Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect


  • This topic is locked This topic is locked
19 replies to this topic

#1 ChicagoAl

ChicagoAl

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 28 December 2008 - 10:33 PM

Greetings,

First of all, thank you in advance for your help.

Problem:

I am running XP SP3. A few days ago, I noticed that I had problems with Google Searches. Whenever I search a topic, the text of the results looks fine, but the web link is incorrect. For example if I search "Spain", the first listing is for a Wikipedia link, but the link takes me to "www.toseeka.org" instead of Wikipedia. I have done a little troubleshooting and have discovered that Yahoo searches also are affected, but Ask.com works fine. I have this problem when I use IE 7.0.5730 or Firefox 3.05, but have no problem if I use Safari 3.1.2.

Actions taken so far:
I completed a full Spybot - Search and Destroy 1.6.0.31 scan and it did not find anything wrong.
I completed a full McAfee 3.6.0 scan and it did not find anything wrong
I completed a full Malwarebytes 1.31 scan and it did not find anything wrong
I ran CCleaner 2.15
I posted the issue on "Am I infected? What do I do?" forum
A moderator helped me rerun Malwarebytes, run ATF Cleaner, run SUPERAntiSpyware, and run Dr.Web CureIt. The moderator also analyzed the logs for me, but we were not able to resolve the issue.
The moderator then suggested that I post my issue in this forum.

Other: In case it is useful, I did want to mention that my desktop wallpaper went black around the same time this issue arose and also I removed what I assumed was an issue with a file called "helper.dll" (a folder named c:\Program Files\Common would open during reboot in which "helper.dll" resided) a the day before these issues arose. My desktop wallpaper seems to be back to normal with the help that the moderator gave me. The first time I ran Malwarebytes (before I posted for any help), helper.dll went away.

DDS.txt report:
DDS (Version 1.1.0) - NTFSx86
Run by amartinez3 at 20:45:58.20 on Sun 12/28/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.116 [GMT -6:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\program files\cscmarimba\tuner\Tuner.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lotus\Notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\fxssvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Safari\Safari.exe
C:\program files\cscmarimba\tuner\lib\minituner.exe
C:\Documents and Settings\AMartinez3\Desktop\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ssgnexus.ning.com/
uInternet Settings,ProxyServer = cms20:80
uInternet Settings,ProxyOverride = 10.*.*.*;<local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TpShocks] TpShocks.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\REALSE~1.LNK -
uPolicies-explorer: GreyMSIAds = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\amarti~1\applic~1\mozilla\firefox\profiles\somdt9va.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MrFilter.sys [2008-9-3 12096]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\Apsx86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2008-4-4 14848]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2007-6-27 11520]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\drivers\IBMBLDID.sys [2007-6-27 4224]
R1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-5-12 31816]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 BlackICE;BlackICE;"c:\program files\iss\isssensors\desktopprotection\blackd.exe" [2005-7-25 847872]
R2 cscmarimba;cscmarimba;c:\program files\cscmarimba\tuner\Tuner.exe [2007-4-25 36953]
R2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\FrameworkService.exe" /ServiceStart [2008-12-5 103744]
R2 McShield;McAfee McShield;"c:\program files\mcafee\virusscan enterprise\mcshield.exe" [2008-5-12 144704]
R2 McTaskManager;McAfee Task Manager;"c:\program files\mcafee\virusscan enterprise\vstskmgr.exe" [2008-5-12 54608]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2007-10-18 9817]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-12-5 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-12-5 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-12-5 174952]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2008-4-4 6528]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [2007-7-26 27904]
R4 black;black;c:\windows\system32\drivers\BlackDrv.sys [2005-7-25 229367]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2007-10-18 117760]
S3 f5ipfw;F5 Networks StoneWall Filter;\??\c:\windows\system32\drivers\urfltw2k.sys [2008-5-2 10256]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-9-25 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-9-25 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-9-25 23680]
S3 RapFile;RapFile;\??\c:\windows\system32\drivers\RapFile.sys [2005-7-25 36676]
S3 RapNet;RapNet;\??\c:\windows\system32\drivers\RapNet.sys [2005-7-25 24344]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

=============== Created Last 30 ================

2008-12-28 12:36 <DIR> --d----- c:\documents and settings\amartinez3\DoctorWeb
2008-12-27 17:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-27 17:18 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-27 17:18 <DIR> --d----- c:\docume~1\amarti~1\applic~1\SUPERAntiSpyware.com
2008-12-27 17:17 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-26 02:42 <DIR> --d----- c:\program files\common files\Lenovo
2008-12-25 23:47 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-25 22:38 <DIR> --d----- c:\docume~1\amarti~1\applic~1\Malwarebytes
2008-12-25 22:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-25 22:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-25 22:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-25 22:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-25 00:45 74,892 a---h--- c:\windows\system32\mlfcache.dat
2008-12-18 23:52 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-18 23:06 <DIR> --d----- c:\windows\system32\Adobe
2008-12-18 23:01 221,184 a------- c:\windows\system32\wmpns.dll
2008-12-18 22:24 <DIR> --d----- c:\windows\system32\scripting
2008-12-18 22:24 <DIR> --d----- c:\windows\l2schemas
2008-12-18 22:24 <DIR> --d----- c:\windows\system32\en
2008-12-18 22:24 <DIR> --d----- c:\windows\system32\bits
2008-12-18 22:16 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-18 22:06 <DIR> --d----- c:\windows\network diagnostic
2008-12-18 18:46 276,992 -------- c:\windows\system32\wmphoto.dll
2008-12-18 18:44 20,992 -------- c:\windows\system32\spupdwxp.exe
2008-12-18 18:43 144,384 -------- c:\windows\system32\onex.dll
2008-12-18 18:42 397,312 -------- c:\windows\system32\mmcex.dll
2008-12-18 18:41 46,592 -------- c:\windows\system32\drivers\irbus.sys
2008-12-18 18:40 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2008-12-14 16:23 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2008-12-07 21:14 <DIR> --d----- c:\program files\Trend Micro
2008-12-07 20:45 <DIR> --d----- c:\program files\CCleaner
2008-12-06 12:38 <DIR> --d----- C:\Quarantine
2008-12-05 21:48 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2008-12-05 21:48 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2008-12-05 21:48 <DIR> --d----- c:\program files\common files\Cisco Systems
2008-12-05 21:47 64,232 a------- c:\windows\system32\drivers\mfeapfk.sys
2008-12-05 21:47 33,960 a------- c:\windows\system32\drivers\mfebopk.sys
2008-12-05 21:47 72,936 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-12-05 21:47 52,104 a------- c:\windows\system32\drivers\mfetdik.sys
2008-12-05 21:47 174,952 a------- c:\windows\system32\drivers\mfehidk.sys
2008-12-05 21:47 <DIR> --d----- c:\program files\McAfee
2008-12-05 21:47 <DIR> --d----- c:\program files\common files\McAfee
2008-12-05 21:46 557 a------- C:\Pltfrm2.ini
2008-12-05 21:44 <DIR> --d----- C:\bPowerTemp
2008-12-04 16:19 23,576 a------- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2008-12-18 22:30 86,695 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 10:25 111,662 a------- C:\fixinvtree.exe
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-10 09:34 56,912 a------- c:\documents and settings\amartinez3\g2mdlhlpx.exe
2008-04-28 12:39 13,824 a------- c:\documents and settings\amartinez3\atwbxdet.dll

============= FINISH: 20:48:03.65 ===============


I still have the Search Engine Redirect issues even after these actions. Any help would be appreciated.

Thanks,

Al

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:21 AM

Posted 29 December 2008 - 02:45 AM

Hello Al,

Posted Image

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.


This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 ChicagoAl

ChicagoAl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 29 December 2008 - 12:12 PM

Tea,

Thanks for he help. I ran Hijack This and ComboFix then Hijack This again and have attached the logs. I did get the warning that VirusScan Enterprise and AntiSpy Enterprise where running when I ran ComboFix. I turned them off, but they must have turned themselves back on. I think they were on when ComboFix ran. I tried Google again and still have the issue. Thanks!

Al

Hijack This log (before ComboFix):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:06 AM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\program files\cscmarimba\tuner\Tuner.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\Lotus\Notes\ntmulti.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\fxssvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\program files\cscmarimba\tuner\lib\minituner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ssgnexus.ning.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cms20:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://portal.csc.com/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://workplace.amer.csc.com/qp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://fpvip.yrcw.com/vdesk/cachecleaner.c...,2007,0726,1517
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://fpvip.yrcw.com/vdesk/terminal/urxvp...,2007,0726,1523
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://amer-ml30.amer.csc.com/iNotes6W.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\AMARTI~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - https://amer-ml30.amer.csc.com/download/dolcontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1229626452546
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://fpvip.yrcw.com/vdesk/terminal/urTer...,2007,0726,1516
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229626537890
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - https://amer-st09.amer.csc.com/sametime/stm...STJNILoader.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://fpvip.yrcw.com/vdesk/terminal/urxsh...,2007,0726,1519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://yrcworldwide.webex.com/client/T26L1...bex/ieatgpc.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://fpvip.yrcw.com/vdesk/terminal/urxho...,2007,0726,1519
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.globalcsc.net
O17 - HKLM\Software\..\Telephony: DomainName = amer.globalcsc.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.globalcsc.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = amer.globalcsc.net
O18 - Filter hijack: text/html - {feb2e7c2-484a-472c-bc77-fdb62c52580b} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cscmarimba - BMC Software, Inc. - C:\program files\cscmarimba\tuner\Tuner.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\Lotus\Notes\ntmulti.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14566 bytes

ComboFix Log:
ComboFix 08-12-28.03 - amartinez3 2008-12-29 10:25:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.341 [GMT -6:00]
Running from: c:\docume~1\AMARTI~1\LOCALS~1\Temp\Saf32.tmp\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.

2008-12-28 12:36 . 2008-12-28 12:36 <DIR> d-------- c:\documents and settings\AMartinez3\DoctorWeb
2008-12-27 17:19 . 2008-12-27 17:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-27 17:18 . 2008-12-27 17:19 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-27 17:18 . 2008-12-27 17:18 <DIR> d-------- c:\documents and settings\AMartinez3\Application Data\SUPERAntiSpyware.com
2008-12-27 17:17 . 2008-12-27 17:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-26 02:42 . 2008-12-26 02:43 <DIR> d-------- c:\program files\Common Files\Lenovo
2008-12-25 23:47 . 2008-12-25 23:46 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 22:38 . 2008-12-25 22:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-25 22:38 . 2008-12-25 22:38 <DIR> d-------- c:\documents and settings\AMartinez3\Application Data\Malwarebytes
2008-12-25 22:38 . 2008-12-25 22:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-25 22:38 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-25 22:38 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-25 00:45 . 2008-12-25 00:45 74,892 --ah----- c:\windows\system32\mlfcache.dat
2008-12-18 23:52 . 2008-12-18 23:52 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-18 23:06 . 2008-12-18 23:07 <DIR> d-------- c:\windows\system32\Adobe
2008-12-18 23:01 . 2004-08-03 22:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-18 22:24 . 2008-12-18 22:24 <DIR> d-------- c:\windows\system32\scripting
2008-12-18 22:24 . 2008-12-18 22:24 <DIR> d-------- c:\windows\system32\en
2008-12-18 22:24 . 2008-12-18 22:24 <DIR> d-------- c:\windows\system32\bits
2008-12-18 22:24 . 2008-12-18 22:24 <DIR> d-------- c:\windows\l2schemas
2008-12-18 22:16 . 2008-12-18 22:25 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-18 18:46 . 2008-04-13 18:12 276,992 --------- c:\windows\system32\wmphoto.dll
2008-12-18 18:44 . 2008-04-13 18:12 412,160 --------- c:\windows\system32\photometadatahandler.dll
2008-12-18 18:43 . 2008-04-13 18:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2008-12-18 18:42 . 2008-04-13 18:11 397,312 --------- c:\windows\system32\mmcex.dll
2008-12-18 18:41 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-12-18 18:40 . 2008-04-13 18:11 516,768 --------- c:\windows\system32\ativvaxx.dll
2008-12-14 16:23 . 2008-10-23 06:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
2008-12-07 21:14 . 2008-12-07 21:14 <DIR> d-------- c:\program files\Trend Micro
2008-12-07 20:45 . 2008-12-26 16:53 <DIR> d-------- c:\program files\CCleaner
2008-12-06 12:38 . 2008-12-29 10:25 <DIR> d-------- C:\Quarantine
2008-12-05 21:48 . 2008-12-05 21:48 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-12-05 21:48 . 2008-03-11 04:16 1,495,552 --a------ c:\windows\system32\epoPGPsdk.dll
2008-12-05 21:48 . 2008-03-11 04:16 280 --a------ c:\windows\system32\epoPGPsdk.dll.sig
2008-12-05 21:47 . 2008-12-05 21:47 <DIR> d-------- c:\program files\McAfee
2008-12-05 21:47 . 2008-12-05 21:47 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-05 21:47 . 2008-12-05 22:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-05 21:47 . 2008-05-12 15:30 174,952 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-12-05 21:47 . 2008-05-12 15:30 72,936 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-05 21:47 . 2008-05-12 15:30 64,232 --a------ c:\windows\system32\drivers\mfeapfk.sys
2008-12-05 21:47 . 2008-05-12 15:30 52,104 --a------ c:\windows\system32\drivers\mfetdik.sys
2008-12-05 21:47 . 2008-05-12 15:30 33,960 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-05 21:46 . 2008-12-05 21:46 557 --a------ C:\Pltfrm2.ini
2008-12-05 21:44 . 2008-12-09 19:40 <DIR> d-------- C:\bPowerTemp
2008-12-04 16:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-26 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-26 08:42 --------- d-----w c:\program files\Lenovo
2008-12-26 05:45 --------- d-----w c:\program files\Java
2008-12-23 05:53 --------- d-----w c:\documents and settings\AMartinez3\Application Data\Apple Computer
2008-12-03 18:45 --------- d-----w c:\documents and settings\AMartinez3\Application Data\Sametime
2008-11-26 04:30 --------- d-----w c:\documents and settings\AMartinez3\Application Data\Move Networks
2008-11-15 17:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 16:56 --------- d-----w c:\program files\MSXML 6.0
2008-11-15 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-03 16:25 111,662 ----a-w C:\fixinvtree.exe
2008-09-10 15:34 56,912 ----a-w c:\documents and settings\AMartinez3\g2mdlhlpx.exe
2008-04-28 18:39 13,824 ----a-w c:\documents and settings\AMartinez3\atwbxdet.dll
2004-08-03 16:55 217,405 ----a-w c:\windows\system32\config\systemprofile\WaitTime.EXE
2004-08-03 16:55 217,405 ----a-w c:\documents and settings\CGadmin\WaitTime.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-05-17 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-05-17 126976]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-12 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-03-11 136512]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 c:\windows\system32\Ati2mdxx.exe]
"TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-04 24576]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-05-17 09:41 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45 28672 c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=CallBMCclient.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1530212641-2372712455-1428225574-49402\Scripts\Logon\0\0]
"Script"=\\amer.globalcsc.net\SysVol\amer.globalcsc.net\Policies\{D73A465F-2C76-4553-99E9-B31D712935B6}\User\Scripts\Logon\cguser.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1530212641-2372712455-1428225574-49402\Scripts\Logon\0\1]
"Script"=\\amer.globalcsc.net\SysVol\amer.globalcsc.net\Policies\{D73A465F-2C76-4553-99E9-B31D712935B6}\User\Scripts\Logon\drive-remap.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MrFilter.sys [2008-09-03 12096]
R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-10-16 19504]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2008-04-04 14848]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2007-06-27 11520]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2007-06-27 4224]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 BlackICE;BlackICE;"c:\program files\ISS\issSensors\DesktopProtection\blackd.exe" [2005-07-25 847872]
R2 cscmarimba;cscmarimba;c:\program files\cscmarimba\tuner\Tuner.exe [2007-04-25 36953]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-10-18 9817]
R3 TPInput;TPInput;c:\windows\system32\DRIVERS\TPInput.sys [2008-04-04 6528]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\urvpndrv.sys [2007-07-26 27904]
R4 black;black;c:\windows\system32\drivers\BlackDrv.sys [2005-07-25 229367]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-10-18 117760]
S3 f5ipfw;F5 Networks StoneWall Filter;\??\c:\windows\system32\drivers\urfltw2k.sys [2008-05-02 10256]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-09-25 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-09-25 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2008-09-25 23680]
S3 RapFile;RapFile;\??\c:\windows\system32\drivers\RapFile.sys [2005-07-25 36676]
S3 RapNet;RapNet;\??\c:\windows\system32\drivers\RapNet.sys [2005-07-25 24344]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b8a7c4-21ec-11dd-9dcd-444553544200}]
\Shell\AutoRun\command - e:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - e:\system\viewer\FlipVideoforPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\wmactedp.inf,PerUserStub
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ssgnexus.ning.com/
uInternet Settings,ProxyServer = cms20:80
uInternet Settings,ProxyOverride = 10.*.*.*;<local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\system32\capicom.dll - c:\windows\Downloaded Program Files\acpir2.dll
O16 -: {2DAD3559-2923-4935-AD49-B673D2539944}
hxxp://www-307.ibm.com/pc/support/acpir.cab
c:\windows\Downloaded Program Files\acpir.inf

c:\windows\Downloaded Program Files\npdolctl.dll - O16 -: {5BDBA960-6534-11D3-97C7-00500422B550}
hxxps://amer-ml30.amer.csc.com/download/dolcontrol.cab
c:\windows\Downloaded Program Files\lotusdownloader.inf

c:\windows\system32\stfm651FP1.dll - c:\windows\system32\stsm651FP1.dll
c:\windows\system32\stas651FP1.dll
c:\windows\Downloaded Program Files\STJNILoader.ocx
O16 -: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59}
hxxps://amer-st09.amer.csc.com/sametime/stmeetingroomclient/STJNILoader.cab
c:\windows\Downloaded Program Files\STJNILoader.inf
FF - ProfilePath - c:\documents and settings\AMartinez3\Application Data\Mozilla\Firefox\Profiles\somdt9va.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 10:35:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(1888)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\mnmsrvc.exe
c:\program files\Lotus\Notes\ntmulti.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\fxssvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\ISS\issSensors\DesktopProtection\blackice.exe
c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
c:\program files\Hp\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\cscmarimba\tuner\lib\minituner.exe
.
**************************************************************************
.
Completion time: 2008-12-29 10:39:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-29 16:39:50

Pre-Run: 17,019,416,576 bytes free
Post-Run: 16,886,255,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=alwaysoff /fastdetect
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

284 --- E O F --- 2008-12-15 19:35:58


Hijack This log (after ComboFix):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07, on 2008-12-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\program files\cscmarimba\tuner\Tuner.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\Lotus\Notes\ntmulti.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\cscmarimba\tuner\lib\minituner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ssgnexus.ning.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cms20:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://portal.csc.com/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://workplace.amer.csc.com/qp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://fpvip.yrcw.com/vdesk/cachecleaner.c...,2007,0726,1517
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://fpvip.yrcw.com/vdesk/terminal/urxvp...,2007,0726,1523
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://amer-ml30.amer.csc.com/iNotes6W.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\AMARTI~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - https://amer-ml30.amer.csc.com/download/dolcontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1229626452546
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://fpvip.yrcw.com/vdesk/terminal/urTer...,2007,0726,1516
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229626537890
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - https://amer-st09.amer.csc.com/sametime/stm...STJNILoader.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://fpvip.yrcw.com/vdesk/terminal/urxsh...,2007,0726,1519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://yrcworldwide.webex.com/client/T26L1...bex/ieatgpc.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://fpvip.yrcw.com/vdesk/terminal/urxho...,2007,0726,1519
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.globalcsc.net
O17 - HKLM\Software\..\Telephony: DomainName = amer.globalcsc.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.globalcsc.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = amer.globalcsc.net
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cscmarimba - BMC Software, Inc. - C:\program files\cscmarimba\tuner\Tuner.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\Lotus\Notes\ntmulti.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14308 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:21 AM

Posted 29 December 2008 - 12:27 PM

Hi Al,

That's okay. :thumbsup: I bet this one will make it show itself :)

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 ChicagoAl

ChicagoAl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 29 December 2008 - 01:49 PM

Hi Tea,

Here is the results:

GooredFix v1.6 by jpshortstuff
Log created at 12:49 on 29/12/2008 running Option #1
Firefox version 3.0.5 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:21 AM

Posted 29 December 2008 - 01:58 PM

Hi Al,

Bah........you can delete GooredFix. It wasn't that particular needle. :thumbsup: Do you have a router?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 ChicagoAl

ChicagoAl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 29 December 2008 - 02:19 PM

Tea,

I do indeed have a router. I connect to it wireless from my laptop (which is the computer that has the issue) and hardwired from a desktop (no issues on the desktop).

With my laptop, I use my own wireless network router about 75% of the time and free local routers about 25% of the time (I live near and often frequent a local coffee shop with free internet). I have the issues with my laptop regardless of the network I am on.

I did want to mention that about two months ago, I could not get on my more commonly visited sites (ESPN, SportsIllustrated, ChicagoTribune, etc.) whenever I was on my own network (whether on my laptop or desktop), but had no problem when I was on another network or whenever I tried to get to new websites. I reset my router to the default settings (and readded security and new passwords) and the problem went away. I also had the same problem about a month ago and the problem went away, when I reset my router.

Thanks for the help.

Al

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:21 AM

Posted 29 December 2008 - 02:44 PM

That's exactly what I was going to suggest you do, reset the router. :thumbsup: This DNS changer infects the router, rather that the computer itself.

You're welcome. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 ChicagoAl

ChicagoAl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 29 December 2008 - 02:49 PM

Let me try resetting it now. Will let you know if it works.

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:21 AM

Posted 29 December 2008 - 02:55 PM

:thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 ChicagoAl

ChicagoAl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 29 December 2008 - 04:24 PM

Reset my router to original defaults, but it did not work. Any other ideas? Thanks!

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:21 AM

Posted 29 December 2008 - 04:38 PM

Hello,

Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

Click Start>Run> Type in (or copy and paste) ipconfig /flushdns and hit enter. You'll get a confirmation that the flush was successful.

I know you've got plenty of scanners on board.......have you run any scans with them today? MBAM, SAS, etc........

Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 ChicagoAl

ChicagoAl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 29 December 2008 - 09:13 PM

Hey Tea,

Problem is still there. I have not run any other scans besides for the ones you asked me to (let me know if you need me to run any scans).

Here is the log:
12/29/08 19:46:33 [Info]: BlackLight Engine 2.2.1092 initialized
12/29/08 19:46:33 [Info]: OS: 5.1 build 2600 (Service Pack 3)
12/29/08 19:46:34 [Note]: 7019 4
12/29/08 19:46:34 [Note]: 7005 0
12/29/08 19:46:36 [Note]: 7006 0
12/29/08 19:46:36 [Note]: 7022 0
12/29/08 19:46:37 [Note]: 7011 4076
12/29/08 19:46:37 [Note]: 7035 0
12/29/08 19:46:37 [Note]: 7026 0
12/29/08 19:46:37 [Note]: 7026 0
12/29/08 19:46:37 [Note]: FSRAW library version 1.7.1024
12/29/08 20:09:59 [Note]: 7007 0

Thanks!

Al

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:21 AM

Posted 30 December 2008 - 07:05 PM

Hello,

Did you set this yourself?

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;<local>;*.local


If not, have HijackThis fix it and reboot.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 ChicagoAl

ChicagoAl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 31 December 2008 - 03:51 AM

Hi Tea,

I do not recall setting this. I set Hijack This to fix it, but it came back after reboot. I manually went into IE and Firefox to clear all proxy overrides.

I still have the redirects. Thanks!

Al




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users