\system32\netiohlp.dll
    2010-08-19 01:30:23 10240 ----a-w- c:\windows\system32\finger.exe
    2010-08-19 01:29:39 71680 ----a-w- c:\windows\system32\atl.dll
    2010-08-19 01:29:16 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-08-19 01:27:19 8704 ----a-w- c:\windows\system32\hccoin.dll
    2010-08-19 01:27:19 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2010-08-19 01:27:19 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2010-08-19 01:27:19 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2010-08-19 01:27:19 226816 ----a-w- c:\windows\system32\drivers\usbport.sys
    2010-08-19 01:27:19 196608 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2010-08-19 01:27:19 15872 ----a-w- c:\windows\system32\hcrstco.dll
    2010-08-19 01:26:31 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2010-08-19 01:25:18 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
    2010-08-19 01:23:00 5919 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_9400.mrk
    2010-08-19 01:21:23 0 d-----w- c:\windows\system32\oem
    2010-08-19 01:21:22 0 d-----w- C:\Drivers
    2010-08-19 01:17:31 0 d-----w- C:\DELL
    2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ==================== Find3M ====================

    2010-08-27 14:44:42 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-08-27 14:44:42 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-08-27 14:44:42 143360 ----a-w- c:\windows\inf\infstor.dat
    2010-08-23 21:08:37 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-08-20 08:37:27 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
    2010-08-19 01:37:37 79872 ----a-w- c:\windows\system32\wecutil.exe
    2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 14:39:52.98 ===============

    Also browser points to page Dell support put in there when he was remote trouble shooting my battery being dead - can't seem to get rid of it...

    Thank you for your assistance, whomever replies to me.
    Last edited by tashi; 2010-09-01 at 03:35. Reason: Added link to now closed topic :-)

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Does redirecting occur with both Internet Explorer and Firefox (please test if you haven't done that)?

    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member blueberryd's Avatar
    Join Date
    Jan 2008
    Location
    USA
    Posts
    18

    Default yes, happens both firefox and IE & it says scorecardresearch & googleanalytics

    I did as instructed and first time it froze the computer, so I restarted
    then I got the blue screen error
    so I restarted in safe mode, and here is the info:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-05 18:28:40
    Windows 6.0.6002 Service Pack 2
    Running: uzydx9g0.exe; Driver: C:\Users\WAITIN~1\AppData\Local\Temp\pwtyrpod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    Device \FileSystem\fastfat \Fat 96494A7A

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00197de2c15f
    Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00197de2c15f (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----


    I had to put computer back to selective startup... and also ran a report from IOBIT & here is the info:


    Logfile of IObit HijackScan v1.0.2.0
    Scan saved at 18:33:49, on 2010-9-5

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    C:\Program Files\IObit\IObit Security 360\is360.exe
    C:\Program Files\IObit\IObit Security 360\is360tray.exe
    C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

    O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard 2010\tmeig.dll
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Trend Micro Browser Guard v2.0 Beta] "C:\Program Files\Trend Micro\Browser Guard 2010\BGUI.EXE"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
    O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}GpcContainer.GpcContainer.1 - https://drpitcairn.webex.com/client/...x/ieatgpc1.cab
    O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -
    O23 - Service: Diagnostic Policy Service (DPS) - Unknown -
    O23 - Service: Windows Media Center Service Launcher (ehstart) - Unknown - %windir%\system32\svchost.exe
    O23 - Service: File Backup Service (File Backup) - Starfield Technologies, Inc. - C:\Program Files\Starfield\offSyncService.exe
    O23 - Service: Group Policy Client (gpsvc) - Unknown -
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe
    O23 - Service: RoxMediaDB9 (RoxMediaDB9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -
    O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
    O23 - Service: Security Accounts Manager (SamSs) - Unknown -
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown - C:\Program Files\Spybot.dll
    O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe
    O23 - Service: stllssvr (stllssvr) - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -
    O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -
    O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -
    O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe
    O23 - Service: XAudioService (XAudioService) - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

  4. #4
    Junior Member blueberryd's Avatar
    Join Date
    Jan 2008
    Location
    USA
    Posts
    18

    Default Also... I found this

    LASSH: 6708127940F65069BD470F6462A4A875
    Info Path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
    Location Path: HKEY_USERS\S-1-5-21-167909577-2247981082-3190906022-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
    Makro Location Path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
    Makro Location: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
    No additional information is available.
    Table=bho
    GUID={CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    RegistryKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
    CaptionBHO=
    CaptionCLSID=Microsoft Url Search Hook
    Filename=C:\Windows\system32\ieframe.dll
    Filesize=11077120
    MD5=F8427C8E999FBCB98575C705A464F854

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Junior Member blueberryd's Avatar
    Join Date
    Jan 2008
    Location
    USA
    Posts
    18

    Exclamation web page still redirecting before loading

    I did as instructed, but it's still redirecting before loading the web page... should I call Dell, it's still under warranty?
    (let me know if I should post a different DDS log, and from what program you want it from, I'm sorry if I provided too much info)
    here are the files...

  7. #7
    Junior Member blueberryd's Avatar
    Join Date
    Jan 2008
    Location
    USA
    Posts
    18

    Lightbulb Thank you Blade81, I really appreciate your assistance

    Thank you for the instructions so far, I really appreciate your assistance!
    I have the DDS log...
    Thanks again!

  8. #8
    Junior Member blueberryd's Avatar
    Join Date
    Jan 2008
    Location
    USA
    Posts
    18

    Question More info

    My D: Backup drive is just about full, I'm not sure why?

  9. #9
    Junior Member blueberryd's Avatar
    Join Date
    Jan 2008
    Location
    USA
    Posts
    18

    Question Sorry, but...

    Should I have made MSCONFIG Normal start-up instead of selective before running Combofix? Should I run it again? I'm really sorry, I don't want to waste your time...

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    My D: Backup drive is just about full, I'm not sure why?
    If that drive holds recovery partition then that's normal. If it doesn't have recovery partition on it then it's hard to say without knowing what items the drive contains.

    Should I have made MSCONFIG Normal start-up instead of selective before running Combofix? Should I run it again?
    Shouldn't affect on ComboFix run.

    I did as instructed, but it's still redirecting before loading the web page...
    Could you describe how redirecting happens and if it does so on specific sites? Screenshots would be good.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •