search redirects

Status
Not open for further replies.
ComboFix 12-07-19.02 - Dr. Gioe 07/19/2012 11:32:48.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2405 [GMT -5:00]
Running from: c:\documents and settings\Dr. Gioe\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dr. Gioe\Local Settings\Application Data\Dell\Apple Computer\uqjqls.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 16:24 . 2012-07-19 16:24 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9C089A-A9E5-4035-9269-27D1FED6E7C9}\offreg.dll
2012-07-19 16:24 . 2012-07-19 16:24 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9C089A-A9E5-4035-9269-27D1FED6E7C9}\MpKslf6929080.sys
2012-07-18 17:05 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9C089A-A9E5-4035-9269-27D1FED6E7C9}\mpengine.dll
2012-07-18 12:35 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:46 . 2011-05-06 00:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:29 . 2008-04-25 16:16 1875072 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-25 16:16 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-25 16:16 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-25 16:16 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2008-10-16 19:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2008-10-16 19:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-08-07 19:52 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-08-07 19:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2008-10-16 19:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:24 . 2008-04-25 16:16 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-04-25 21:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-16_22.08.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-19 12:25 . 2012-07-19 12:25 16384 c:\windows\Temp\Perflib_Perfdata_2ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DtxQuickLaunch.exe"="c:\program files\Dentrix\DtxQuickLaunch.exe" [2005-02-25 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-03 483420]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-01-09 1712128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-03 737280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-01 11:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R1 MpKslf6929080;MpKslf6929080;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9C089A-A9E5-4035-9269-27D1FED6E7C9}\MpKslf6929080.sys [7/19/2012 11:24 AM 29904]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/1/2009 9:43 AM 113024]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [8/1/2009 7:03 AM 144128]
R3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [8/1/2009 9:43 AM 148056]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [8/1/2009 9:43 AM 144544]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [8/1/2009 9:43 AM 268992]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [8/1/2009 9:43 AM 160256]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [8/1/2009 9:43 AM 1656960]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF6929080
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-07-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Apple Computer - c:\documents and settings\Dr. Gioe\Local Settings\Application Data\Dell\Apple Computer\uqjqls.dll
HKU-Default-Run-Apple Computer - c:\documents and settings\Dr. Gioe\Local Settings\Application Data\Dell\Apple Computer\uqjqls.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-19 11:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-07-19 11:40:21
ComboFix-quarantined-files.txt 2012-07-19 16:40
ComboFix2.txt 2012-07-16 22:10
ComboFix3.txt 2011-05-15 15:55
.
Pre-Run: 288,327,761,920 bytes free
Post-Run: 288,567,136,256 bytes free
.
- - End Of File - - 96F3DADE6839E585E50E279FB93E24D3
 
Drag your copy of Combofix to the trash and lets grab a new fresh updated copy



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.






Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above ClearJavaCache::


Code: 
ClearJavaCache::

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
 
ComboFix 12-07-30.01 - Dr. Gioe 07/30/2012 20:08:26.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2515 [GMT -5:00]
Running from: c:\documents and settings\Dr. Gioe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dr. Gioe\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-30 21:51 . 2012-07-30 21:51 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFF5785-3BE7-45DC-9684-2B561B187DD9}\offreg.dll
2012-07-30 18:01 . 2012-07-30 18:01 -------- d-----w- C:\_OTL
2012-07-30 16:32 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFF5785-3BE7-45DC-9684-2B561B187DD9}\mpengine.dll
2012-07-26 19:29 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-26 01:02 . 2012-07-26 01:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-07-20 18:56 . 2012-07-26 01:35 -------- d-----w- c:\documents and settings\Cheri
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 17:30 . 2012-07-30 17:30 33038 ----a-w- C:\TDSSKiller.2.7.48.0_30.07.2012_11.49.12_log.zip
2012-07-03 18:46 . 2011-05-06 00:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:29 . 2008-04-25 16:16 1875072 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-25 16:16 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-25 16:16 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-25 16:16 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2008-10-16 19:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2008-10-16 19:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-08-07 19:52 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-08-07 19:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2008-10-16 19:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:24 . 2008-04-25 16:16 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-04-25 21:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-16_22.08.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-30 21:49 . 2012-07-30 21:49 16384 c:\windows\Temp\Perflib_Perfdata_294.dat
+ 2011-12-19 23:16 . 2006-04-10 20:02 74752 c:\windows\system32\spool\drivers\w32x86\3\hpzpr054.dll
+ 2011-12-19 23:16 . 2006-03-04 03:02 57344 c:\windows\system32\spool\drivers\w32x86\3\HPZISN12.DLL
+ 2011-12-19 23:16 . 2006-03-04 03:02 94208 c:\windows\system32\spool\drivers\w32x86\3\HPZIPT12.DLL
+ 2011-12-19 23:16 . 2006-03-04 03:03 69632 c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
+ 2011-12-19 23:16 . 2006-03-04 03:03 65536 c:\windows\system32\spool\drivers\w32x86\3\HPZINW12.EXE
+ 2011-12-19 23:16 . 2004-10-16 11:31 61440 c:\windows\system32\spool\drivers\w32x86\3\HPNRA.EXE
+ 2011-12-19 23:16 . 2005-06-20 20:33 94208 c:\windows\system32\spool\drivers\w32x86\3\HPJIPX1U.DLL
+ 2011-12-19 23:16 . 2005-09-19 20:17 79872 c:\windows\system32\spool\drivers\w32x86\3\hpfrs054.dll
+ 2011-12-19 23:16 . 2005-06-20 20:33 57344 c:\windows\system32\spool\drivers\w32x86\3\HPBPROPS.DLL
+ 2011-12-19 23:16 . 2005-05-20 16:37 81920 c:\windows\system32\spool\drivers\w32x86\3\HPBPRO.EXE
+ 2011-12-19 23:16 . 2005-06-20 20:33 57344 c:\windows\system32\spool\drivers\w32x86\3\HPBOIDPS.DLL
+ 2011-12-19 23:16 . 2004-10-16 11:31 73728 c:\windows\system32\spool\drivers\w32x86\3\HPBOID.EXE
+ 2011-12-19 23:16 . 2005-06-20 20:33 49152 c:\windows\system32\spool\drivers\w32x86\3\HPBNRAC2.DLL
+ 2011-12-19 23:16 . 2005-06-20 20:33 81920 c:\windows\system32\spool\drivers\w32x86\3\HPBMIAPI.DLL
+ 2011-12-19 23:16 . 2006-04-10 19:44 563200 c:\windows\system32\spool\drivers\w32x86\3\hpzss054.dll
+ 2011-12-19 23:16 . 2006-03-04 03:02 204800 c:\windows\system32\spool\drivers\w32x86\3\HPZIPR12.DLL
+ 2011-12-19 23:16 . 2006-03-04 03:03 282680 c:\windows\system32\spool\drivers\w32x86\3\HPZIDR12.DLL
+ 2011-12-19 23:16 . 2006-04-10 20:02 309760 c:\windows\system32\spool\drivers\w32x86\3\hpzev054.dll
+ 2011-12-19 23:16 . 2006-04-10 20:02 248320 c:\windows\system32\spool\drivers\w32x86\3\hpz3a054.dll
+ 2011-12-19 23:16 . 2005-06-20 20:51 208969 c:\windows\system32\spool\drivers\w32x86\3\HPPASNM0.DLL
+ 2011-12-19 23:16 . 2005-06-20 20:51 225351 c:\windows\system32\spool\drivers\w32x86\3\HPPAPTS0.DLL
+ 2011-12-19 23:16 . 2005-06-20 20:51 213063 c:\windows\system32\spool\drivers\w32x86\3\HPPAPML0.DLL
+ 2011-12-19 23:16 . 2005-06-20 20:33 163840 c:\windows\system32\spool\drivers\w32x86\3\HPJCMN2U.DLL
+ 2011-12-19 23:16 . 2005-09-19 20:17 274944 c:\windows\system32\spool\drivers\w32x86\3\hpfie054.dll
+ 2011-12-19 23:16 . 2006-03-14 20:49 659528 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2011-12-19 23:16 . 2005-08-08 23:26 139264 c:\windows\system32\spool\drivers\w32x86\3\HPBMINI.DLL
+ 2011-12-19 23:16 . 2006-04-10 20:02 2572288 c:\windows\system32\spool\drivers\w32x86\3\hpzui054.dll
+ 2011-12-19 23:16 . 2006-04-10 19:19 3650048 c:\windows\system32\spool\drivers\w32x86\3\hpzst054.dll
+ 2011-12-19 23:16 . 2006-04-10 20:03 1360384 c:\windows\system32\spool\drivers\w32x86\3\hpz3r054.dll
+ 2011-12-19 23:16 . 2005-11-18 03:53 7134720 c:\windows\system32\spool\drivers\w32x86\3\hpfig054.dll
+ 2011-12-19 23:16 . 2006-01-24 14:22 1392640 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DtxQuickLaunch.exe"="c:\program files\Dentrix\DtxQuickLaunch.exe" [2005-02-25 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-03 483420]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-01-09 1712128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-03 737280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-01 11:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
.
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/1/2009 9:43 AM 113024]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [8/1/2009 7:03 AM 144128]
R3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [8/1/2009 9:43 AM 148056]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [8/1/2009 9:43 AM 144544]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [8/1/2009 9:43 AM 268992]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [8/1/2009 9:43 AM 160256]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [8/1/2009 9:43 AM 1656960]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-07-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PowerDVD DX - c:\documents and settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll
HKU-Default-Run-PowerDVD DX - c:\documents and settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-30 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-07-30 20:14:36
ComboFix-quarantined-files.txt 2012-07-31 01:14
ComboFix2.txt 2012-07-19 16:40
ComboFix3.txt 2012-07-16 22:10
ComboFix4.txt 2011-05-15 15:55
.
Pre-Run: 288,232,828,928 bytes free
Post-Run: 288,259,944,448 bytes free
.
- - End Of File - - 104E4B1B820E6B59B1D8EE0C2DB1BE0D
 
Where are you being redirected to ? Let me ask you about your set up, are you on a router, do you have other computers accessing this router and if so are they getting redirected also ?

Is it just IE being redirected or is it Firefox as well ?

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
Some of the redirects open another window with a list of sites related to the original search; alot of times it was Scour. Other times when I would click on a site on my search I would get redirected to another site with similar content. I have a combination router/dsl modem (Motorola) with two other desktop computers connected, but they have limited (content advisor enabled) internet access, and I checked on one of them to see if I got redirects and I did not. I don't use Firefox. Here is the esetscan.

C:\Qoobox\Quarantine\C\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Dell\Apple Computer\uqjqls.dll.vir a variant of Win32/Kryptik.AIZP trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Dr. Gioe\Local Settings\Application Data\PowerDVD DX\Microsoft\tvzjqlnhf.dll.vir a variant of Win32/Kryptik.AIZP trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll.vir a variant of Win32/Kryptik.AIZP trojan
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1\A0000023.dll a variant of Win32/Kryptik.AIZP trojan
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP11\A0000843.dll a variant of Win32/Kryptik.AIZP trojan
 
OK, thanks for the info, I have seen routers in the past get infected but if its just your system then most likely the router is ok.

The files in Qoobox are just backups of what Combofix removed and there harmless where there at and we will remove them when where done.

The other files are in System Restore, lets flush them all out and create a new restore point.

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:
  1. Click Start > Run > copy and paste the following into the run box:
    %SystemRoot%\System32\restore\rstrui.exe
  2. Press OK. Choose Create a Restore Point then click Next.
  3. Name it (something you'll remember) and click Create.
  4. When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points
  1. Click Start > Run > copy and paste the following into the run box:
    cleanmgr
  2. Choose to scan drive C:\ (if C:\ is your main drive).
  3. At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
  4. Click on the Yes button.
  5. When finished, click on Cancel button to exit.


Lets run another rootkit scanner, with all the scans we have run we seem to being hitting a wall

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Next:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    gmer_zip.gif
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-31 13:00:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: gmer.exe; Driver: C:\DOCUME~1\DRF276~1.GIO\LOCALS~1\Temp\pwdyapog.sys


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
Ron,

That does not look like the entire GMER log, did you click on the picture to expand it and check all the boxes that are marked, if not please try it again. Also, did you use defogger to disable your CD drivers, let me know and I will post back on how to re enable them


Then do this, you just need to run the 32bit version


Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
Scour
:folderfind
Scour
:Regfind
Scour
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Also, open Internet Explorer and go to Tools > Manage Add-Ons > Search Providers and if you see Scour in there or any you dont recognize just right click on it and delete them
 
I ran defogger and gmer again. Gmer scanned the files, and then it stopped; it did not say that it had finished--I saved the file when it stopped scanning.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-31 15:39:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: gmer.exe; Driver: C:\DOCUME~1\DRF276~1.GIO\LOCALS~1\Temp\pwdyapog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\Drivers\OA009Afx.sys entry point in "init" section [0xA5657310]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2092] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
Only Bing and Google search providers are listed.

SystemLook 30.07.11 by jpshortstuff
Log created at 15:52 on 31/07/2012 by Dr. Gioe
Administrator - Elevation successful

========== filefind ==========

Searching for "Scour"
No files found.

========== folderfind ==========

Searching for "Scour"
No folders found.

========== Regfind ==========

Searching for "Scour"
No data found.

-= EOF =-
 
Open IE and go to Tools > Internet Options > Advanced Tab > Reset Internet Explorer Setting > Reset.....this may take a minute or two, when its done , X out and close IE, reopen it and see if your redirects are gone
 
Open Malwarebytes, go to the update tab and check for updates and let it update, then run the FULL Scan and then post the log please



Click the Start button , click All Programs, click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).
 
Last edited:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.31.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dr. Gioe :: D991PWJ1 [administrator]

7/31/2012 5:39:59 PM
mbam-log-2012-07-31 (17-39-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276625
Time elapsed: 29 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Apple Computer\Apple\rppqrdfg.dll (Trojan.RedirRdll3.Gen) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apple (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Apple Computer\Apple\rppqrdfg.dll",CreateInstance -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apple (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Apple Computer\Apple\rppqrdfg.dll",CreateInstance -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Dr. Gioe\Local Settings\temp\0.9077037817744482 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Apple Computer\Apple\rppqrdfg.dll (Trojan.RedirRdll3.Gen) -> Delete on reboot.

(end)
 
Malwarebytes appears to be picking things up related to Apple, have you rebooted after the scan so they can be removed ? Some of those are related also to redirects, are you still being redirected ?

If so lets run SuperAntiSpyware

Please download SuperAntiSpyware Free
Install the program
  • Run SuperAntiSpyware and click: Check for updates
  • Once the update is finished, on the main screen, click: Scan your computer
  • Check: Perform Complete Scan
  • Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click: Preferences
  • Click the Statistics/Logs tab
  • Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply
 
I didn't get any redirects after Malwarebytes removed the threats, but I ran Superantispyware anyway. Should I restore the cd drivers disabled by defogger now?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2012 at 08:00 PM

Application Version : 5.5.1012

Core Rules Database Version : 8989
Trace Rules Database Version: 6801

Scan type : Complete Scan
Total Scan Time : 00:27:51

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 542
Memory threats detected : 0
Registry items scanned : 34933
Registry threats detected : 0
File items scanned : 43093
File threats detected : 75

Adware.Tracking Cookie
C:\Documents and Settings\Dr. Gioe\Cookies\A1CZ450O.txt [ /zedo.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\HYBU3SXO.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\GGNH9NR0.txt [ /bridge.ame.admarketplace.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\24XS15IA.txt [ /microsoftwlcashback.112.2o7.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\HP13124I.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\VE9UI3D6.txt [ /nextag.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\AP8MJF0F.txt [ /interclick.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\0KN8RRDF.txt [ /apmebf.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\MRQUYRB0.txt [ /media6degrees.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\NJEQAQT8.txt [ /eset.122.2o7.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\5U430IOW.txt [ /adxpose.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\VNAFFL6Q.txt [ /insightexpressai.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\ZUM1G3O3.txt [ /timeinc.122.2o7.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\SXBI2CY9.txt [ /a1.interclick.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\TDBRSNW6.txt [ /accounts.google.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\DDU9WHRJ.txt [ /kontera.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\FQE15BNX.txt [ /tribalfusion.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\NQRATWM1.txt [ /t.pointroll.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\K7NNL86I.txt [ /ads.us.e-planning.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\AVJ6QJTA.txt [ /legolas-media.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\IBR1OOZV.txt [ /liveperson.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\FN1YABO3.txt [ /lucidmedia.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\LBOEB4QM.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\FXMLTQL5.txt [ /ad.360yield.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\9RJARK7G.txt [ /revsci.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\BZS2GB33.txt [ /casalemedia.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\HPOKSMRG.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\UG2ROXUN.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\XI76B99K.txt [ /in.getclicky.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\9F54088K.txt [ /imrworldwide.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\RU3ATMMP.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\WZ31XQX7.txt [ /cn.clickable.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\YRHGG980.txt [ /adknowledge.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\110B52AZ.txt [ /c.atdmt.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\ZTQR388A.txt [ /advertising.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\G7MJMJJ4.txt [ /ru4.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\NINNK8M0.txt [ /ad.wsod.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\74MRLA0X.txt [ /collective-media.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\KAZCCANU.txt [ /media2.legacy.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\AYD7RHIV.txt [ /sales.liveperson.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\E71IK95Q.txt [ /specificclick.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\THFACHWI.txt [ /admarketplace.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\SOQOCAW6.txt [ /kanoodle.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\Z7FPA2O4.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\FJIYDNJA.txt [ /atdmt.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\XTUF0TGY.txt [ /pointroll.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\VK0LFRQB.txt [ /ads.towniecentral.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\BY3VN987.txt [ /invitemedia.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\0VLRYYSE.txt [ /ads.undertone.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\Y7L8XWIB.txt [ /2o7.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\MHMN6LOW.txt [ /network.realmedia.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\EM6DTKAT.txt [ /fastclick.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\2PP23AUQ.txt [ /www.burstnet.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\3788KZJH.txt [ /ad2.adfarm1.adition.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\HIRHUXEP.txt [ /ads.imaging-resource.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\WLZ1IP56.txt [ /doubleclick.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\8FFKPY18.txt [ /questionmarket.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\A273QWBQ.txt [ /mediaplex.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\AVFHXCKC.txt [ /yieldmanager.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\RDNBYF7M.txt [ /atdmt.combing.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\SPPJHQIT.txt [ /burstnet.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\RHKN86A1.txt [ /at.atwola.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\1LYG4BLW.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\191J82L2.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\MUAVY39U.txt [ /serving-sys.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\T3JS78AX.txt [ /pro-market.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\CN9YO50P.txt [ /realmedia.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\L4Q9O1AM.txt [ /adbrite.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\IGNYQIC2.txt [ /www.blogpiremedia.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\DKKDV5C3.txt [ /clickfuse.com ]
C:\Documents and Settings\Dr. Gioe\Cookies\VQ0RML6B.txt [ /liveperson.net ]
C:\Documents and Settings\Dr. Gioe\Cookies\D08755F6.txt [ /dmtracker.com ]
C:\DOCUMENTS AND SETTINGS\CHERI\Cookies\X7M4AOTE.txt [ Cookie:cheri@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\CHERI\Cookies\OECDSQ9N.txt [ Cookie:cheri@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\CHERI\Cookies\LYVYL2AJ.txt [ Cookie:cheri@c.atdmt.com/ ]
 
Status
Not open for further replies.
Back
Top