Yahoo browser redirecting

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Yahoo browser redirecting 9th August 2010, 3:20 pm

I haven't ran that yet (didn't have access to the laptop) but my friend noticed that his tethering no longer works with his cell phone. Could what we ran above have changed something? On his phone it says it is connected, on the laptop it says that it connected, but it won't allow us to connect to the internet. He has not done anything else to the laptop except what I have done above...

Thanks.

Re: Yahoo browser redirecting 9th August 2010, 7:20 pm

Might have. I will check it out, and report back if I have an idea.

For now, are you able to run the ESET Online Scan?

Re: Yahoo browser redirecting 9th August 2010, 7:57 pm

His computer is with him for the day - I'll try it out tomorrow.

Re: Yahoo browser redirecting 9th August 2010, 8:28 pm

Re: Yahoo browser redirecting 10th August 2010, 5:03 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16674 (vista_gdr.080415-1732)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e3ad93c0e211304788036ea2f40c9825
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-10 04:11:01
# local_time=2010-08-10 11:11:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1399943 1399943 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95808
# found=0
# cleaned=0
# scan_time=2175

Re: Yahoo browser redirecting 10th August 2010, 7:12 pm

Still redirects?

Re: Yahoo browser redirecting 18th August 2010, 6:09 am

Still with us? Please let me know how things are going!

Re: Yahoo browser redirecting 19th August 2010, 6:27 pm

Yup - still redirecting. Starting to drive me crazy!

Re: Yahoo browser redirecting 19th August 2010, 7:27 pm

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix Yahoo browser redirecting - Page 2 Combofix

Yahoo browser redirecting - Page 2 Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Yahoo browser redirecting - Page 2 Query_RC

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Yahoo browser redirecting - Page 2 RC_successful

Yahoo browser redirecting - Page 2 RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Yahoo browser redirecting 23rd August 2010, 6:22 pm

ComboFix 10-08-22.07 - rreiche 08/23/2010 12:05:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2431.1867 [GMT -5:00]
Running from: c:\documents and settings\rreiche\desktop\combo-fix.exe
Command switches used :: /killall
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-19 17:29 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-19 17:29 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-19 17:29 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-19 17:29 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-19 17:29 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-19 17:29 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-19 17:29 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-19 17:29 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-19 17:29 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\program files\Alwil Software
2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-19 17:10 . 2010-08-21 17:14 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\Temp
2010-08-13 15:40 . 2010-08-13 15:40 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\msvcp71.dll
2010-08-13 15:40 . 2010-08-13 15:40 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\jmc.dll
2010-08-13 15:40 . 2010-08-13 15:40 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\msvcr71.dll
2010-08-13 15:40 . 2010-08-13 15:40 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c3475c0-n\decora-sse.dll
2010-08-13 15:40 . 2010-08-13 15:40 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c3475c0-n\decora-d3d.dll
2010-08-10 15:28 . 2010-08-10 15:28 -------- d-----w- c:\program files\ESET
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\program files\Seagate
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\Downloaded Installations
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-----w- c:\program files\Carbonite
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-sh--w- c:\windows\ftpcache
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-----w- c:\documents and settings\rreiche\Application Data\Leadertech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 15:40 . 2007-09-10 14:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-04 13:06 . 2007-09-10 14:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 14:05 . 2010-07-23 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-07-22 20:06 . 2010-07-22 20:06 354744 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-07-22 20:06 . 2010-07-22 20:06 79872 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2010-07-22 20:06 . 2010-07-22 20:06 574344 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2010-07-22 20:06 . 2010-07-22 19:41 -------- d-----w- c:\documents and settings\rreiche\Application Data\SanDisk
2010-07-14 18:42 . 2010-07-14 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-25 17:44 . 2007-09-10 15:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 17:44 . 2007-09-10 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-25 17:42 . 2007-09-10 15:09 -------- d-----w- c:\program files\Symantec
2010-06-25 17:42 . 2010-06-25 17:41 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-25 17:42 . 2010-06-25 17:41 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-25 17:42 . 2010-06-25 17:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-25 17:42 . 2010-06-25 17:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-25 17:19 . 2010-06-25 17:16 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-06-25 17:19 . 2010-06-25 17:19 -------- d-----w- c:\program files\Microsoft
2010-06-25 17:19 . 2010-06-25 17:19 -------- d-----w- c:\program files\MSN Toolbar
2010-06-25 17:16 . 2007-09-10 14:52 -------- d-----w- c:\program files\Common Files\Java
2010-06-25 17:15 . 2010-06-25 17:15 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcp71.dll
2010-06-25 17:15 . 2010-06-25 17:15 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\jmc.dll
2010-06-25 17:15 . 2010-06-25 17:15 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcr71.dll
2010-06-25 17:15 . 2010-06-25 17:15 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-sse.dll
2010-06-25 17:15 . 2010-06-25 17:15 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-d3d.dll
2010-06-25 17:15 . 2007-09-10 14:52 -------- d-----w- c:\program files\Java
2010-06-25 17:14 . 2007-09-10 15:08 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-25 17:08 . 2010-06-25 17:08 -------- d-----w- c:\documents and settings\rreiche\Application Data\Malwarebytes
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-15 19:49 . 2010-06-15 19:49 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll
.

------- Sigcheck -------

[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll

[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-23 95800]
"SansaDispatch"="c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-07-22 79872]
"Google Update"="c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1282048]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-20 331552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Cingular Communication Manager"="c:\program files\Cingular\Communication Manager\CingularCCM.exe" [2007-01-12 19968]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-02-02 1116920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 196608]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-25 115560]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Device Detector 3.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2007-9-27 163840]
Directrec Configuration Tool.lnk - c:\program files\OLYMPUS\DeviceDetector\DirectrecConfig.exe [2007-9-27 167936]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-10 184320]
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-2-23 92854]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 03:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2/7/2007 11:22 AM 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 1:31 PM 44720]
R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2/18/2009 12:57 PM 15280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/19/2010 12:29 PM 165456]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 6:07 PM 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2/7/2007 11:23 AM 5808]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/19/2010 12:29 PM 17744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [3/11/2007 11:46 AM 208896]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9/10/2007 9:41 AM 539936]
R2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 12:56 PM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/10/2007 9:22 AM 36608]
R3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [2/22/2007 5:26 PM 71168]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/25/2010 9:51 AM 23888]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [9/10/2007 9:24 AM 33024]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\rreiche\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [12/12/2007 5:18 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301054588-4197235993-2086927575-1155Core.job
- c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 17:09]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301054588-4197235993-2086927575-1155UA.job
- c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 17:09]

2010-08-23 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2008-03-07 04:55]

2010-03-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-25 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: gjgrewe.com\mail
TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 12:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ????H????????@???????@
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_content&?i

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1184)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\IFXTSP.dll
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\IFXTCSps.dll
c:\windows\system32\IFXTPMCP.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTRsUS.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll
c:\windows\system32\capicom.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll

- - - - - - - > 'lsass.exe'(1240)
c:\windows\SbHpNp.dll

- - - - - - - > 'Explorer.exe'(2736)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\OLYMPUS\DeviceDetector\DM1Service.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2010-08-23 12:23:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-23 17:23
ComboFix2.txt 2010-07-19 15:11
ComboFix3.txt 2010-07-15 15:25

Pre-Run: 86,152,421,376 bytes free
Post-Run: 86,244,847,616 bytes free

- - End Of File - - 0758C2D67036E2A255279B86F7C7EE23

Re: Yahoo browser redirecting 25th August 2010, 9:00 am

Hi

Do you recognize this entry:

TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4

??

The bolded numbers are a specific IP address.

Re: Yahoo browser redirecting 26th August 2010, 3:36 pm

No. I don't know any IP addresses around here though.

Re: Yahoo browser redirecting 26th August 2010, 8:07 pm

Ok. We will kill it and see what happens. Let me know if your browser is still redirecting after this fix has been run.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:
Code:
DDS:: Trusted Zone: gjgrewe.com\mail TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Yahoo browser redirecting 2nd September 2010, 6:27 pm

Still redirecting

ComboFix 10-08-22.07 - rreiche 09/02/2010 13:20:18.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2431.1658 [GMT -5:00]
Running from: c:\documents and settings\rreiche\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\rreiche\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-19 17:29 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-19 17:29 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-19 17:29 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-19 17:29 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-19 17:29 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-19 17:29 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-19 17:29 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-19 17:29 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-19 17:29 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\program files\Alwil Software
2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-19 17:10 . 2010-08-21 17:14 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\Temp
2010-08-13 15:40 . 2010-08-13 15:40 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\msvcp71.dll
2010-08-13 15:40 . 2010-08-13 15:40 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\jmc.dll
2010-08-13 15:40 . 2010-08-13 15:40 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\msvcr71.dll
2010-08-13 15:40 . 2010-08-13 15:40 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c3475c0-n\decora-sse.dll
2010-08-13 15:40 . 2010-08-13 15:40 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c3475c0-n\decora-d3d.dll
2010-08-10 15:28 . 2010-08-10 15:28 -------- d-----w- c:\program files\ESET
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\program files\Seagate
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\Downloaded Installations
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-----w- c:\program files\Carbonite
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-sh--w- c:\windows\ftpcache
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-----w- c:\documents and settings\rreiche\Application Data\Leadertech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 20:47 . 2007-09-10 14:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-04 13:06 . 2007-09-10 14:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 14:05 . 2010-07-23 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-07-22 20:06 . 2010-07-22 20:06 354744 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-07-22 20:06 . 2010-07-22 20:06 79872 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2010-07-22 20:06 . 2010-07-22 20:06 574344 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2010-07-22 20:06 . 2010-07-22 19:41 -------- d-----w- c:\documents and settings\rreiche\Application Data\SanDisk
2010-07-14 18:42 . 2010-07-14 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-25 17:42 . 2010-06-25 17:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-25 17:42 . 2010-06-25 17:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-25 17:15 . 2010-06-25 17:15 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcp71.dll
2010-06-25 17:15 . 2010-06-25 17:15 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\jmc.dll
2010-06-25 17:15 . 2010-06-25 17:15 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcr71.dll
2010-06-25 17:15 . 2010-06-25 17:15 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-sse.dll
2010-06-25 17:15 . 2010-06-25 17:15 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-d3d.dll
2010-06-15 19:49 . 2010-06-15 19:49 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll
.

------- Sigcheck -------

[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll

[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-07-15_15.19.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2006-12-02 05:46 . 2006-12-02 05:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2010-09-02 16:01 . 2010-09-02 16:01 16384 c:\windows\temp\Perflib_Perfdata_8f4.dat
+ 2010-09-02 16:01 . 2010-09-02 16:01 16384 c:\windows\temp\Perflib_Perfdata_824.dat
+ 2006-02-28 12:00 . 2010-09-02 16:05 34550 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2010-07-15 15:03 34550 c:\windows\system32\perfc009.dat
- 2009-01-13 22:34 . 2010-07-14 13:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-13 22:34 . 2010-09-02 16:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-13 22:34 . 2010-07-14 13:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-08-26 14:31 . 2010-09-02 16:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-23 14:05 . 2010-07-23 14:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F6617.exe
+ 2010-08-04 13:06 . 2010-08-04 13:06 87376 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\NewShortcut3_3AA20A2C6BEF43A6A3B4F09C5D78D1D4.exe
+ 2010-08-04 13:06 . 2010-08-04 13:06 87376 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\NewShortcut2_B7AA0888E8864144BA725EAA61DC15D5.exe
+ 2010-08-04 13:06 . 2010-08-04 13:06 50512 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\NewShortcut1_68F918D3F91F411B8936985CC2BD4192.exe
+ 2010-08-04 13:06 . 2010-08-04 13:06 87376 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\ARPPRODUCTICON.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2006-02-28 12:00 . 2010-09-02 16:05 292716 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2010-07-15 15:03 292716 c:\windows\system32\perfh009.dat
+ 2010-08-19 17:29 . 2010-08-19 17:29 219648 c:\windows\Installer\e8c7d2.msi
+ 2010-08-04 13:05 . 2010-08-04 13:05 331264 c:\windows\Installer\6bc7b.msi
+ 2010-07-23 14:05 . 2010-07-23 14:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F66110.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-08-04 13:06 . 2010-08-04 13:06 3668992 c:\windows\Installer\6bc80.msi
+ 2010-07-23 14:05 . 2010-07-23 14:05 1544192 c:\windows\Installer\4046f7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-23 95800]
"SansaDispatch"="c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-07-22 79872]
"Google Update"="c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1282048]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-20 331552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Cingular Communication Manager"="c:\program files\Cingular\Communication Manager\CingularCCM.exe" [2007-01-12 19968]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-02-02 1116920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 196608]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-25 115560]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Device Detector 3.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2007-9-27 163840]
Directrec Configuration Tool.lnk - c:\program files\OLYMPUS\DeviceDetector\DirectrecConfig.exe [2007-9-27 167936]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-10 184320]
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-2-23 92854]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 03:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2/7/2007 11:22 AM 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 1:31 PM 44720]
R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2/18/2009 12:57 PM 15280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/19/2010 12:29 PM 165456]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 6:07 PM 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2/7/2007 11:23 AM 5808]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/19/2010 12:29 PM 17744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [3/11/2007 11:46 AM 208896]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9/10/2007 9:41 AM 539936]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 12:56 PM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/10/2007 9:22 AM 36608]
R3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [2/22/2007 5:26 PM 71168]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
S2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/25/2010 9:51 AM 23888]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [9/10/2007 9:24 AM 33024]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\rreiche\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [12/12/2007 5:18 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301054588-4197235993-2086927575-1155Core.job
- c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 17:09]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301054588-4197235993-2086927575-1155UA.job
- c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 17:09]

2010-08-30 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2008-03-07 04:55]

2010-03-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-25 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: gjgrewe.com\mail
TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 13:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ????H????????@???????@
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_content&?i

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\IFXTSP.dll
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\IFXTCSps.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\windows\system32\IFXTPMCP.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTRsUS.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll

- - - - - - - > 'lsass.exe'(1236)
c:\windows\SbHpNp.dll

- - - - - - - > 'Explorer.exe'(4748)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-02 13:24:13
ComboFix-quarantined-files.txt 2010-09-02 18:24
ComboFix2.txt 2010-08-23 17:23
ComboFix3.txt 2010-07-19 15:11
ComboFix4.txt 2010-07-15 15:25

Pre-Run: 85,571,850,240 bytes free
Post-Run: 85,609,472,000 bytes free

- - End Of File - - 3078CD3BC37772F0DD1711D8BC16045B

Re: Yahoo browser redirecting 4th September 2010, 4:42 am

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Re: Yahoo browser redirecting 20th September 2010, 3:41 pm

2010/09/20 10:38:42.0656 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/20 10:38:42.0656 ================================================================================
2010/09/20 10:38:42.0656 SystemInfo:
2010/09/20 10:38:42.0656
2010/09/20 10:38:42.0656 OS Version: 5.1.2600 ServicePack: 2.0
2010/09/20 10:38:42.0656 Product type: Workstation
2010/09/20 10:38:42.0656 ComputerName: RREICHE03
2010/09/20 10:38:42.0656 UserName: rreiche
2010/09/20 10:38:42.0656 Windows directory: C:\WINDOWS
2010/09/20 10:38:42.0656 System windows directory: C:\WINDOWS
2010/09/20 10:38:42.0656 Processor architecture: Intel x86
2010/09/20 10:38:42.0656 Number of processors: 2
2010/09/20 10:38:42.0656 Page size: 0x1000
2010/09/20 10:38:42.0656 Boot type: Normal boot
2010/09/20 10:38:42.0656 ================================================================================
2010/09/20 10:38:43.0062 Initialize success
2010/09/20 10:38:53.0218 ================================================================================
2010/09/20 10:38:53.0218 Scan started
2010/09/20 10:38:53.0218 Mode: Manual;
2010/09/20 10:38:53.0218 ================================================================================
2010/09/20 10:38:54.0656 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/20 10:38:54.0937 Accelerometer (558a0039f0ef634397e1f61055504478) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
2010/09/20 10:38:55.0062 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/20 10:38:55.0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/20 10:38:55.0328 ADIHdAudAddService (1600cb3056c984af1987627128874e39) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/09/20 10:38:55.0484 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/09/20 10:38:55.0625 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/09/20 10:38:55.0718 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/09/20 10:38:55.0843 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/09/20 10:38:56.0593 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/20 10:38:57.0187 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/09/20 10:38:57.0250 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/20 10:38:57.0375 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/20 10:38:57.0500 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/20 10:38:57.0625 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/20 10:38:57.0703 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/20 10:38:57.0859 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/20 10:38:58.0218 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/20 10:38:58.0453 ATSWPDRV (4c42e4697f3a4ea0cd73a85116d7af7f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2010/09/20 10:38:58.0578 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/20 10:38:58.0765 b57w2k (133ad3794572bce689763a8356c7ed06) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/20 10:38:58.0890 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/09/20 10:38:59.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/20 10:38:59.0203 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
2010/09/20 10:38:59.0312 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/09/20 10:38:59.0484 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/09/20 10:38:59.0625 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/09/20 10:38:59.0718 btwhid (6beb0adaa3d2b80e6515eec5d03b7540) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/09/20 10:38:59.0828 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/09/20 10:39:00.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/20 10:39:00.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/20 10:39:00.0531 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/20 10:39:00.0656 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/20 10:39:01.0031 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/20 10:39:01.0234 COH_Mon (de88a385898f6d13026f94f749fbaed2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/09/20 10:39:01.0343 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/20 10:39:01.0890 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/20 10:39:02.0031 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/09/20 10:39:02.0093 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/20 10:39:02.0171 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/20 10:39:02.0265 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/09/20 10:39:02.0328 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/20 10:39:02.0421 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/20 10:39:02.0500 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/20 10:39:02.0578 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/09/20 10:39:02.0656 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/20 10:39:02.0750 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/20 10:39:02.0921 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/20 10:39:03.0031 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/09/20 10:39:03.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/20 10:39:03.0281 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/20 10:39:03.0562 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/20 10:39:03.0687 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/20 10:39:03.0875 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/20 10:39:04.0000 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2010/09/20 10:39:04.0234 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/20 10:39:04.0296 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/20 10:39:04.0546 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/20 10:39:04.0734 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/20 10:39:04.0812 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/20 10:39:04.0906 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/20 10:39:05.0046 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/20 10:39:05.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/20 10:39:05.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/20 10:39:05.0390 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/20 10:39:05.0515 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2010/09/20 10:39:05.0609 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/20 10:39:05.0765 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/20 10:39:05.0968 HP24X (04ebefe45b300a4edee5a38dc2791291) C:\WINDOWS\system32\DRIVERS\HP24X.sys
2010/09/20 10:39:06.0093 hpdskflt (5953c0952e4dd2b25b9adef05ab0285c) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
2010/09/20 10:39:06.0375 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/20 10:39:06.0500 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/20 10:39:06.0609 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/20 10:39:06.0765 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/20 10:39:07.0140 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/20 10:39:07.0437 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2010/09/20 10:39:07.0609 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/20 10:39:08.0015 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/20 10:39:08.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/20 10:39:08.0250 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/20 10:39:08.0375 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/20 10:39:08.0515 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/20 10:39:08.0609 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/20 10:39:08.0750 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/20 10:39:08.0937 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/20 10:39:09.0093 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/20 10:39:09.0218 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/20 10:39:09.0312 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/20 10:39:09.0781 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2010/09/20 10:39:09.0953 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/20 10:39:10.0125 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/20 10:39:10.0218 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/20 10:39:10.0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/20 10:39:10.0437 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/20 10:39:10.0671 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/20 10:39:10.0828 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/20 10:39:10.0968 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/20 10:39:11.0125 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/20 10:39:11.0250 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/20 10:39:11.0375 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/20 10:39:11.0531 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/20 10:39:11.0640 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/20 10:39:11.0859 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100916.002\NAVENG.SYS
2010/09/20 10:39:11.0984 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100916.002\NAVEX15.SYS
2010/09/20 10:39:12.0140 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/20 10:39:12.0234 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/20 10:39:12.0343 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/20 10:39:12.0437 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/20 10:39:12.0546 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/20 10:39:12.0687 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/20 10:39:12.0828 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/20 10:39:13.0093 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/20 10:39:13.0218 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/20 10:39:13.0359 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/20 10:39:13.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/20 10:39:13.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/20 10:39:13.0734 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/20 10:39:13.0875 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/20 10:39:14.0093 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/20 10:39:14.0171 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/20 10:39:14.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/20 10:39:14.0359 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/20 10:39:14.0593 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/20 10:39:14.0703 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/20 10:39:14.0828 PCTINDIS5 (a31c8ce8d17b4ee912479c8a2aba23f7) C:\WINDOWS\system32\PCTINDIS5.SYS
2010/09/20 10:39:15.0765 PersonalSecureDrive (0d8848fbe1765a3e27b69b5bef6d429f) C:\WINDOWS\System32\drivers\psd.sys
2010/09/20 10:39:16.0015 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/20 10:39:16.0140 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/20 10:39:16.0218 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/20 10:39:16.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/20 10:39:16.0500 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/20 10:39:17.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/20 10:39:17.0281 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/20 10:39:17.0453 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/20 10:39:17.0546 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/20 10:39:17.0687 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/20 10:39:17.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/20 10:39:17.0937 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/20 10:39:18.0078 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/20 10:39:18.0203 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/20 10:39:18.0390 RimSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/20 10:39:18.0484 RimUsb (c48ed71f500f07a01aa8ac274e144e93) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/20 10:39:18.0578 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/20 10:39:18.0718 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/20 10:39:18.0953 RsvLock (874ed329b959e7ca77168fd0f1b837e2) C:\WINDOWS\system32\drivers\RsvLock.sys
2010/09/20 10:39:19.0125 SafeBoot (bf2d1bc0649aedbe8caa47d2f89e8d47) C:\WINDOWS\system32\drivers\SafeBoot.sys
2010/09/20 10:39:19.0125 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: bf2d1bc0649aedbe8caa47d2f89e8d47
2010/09/20 10:39:19.0171 SafeBoot - detected Locked file (1)
2010/09/20 10:39:19.0234 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\WINDOWS\system32\drivers\SbAlg.sys
2010/09/20 10:39:19.0359 SBHR (6b91a8fb259db9b9f50e964b4f425296) C:\WINDOWS\system32\drivers\sbhr.sys
2010/09/20 10:39:19.0609 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/20 10:39:19.0796 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/20 10:39:19.0921 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/20 10:39:20.0109 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/20 10:39:20.0671 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/09/20 10:39:20.0796 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/20 10:39:20.0921 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/20 10:39:21.0046 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/09/20 10:39:21.0203 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/09/20 10:39:21.0375 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/09/20 10:39:21.0515 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/20 10:39:21.0718 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/20 10:39:21.0953 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/20 10:39:22.0109 swmx02 (5753f4def80535e8d8ba753a18cb6a20) C:\WINDOWS\system32\DRIVERS\swmx02.sys
2010/09/20 10:39:22.0484 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/09/20 10:39:22.0593 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/09/20 10:39:22.0671 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/09/20 10:39:23.0015 SynTP (5876072999220ef2fba1ddec86d2b97e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/20 10:39:23.0156 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/20 10:39:23.0328 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/20 10:39:23.0453 Tcpip6 (4d58bb1ae8841aafd8790ad7e1e3b8ea) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/09/20 10:39:23.0593 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/20 10:39:23.0718 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/20 10:39:23.0828 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/20 10:39:24.0156 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/09/20 10:39:24.0281 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
2010/09/20 10:39:24.0453 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/20 10:39:24.0703 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/20 10:39:24.0890 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/20 10:39:25.0015 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/20 10:39:25.0109 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/20 10:39:25.0218 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/20 10:39:25.0343 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/20 10:39:25.0453 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/20 10:39:25.0578 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/09/20 10:39:25.0750 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/09/20 10:39:25.0984 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/20 10:39:26.0140 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/20 10:39:26.0343 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/20 10:39:26.0750 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/20 10:39:26.0953 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/20 10:39:27.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/20 10:39:27.0515 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/20 10:39:27.0906 ================================================================================
2010/09/20 10:39:27.0906 Scan finished
2010/09/20 10:39:27.0906 ================================================================================
2010/09/20 10:39:27.0984 Detected object count: 1
2010/09/20 10:40:16.0328 Locked file(SafeBoot) - User select action: Skip

Re: Yahoo browser redirecting 20th September 2010, 3:45 pm

Still redirecting as well.

Re: Yahoo browser redirecting 21st September 2010, 9:01 am

Please download RenewMyDNS by DragonMaster Jay.

Save it to your Desktop.
Right-click on the file and select Extract All...
Choose a location to save extracted files and keep pressing Next until Finish.
Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
Follow the prompts, and when finished it will launch a log.
Post that log in your next reply.
After posting the log, delete the folder RenewMyDNS.

Re: Yahoo browser redirecting 21st September 2010, 3:39 pm

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))

Windows IP Configuration

Host Name . . . . . . . . . . . . : rreiche03

Primary Dns Suffix . . . . . . . : GJGrewe.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : GJGrewe.local

GJGrewe.local

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter

Physical Address. . . . . . . . . : 00-1A-73-74-65-BF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.15

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21a:73ff:fe74:65bf%4

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 213.109.64.53

213.109.73.74

fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

Lease Obtained. . . . . . . . . . : Tuesday, September 21, 2010 8:49:18 AM

Lease Expires . . . . . . . . . . : Wednesday, September 22, 2010 8:49:18 AM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : GJGrewe.local

Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet

Physical Address. . . . . . . . . : 00-22-64-6F-28-86

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.35.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::222:64ff:fe6f:2886%5

Default Gateway . . . . . . . . . : 10.1.35.254

DHCP Server . . . . . . . . . . . : 10.1.35.1

DNS Servers . . . . . . . . . . . : 24.217.0.4

fec0:0:0:ffff::1%3

fec0:0:0:ffff::2%3

fec0:0:0:ffff::3%3

Primary WINS Server . . . . . . . : 10.1.35.1

Secondary WINS Server . . . . . . : 10.1.35.2

Lease Obtained. . . . . . . . . . : Tuesday, September 21, 2010 9:52:52 AM

Lease Expires . . . . . . . . . . : Wednesday, September 29, 2010 9:52:52 AM

Ethernet adapter Bluetooth Network:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-1A-6B-AF-4F-DE

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : GJGrewe.local

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 0A-01-23-65

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:10.1.35.101%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%3

fec0:0:0:ffff::2%3

fec0:0:0:ffff::3%3

NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 0A-00-00-0F

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:10.0.0.15%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 98.137.149.56:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Pinging facebook.com [69.63.189.11] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 69.63.189.11:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Pinging microsoft.com [207.46.232.182] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

********************
EOF

Re: Yahoo browser redirecting 21st September 2010, 7:44 pm

Your router has been hacked by a malware author...aka hacker.

It has placed illegitimate DNS addresses in to the DNS servers boxes, making websites you go to check with these fake addresses first.

If the hacker chooses to do so, you will be redirected. I have to conclude that your router configuration has been hacked.

Routers can be hacked from inside the network, which means if there is malware on your computer, it can trace itself back to your router, log in to your router, and change settings.

These IP addresses:
-Static DNS 1: 213.109.64.7
-Static DNS 2: 213.109.72.139

are Russian IP addresses from a company called ProLite LTD. They have been the core issue of hacked routers on the Internet for a few months now.

What we need to do is a 30/30/30 reset for the router. It is a type of reset that will return it to firmware defaults....in other words...remove the malicious code from it and restores its original configuration.

You will need a paper clip, or something as small as a paper clip head (like a safety pin or needle).

While doing this, it may be appropriate to have someone help you, or be near the plug in for the router.

On the back of the router, there will be a reset button...use the pin/needle to hold down the reset button for 30 seconds...while you have the button held down unplug the router from the outlet...continue holding reset button for 30 seconds...plug the router back in and continue holding reset button for 30 more seconds. After that, release the reset button.

You router should recognize most types of configuration and you should be able to use it right away.

Re-set up your router as you did when you first got it. I know it is a time-based task, however, to defeat this infection, the router needs to be fully reset.

If you have done this all successfully, let me know. Test out the Internet and tell me of any redirects.

If you have any issues reconnecting the router, or getting it to work on your network, then do the following:

unplug the (usually yellow) Internet cable that is run from the modem to the router, and plug that cable directly in to your computer. You should be able to access the Internet from that temporarily so you can communicate with me.

Let me know how you got through all of this.

So far, from other hacked routers, they have been successfully reset, and the infection disappeared.

Re: Yahoo browser redirecting 21st September 2010, 8:22 pm

If I'm reading this correctly, I'm not sure that this makes sense. He can be home, on the road or at work and this happens. Isn't a router stationary? I *think* it is when he is using wi-fi but I will need to double check with him to see if it happens when logged in to his own private account at home as well.

Re: Yahoo browser redirecting 22nd September 2010, 9:03 pm

Your computer should not have redirects while away from your normal location. But, in your normal location, the router is causing issues. By resetting the router, and throwing it back to its defaults, you can rid the infection.

Re: Yahoo browser redirecting 22nd September 2010, 9:13 pm

I asked him today and he can be at home on his personal account, he can be at Starbucks, he can be tethered to his phone, he can be at work and using local wi-fi. The only time it does not happen (and I have confirmed this in as many of those places as possible) is when it is plugged in to the network cable at work.

so do I reset the home router?

Re: Yahoo browser redirecting 22nd September 2010, 9:43 pm

Try that first, then we will search for more malware on the system.

Yahoo browser redirecting

descriptionRe: Yahoo browser redirecting 9th August 2010, 3:20 pm

descriptionRe: Yahoo browser redirecting 9th August 2010, 7:20 pm

descriptionRe: Yahoo browser redirecting 9th August 2010, 7:57 pm

descriptionRe: Yahoo browser redirecting 9th August 2010, 8:28 pm

descriptionRe: Yahoo browser redirecting 10th August 2010, 5:03 pm

descriptionRe: Yahoo browser redirecting 10th August 2010, 7:12 pm

descriptionRe: Yahoo browser redirecting 18th August 2010, 6:09 am

descriptionRe: Yahoo browser redirecting 19th August 2010, 6:27 pm

descriptionRe: Yahoo browser redirecting 19th August 2010, 7:27 pm

descriptionRe: Yahoo browser redirecting 23rd August 2010, 6:22 pm

descriptionRe: Yahoo browser redirecting 25th August 2010, 9:00 am

descriptionRe: Yahoo browser redirecting 26th August 2010, 3:36 pm

descriptionRe: Yahoo browser redirecting 26th August 2010, 8:07 pm

descriptionRe: Yahoo browser redirecting 2nd September 2010, 6:27 pm

descriptionRe: Yahoo browser redirecting 4th September 2010, 4:42 am

descriptionRe: Yahoo browser redirecting 20th September 2010, 3:41 pm

descriptionRe: Yahoo browser redirecting 20th September 2010, 3:45 pm

descriptionRe: Yahoo browser redirecting 21st September 2010, 9:01 am

descriptionRe: Yahoo browser redirecting 21st September 2010, 3:39 pm

descriptionRe: Yahoo browser redirecting 21st September 2010, 7:44 pm

descriptionRe: Yahoo browser redirecting 21st September 2010, 8:22 pm

descriptionRe: Yahoo browser redirecting 22nd September 2010, 9:03 pm

descriptionRe: Yahoo browser redirecting 22nd September 2010, 9:13 pm

descriptionRe: Yahoo browser redirecting 22nd September 2010, 9:43 pm

descriptionRe: Yahoo browser redirecting