Active Search engine redirects

Combofix needs to be uninstalled to remove it correctly.

Let's get rid of Combofix now that we are finished with it.

• Click START then RUN
• Now type Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
  
  ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

That should remove all reference to it. You can try downloading and running it again once done.
If you still get no log, try running it in safe mode.

 

I cannot download combofix. Is says:

Cannot copy ComboFix[1]: Access is denied.

I was able to down other files from the intenet though.

I ws also unable to unintall combo fix. Is said Windows cannot find ComboFix

 

Where did you run Combofix from? It needs to be on the desktop.

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :Files
  c:\windows\system32\slibaguhge.dll
  :Commands
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

===========

 

Sorry for not getting back to you I was out away from the computer for a few weeks.

When I run OTL I got this with the reset

All processes killed
========== FILES ==========
File\Folder c:\windows\system32\slibaguhge.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dell
->Temp folder emptied: 151740 bytes
->Temporary Internet Files folder emptied: 897463974 bytes
->Java cache emptied: 1042 bytes
->FireFox cache emptied: 9826192 bytes
->Apple Safari cache emptied: 905548 bytes
->Flash cache emptied: 3581 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 171231505 bytes
->Java cache emptied: 2989 bytes
->Flash cache emptied: 20054 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 63610210 bytes
->Java cache emptied: 83387 bytes
->Flash cache emptied: 21053 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28807703 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 62464 bytes

Total Files Cleaned = 1,118.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 05222010_001734

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IA3E5ZDW\blank[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\mcmsc_APg6TmygVRuyRHT not found!
File\Folder C:\WINDOWS\temp\mcmsc_LUB4GQsdHfAZMnV not found!
File\Folder C:\WINDOWS\temp\mcmsc_upEXnMCA3MIQq6z not found!

Registry entries deleted on Reboot...


Then After the Reset I got:


OTL logfile created on: 5/22/2010 12:26:47 AM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Dell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 91.69 Gb Free Space | 39.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 144.30 Gb Total Space | 38.01 Gb Free Space | 26.34% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-6C9970A46C
Current User Name: Dell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/08 22:28:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
PRC - [2010/04/28 18:14:30 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/10/03 22:24:15 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/02 21:08:02 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/07/29 21:28:48 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/18 16:51:50 | 000,565,248 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/10/30 11:01:16 | 000,392,832 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2005/10/21 11:40:26 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/05/08 22:28:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/07/29 21:28:48 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/06/18 16:51:50 | 000,565,248 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/09/15 21:44:12 | 000,028,672 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/14 16:20:08 | 000,020,936 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb22ldr.sys -- (USB22LDR)
DRV - [2007/11/14 16:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/20 19:47:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/02 21:08:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/01/09 06:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/07 19:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/07 19:38:39 | 000,000,000 | ---D | M]

[2010/05/07 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dell\Application Data\Mozilla\Extensions
[2010/05/07 19:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\ib12aaxi.default\extensions
[2010/05/07 19:43:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\ib12aaxi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 19:38:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/22 00:23:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DVDtoiPodConverter_upgrade] C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe (E-Z soft)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/10 16:28:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ace42682-5dd1-11dd-b176-000f1fe94a7b}\Shell - " " = AutoRun
O33 - MountPoints2\{ace42682-5dd1-11dd-b176-000f1fe94a7b}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{ace42682-5dd1-11dd-b176-000f1fe94a7b}\Shell\AutoRun\command - " " = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/19 20:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/05/12 01:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2010/05/12 01:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/05/10 07:31:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/09 19:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Desktop\GooredFix Backups
[2010/05/09 19:25:13 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Dell\Desktop\GooredFix.exe
[2010/05/09 19:20:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/09 17:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Desktop\Dial-a-fix-v0.60.0.24
[2010/05/09 08:53:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/08 22:28:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2010/05/07 20:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/07 20:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/07 20:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\Downloads
[2010/05/07 20:05:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dell\Recent
[2010/05/07 19:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\Mozilla
[2010/05/07 19:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\REgistry backups
[2010/05/07 04:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/07 04:05:07 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/07 04:05:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/07 04:05:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/07 04:05:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/04 18:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/04 00:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/05/04 00:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/04/28 16:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/28 15:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/28 10:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/27 20:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/27 20:18:48 | 000,000,000 | ---D | C] -- C:\HJT
[2010/04/27 18:16:29 | 000,000,000 | ---D | C] -- C:\cmdcons
[2010/04/27 18:14:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/27 17:22:19 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/27 17:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/27 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/27 17:15:37 | 005,937,984 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Dell\Desktop\HitmanPro35.exe
[2010/04/26 23:51:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/26 18:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Application Data\Malwarebytes
[2010/04/26 18:57:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/26 18:57:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/26 18:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/26 08:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/26 08:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/26 08:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/26 08:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\avG
[2008/07/30 18:48:35 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2008/07/30 18:48:33 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2008/07/30 18:48:33 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2008/07/30 18:48:32 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2008/07/30 18:48:32 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2008/07/30 18:48:32 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2008/07/30 18:48:31 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2008/07/30 18:48:31 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2008/07/30 18:48:31 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll

========== Files - Modified Within 30 Days ==========

[2010/05/22 00:26:11 | 000,000,361 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/05/22 00:25:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/22 00:25:36 | 000,034,719 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/22 00:24:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/22 00:24:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/22 00:23:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 00:23:17 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Dell\NTUSER.DAT
[2010/05/22 00:23:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dell\ntuser.ini
[2010/05/22 00:23:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/05/21 22:59:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/15 03:03:51 | 000,000,176 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/15 02:22:28 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/05/09 20:36:51 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2010/05/09 19:26:31 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Dell\Desktop\GooredFix.exe
[2010/05/09 19:21:38 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/09 19:21:38 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/09 17:04:39 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Dial-a-fix-v0.60.0.24.zip
[2010/05/09 09:18:50 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.msi
[2010/05/08 22:28:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2010/05/08 22:26:26 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/08 15:38:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\dds.scr
[2010/05/07 21:07:18 | 000,000,323 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/07 20:10:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Spybot - Search & Destroy.lnk
[2010/05/07 19:39:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 19:38:42 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/07 19:34:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/06 23:11:11 | 000,027,792 | ---- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/05 22:29:16 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/05 22:06:21 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/03 19:30:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/01 01:00:34 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/04/30 21:25:51 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/30 20:59:28 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/30 20:59:20 | 000,000,074 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 18:15:18 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2010/04/27 19:12:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/27 19:07:16 | 000,009,764 | -HS- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\UsIG2
[2010/04/27 19:07:16 | 000,009,764 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\UsIG2
[2010/04/27 18:23:25 | 000,899,695 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\XDelBox.zip
[2010/04/27 18:16:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/27 17:15:46 | 005,937,984 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Dell\Desktop\HitmanPro35.exe
[2010/04/27 00:12:43 | 000,030,092 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/27 00:11:16 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/26 16:52:41 | 000,010,926 | -HS- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\LS6hh08
[2010/04/26 16:52:41 | 000,010,926 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\LS6hh08
[2010/04/22 23:10:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/22 23:10:47 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/05/15 03:03:51 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/09 17:04:28 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Dial-a-fix-v0.60.0.24.zip
[2010/05/09 09:18:32 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.msi
[2010/05/08 15:37:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\dds.scr
[2010/05/07 21:07:15 | 000,000,323 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/07 20:10:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Spybot - Search & Destroy.lnk
[2010/05/07 19:39:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 19:38:42 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/27 20:19:50 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2010/04/27 19:05:14 | 000,009,764 | -HS- | C] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\UsIG2
[2010/04/27 19:05:14 | 000,009,764 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\UsIG2
[2010/04/27 18:23:21 | 000,899,695 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\XDelBox.zip
[2010/04/27 18:16:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/27 18:16:34 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/27 17:16:06 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/27 00:11:16 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/26 18:57:29 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/26 08:51:49 | 000,010,926 | -HS- | C] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\LS6hh08
[2010/04/26 08:51:49 | 000,010,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LS6hh08
[2010/04/20 18:45:18 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2010/04/17 12:24:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/17 03:18:04 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
[2010/03/31 18:04:49 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/10/15 14:07:32 | 000,000,042 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2009/10/15 14:05:44 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2009/05/22 08:43:06 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/04/28 10:57:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/04/28 10:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/03/28 20:45:36 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/03/28 20:45:00 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/03/28 20:45:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/03/12 16:54:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/03/12 15:54:48 | 000,000,180 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/02 10:45:35 | 000,001,847 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/02/19 20:08:41 | 000,003,844 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2009/02/01 23:58:46 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/01 23:58:45 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/01 23:58:45 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDIFOFilter.dll
[2008/12/28 14:15:45 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/12/12 21:17:18 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2008/08/11 22:39:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/30 18:48:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2008/07/30 18:48:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2008/07/30 18:48:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2008/07/30 18:48:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2008/07/30 18:48:29 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2008/07/30 18:48:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2008/07/30 18:48:27 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2008/07/30 18:48:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2008/07/30 18:48:26 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2008/07/30 18:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2008/07/29 21:23:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/07 19:29:43 | 000,002,681 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM9.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
< End of report >

 

How are things now?

 

Still getting redirected but it does not seem as often. The first 6 searches after the OTL there were no redirects and now it seems to be less than half of google search results are redirects.

 

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 25, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, May 24, 2010 21:26:05
Records in database: 4171381
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 275174
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 06:06:24


File name / Threat / Threats count
C:\Documents and Settings\Dell\Shared\Miroslav Philharmonik [VST RTAS DX].zip Infected: Trojan-Downloader.Win32.VB.von 2

Selected area has been scanned.

 

Do you know what that file is? If it is suspect, please delete it.

Let's try downloading combofix again.

Please download ComboFix by sUBs from HERE or HERE

• You must rename combofix BEFORE saving it to your pc.
• 
• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

I still do not get any combofix log file. This was an issue a few weeks ago as well.

 

Does Combofix run ok other than not producing a log?
Are you still getting the re-directs?

 

Still getting redirects.

Also I cannot get windows updates I get an error that says "Internet Explorer cannot display the webpage" and refers to an internet connection problem but that cannot be an issue since I am already on-line fine once I am not trying to go to the mircosoft homepage.

I do not think that ComboFix completes running since it creates a directory called Combofix but it acts like a pointer to Mycomputer with the various DVD and hard drives listed.

 

I cannot make email or post to this site that refernce the microsoft update link in the message the link is at http_://_wind_ows_update_._microsoft_._com_/. The extra spaces in the link is the only way I was able to post this reply.

 

Try this;

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

• 
  * Double-click on the Rkill desktop icon to run the tool.
  * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  * If not, delete the file, then download and use the one provided in Link 2.
  * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  * Do not reboot until instructed.
  * If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

• 
  * Please download exeHelper from Raktor to your desktop.
  * Double-click on exeHelper.com to run the fix.
  * A black window should pop up, press any key to close once the fix is completed.
  * A log file named log.txt will be created in the directory where you ran exeHelper.com
  * Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

=================================================================

Download gmer.zip: http://www.gmer.net/files.php
Unzip the file, and double click on gmer.exe, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

 

exeHelper by Raktor
Build 20100414
Run at 21:29:30 on 05/26/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

For gmer.exe the "Show all" checkbox was not able to be checked since all items came up checked by default which is effectively "Show All ". Which items am I to check if any or all?

 

Make sure to uncheck the show all box before doing the scan. Leave the rest as is.

 

When I did that is the program seemed to stall after about 20 minutes of running. It was checking an NFS file.

 

Did you run it immediately after runing the other tools? If not, give that a try.

 

Yes I ran it immediately after the other tools.