website redirection

View previous topic View next topic Go down

website redirection

Post by karananand on 24th October 2011, 4:46 am

This is a newly formatted netbook with win 7. And it seems that the acer bloatware are causing the redirection as there is nothing else i can relate to.

OTL text:


OTL logfile created on: 24/10/2011 12:08:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\aroon\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

746.90 Mb Total Physical Memory | 194.45 Mb Available Physical Memory | 26.03% Memory free
1.73 Gb Paging File | 0.82 Gb Available in Paging File | 47.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.79 Gb Total Space | 204.80 Gb Free Space | 93.61% Space Free | Partition Type: NTFS

Computer Name: AROON-PC | User Name: aroon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/10/24 00:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\aroon\Downloads\OTL.com
PRC - [2011/09/29 03:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/09 01:27:50 | 001,025,616 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010/12/09 01:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/12/09 01:27:50 | 000,287,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010/11/18 16:13:22 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010/11/09 09:56:08 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/11/09 09:55:38 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/10/29 10:22:34 | 000,714,120 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010/10/29 10:22:32 | 000,734,592 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/10/29 10:22:28 | 000,468,360 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010/07/14 07:01:28 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/29 03:09:46 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/18 16:13:28 | 000,096,256 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2010/11/18 16:02:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/08/26 14:49:58 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/07/14 00:55:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\de8525cc2e6327337e1c6917352bfe16\WindowsFormsIntegration.ni.dll
MOD - [2009/07/14 00:43:48 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
MOD - [2009/07/14 00:43:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll
MOD - [2009/07/14 00:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009/07/14 00:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009/07/14 00:43:20 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll
MOD - [2009/07/14 00:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 00:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 00:42:55 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll
MOD - [2009/07/14 00:42:45 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009/07/14 00:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 00:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 00:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 00:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/09 01:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/11/18 16:13:22 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/11/09 09:55:38 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/10/29 10:22:32 | 000,734,592 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/06/17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (mwlPSDVDisk)
DRV - File not found [Kernel | Unknown | Running] -- -- (mwlPSDNServ)
DRV - File not found [File_System | Disabled | Running] -- -- (mwlPSDFilter)
DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/10 04:28:24 | 001,221,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/11/09 10:33:04 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/11/09 09:18:34 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/09/27 03:23:57 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/09/23 19:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/08/08 23:00:58 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\EUCR6SK.SYS -- (EUCR)
DRV - [2010/07/15 17:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/04/28 16:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/23 23:55:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 16:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/23 16:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aroon\AppData\Roaming\Mozilla\Extensions
[2011/10/23 23:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aroon\AppData\Roaming\Mozilla\Firefox\Profiles\ibkn18vz.default\extensions
[2011/10/23 16:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\AROON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IBKN18VZ.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI
() (No name found) -- C:\USERS\AROON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IBKN18VZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\AROON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IBKN18VZ.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI
[2011/09/29 03:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 21:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/28 21:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/28 21:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/28 21:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/28 21:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe (Acer Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.26 213.109.75.213
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D7FA094-7DBB-4312-A359-1C938906D8AB}: DhcpNameServer = 213.109.65.26 213.109.75.213
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 23:56:41 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/10/23 23:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/10/23 23:56:40 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/10/23 23:56:35 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/10/23 23:56:35 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/10/23 23:56:34 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/10/23 23:56:31 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/10/23 23:55:37 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/10/23 23:55:37 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/10/23 23:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/23 23:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/23 17:40:09 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/10/23 17:35:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/23 17:09:02 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/10/23 17:09:01 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Local\AMD
[2011/10/23 17:08:49 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Roaming\ATI
[2011/10/23 17:08:49 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Local\ATI
[2011/10/23 17:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/10/23 17:01:33 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2011/10/23 16:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/23 16:39:15 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Roaming\Mozilla
[2011/10/23 16:39:15 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Local\Mozilla
[2011/10/23 16:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/23 16:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/23 16:38:13 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Local\Google
[2011/10/23 16:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/23 16:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/10/23 14:39:54 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Roaming\Adobe
[2011/10/23 14:27:41 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Roaming\Macromedia
[2011/10/23 14:27:30 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Local\EgisTec IPS
[2011/10/23 14:26:53 | 000,000,000 | R--D | C] -- C:\Users\aroon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/23 14:26:53 | 000,000,000 | R--D | C] -- C:\Users\aroon\Searches
[2011/10/23 14:26:53 | 000,000,000 | R--D | C] -- C:\Users\aroon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/23 14:26:51 | 000,000,000 | -H-D | C] -- C:\Users\aroon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/10/23 14:26:38 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Roaming\Identities
[2011/10/23 14:26:34 | 000,000,000 | R--D | C] -- C:\Users\aroon\Contacts
[2011/10/23 14:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730E
[2011/10/23 14:23:12 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Local\VirtualStore
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\AppData\Local\Temporary Internet Files
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\Templates
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\Start Menu
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\SendTo
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\Recent
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\PrintHood
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\NetHood
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\Documents\My Videos
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\Documents\My Pictures
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\Documents\My Music
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\My Documents
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\Local Settings
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\AppData\Local\History
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\Cookies
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\Application Data
[2011/10/23 14:23:09 | 000,000,000 | -HSD | C] -- C:\Users\aroon\AppData\Local\Application Data
[2011/10/23 14:23:09 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Local\Temp
[2011/10/23 14:23:09 | 000,000,000 | ---D | C] -- C:\Users\aroon\AppData\Local\Microsoft
[2011/10/23 14:23:08 | 000,000,000 | --SD | C] -- C:\Users\aroon\AppData\Roaming\Microsoft
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\Videos
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\Saved Games
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\Pictures
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\Music
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\Links
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\Favorites
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\Downloads
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\Documents
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\Desktop
[2011/10/23 14:23:08 | 000,000,000 | R--D | C] -- C:\Users\aroon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/23 14:23:08 | 000,000,000 | -H-D | C] -- C:\Users\aroon\AppData
[2011/10/23 14:22:50 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/10/23 13:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/10/23 13:38:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2011/10/23 13:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011/10/23 13:31:49 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/10/23 13:31:49 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/10/23 13:31:48 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/10/23 13:31:44 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/10/23 13:31:33 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/10/23 13:31:32 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/10/23 13:30:58 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/10/23 13:30:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/10/23 13:30:57 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/10/23 13:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/10/23 13:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/10/23 13:20:11 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\Windows\System32\agrsmdel.exe
[2011/10/23 13:20:11 | 000,026,624 | ---- | C] (LSI Corporation) -- C:\Windows\System32\agrscoin.dll
[2011/10/23 13:20:07 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/10/23 13:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/10/23 13:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/10/23 13:18:18 | 000,030,464 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\usbfilter.sys
[2011/10/23 13:18:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/10/23 13:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/10/23 13:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/10/23 13:17:02 | 000,037,944 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdiox86.sys
[2011/10/23 13:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/10/23 13:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/10/23 13:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2011/10/23 13:11:45 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/10/23 13:11:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/10/23 13:10:43 | 000,000,000 | ---D | C] -- C:\book
[2011/10/23 13:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2011/10/23 13:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/10/23 13:05:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/10/24 00:03:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/23 23:56:41 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/23 23:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/23 17:44:22 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 17:44:22 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 17:26:15 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/23 17:26:15 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/23 17:21:19 | 587,386,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/23 17:01:33 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2011/10/23 16:39:25 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/23 16:38:49 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/23 16:31:32 | 000,001,923 | ---- | M] () -- C:\Users\aroon\Desktop\Update Checker.lnk
[2011/10/23 16:19:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/10/23 16:17:51 | 000,001,415 | ---- | M] () -- C:\Users\aroon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/23 14:23:48 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/10/23 14:21:58 | 000,035,789 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/10/23 13:44:14 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/10/23 13:33:19 | 000,000,020 | ---- | M] () -- C:\Windows\Ął@
[2011/10/23 13:19:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/10/23 13:15:05 | 000,000,172 | ---- | M] () -- C:\Windows\LMv4.UNI
[2011/10/23 13:09:33 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/23 13:08:18 | 000,000,003 | ---- | M] () -- C:\Windows\System32\PLD_Framework.cmd

========== Files Created - No Company Name ==========

[2011/10/23 23:56:41 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/23 17:03:17 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2011/10/23 16:39:25 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/23 16:38:49 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/23 16:38:49 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/23 16:31:32 | 000,001,953 | ---- | C] () -- C:\Users\aroon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/10/23 16:31:32 | 000,001,923 | ---- | C] () -- C:\Users\aroon\Desktop\Update Checker.lnk
[2011/10/23 16:31:00 | 000,001,784 | ---- | C] () -- C:\Users\aroon\Desktop\UG1.rtf
[2011/10/23 16:31:00 | 000,000,158 | ---- | C] () -- C:\Users\aroon\Desktop\New Rich Text Document.rtf
[2011/10/23 16:19:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/10/23 16:17:51 | 000,001,415 | ---- | C] () -- C:\Users\aroon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/23 14:26:59 | 000,001,421 | ---- | C] () -- C:\Users\aroon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/23 14:23:48 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/10/23 14:23:09 | 000,000,290 | ---- | C] () -- C:\Users\aroon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/23 14:23:09 | 000,000,272 | ---- | C] () -- C:\Users\aroon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/23 13:44:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/23 13:33:18 | 000,000,020 | ---- | C] () -- C:\Windows\Ął@
[2011/10/23 13:19:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/10/23 13:15:05 | 000,000,172 | ---- | C] () -- C:\Windows\LMv4.UNI
[2011/10/23 13:08:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\PLD_Framework.cmd
[2011/10/23 13:07:23 | 000,747,564 | ---- | C] () -- C:\Windows\System32\oem3.inf
[2011/10/23 13:05:46 | 587,386,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/05 23:37:02 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll
[2010/12/05 23:36:53 | 000,025,112 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini
[2010/12/05 23:36:53 | 000,001,728 | ---- | C] () -- C:\Windows\System32\drivers\Altmixer.ini
[2010/12/05 23:36:51 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/05 23:36:50 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,257,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/29 03:09:46 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/29 03:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/29 03:09:46 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/29 03:09:46 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/10/23 16:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2010/12/06 00:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Games
[2010/12/06 00:48:56 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/10/23 13:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2011/10/23 13:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2011/10/23 23:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2011/10/23 16:39:26 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/10/23 17:35:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/12/06 00:19:40 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/12/06 00:12:05 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2011/10/23 16:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\FileHippo.com
[2011/10/23 17:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/10/23 23:17:14 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/12/06 00:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/10/23 13:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2011/10/23 17:21:19 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2011/10/23 16:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/12/06 00:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/10/23 16:38:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/12/06 00:35:03 | 000,000,000 | ---D | M] -- C:\Program Files\Preload
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/10/23 13:19:33 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/12/06 00:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 00:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 03:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 03:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 03:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 03:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 03:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 03:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/09/08 00:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/09/08 00:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 03:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 03:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 03:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 03:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 03:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 03:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/09/08 00:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/09/08 00:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation)

< End of report >


karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 24th October 2011, 4:48 am


Extras txt

OTL Extras logfile created on: 24/10/2011 12:08:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\aroon\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

746.90 Mb Total Physical Memory | 194.45 Mb Available Physical Memory | 26.03% Memory free
1.73 Gb Paging File | 0.82 Gb Available in Paging File | 47.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.79 Gb Total Space | 204.80 Gb Free Space | 93.61% Space Free | Partition Type: NTFS

Computer Name: AROON-PC | User Name: aroon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish
"{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All
"{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek
"{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese
"{3844ACB1-E607-C3C2-941F-485171340C7B}" = ccc-utility
"{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E09F08C-0957-7A07-9597-83A6E9692D89}" = ATI Catalyst Install Manager
"{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai
"{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean
"{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese
"{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian
"{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard
"{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian
"{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian
"{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French
"{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish
"{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish
"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static
"{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9B1956A-B04B-1C79-9253-035F942CB694}" = AMD Fuel
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common
"{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch
"{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional
"{E3BF5F5F-28AE-989B-1EB3-57DC5686217B}" = WMV9/VC-1 Video Playback
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish
"{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German
"161D60ECC63E2342BC07C4D082170FB8420AE10A" = ENE USB Card Reader Driver
"Acer Game Console" = Acer Game Console
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"FileHippo.com" = FileHippo.com Update Checker
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"LManager" = Launch Manager
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent acer Master Uninstall" = Acer Games
"WT088300" = Bejeweled 2 Deluxe
"WT088312" = Chuzzle Deluxe
"WT088318" = Diner Dash 2 Restaurant Rescue
"WT088332" = Farm Frenzy
"WT088336" = Insaniquarium Deluxe
"WT088350" = Jewel Quest Solitaire 2
"WT088364" = Plants vs. Zombies
"WT088371" = Zuma Deluxe
"WT088373" = Blackhawk Striker 2
"WT088393" = Dora's Carnival Adventure
"WT088413" = FATE
"WT088417" = Final Drive Nitro
"WT088441" = Jewel Quest
"WT088449" = Penguins!
"WT088453" = Polar Bowler
"WT088517" = Zuma's Revenge
"WT088553" = Virtual Villagers 4 - The Tree of Life
"WT088653" = Jewel Quest - Heritage

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/10/2011 5:11:57 PM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service McAfee Validation Trust Protection Service since QueryServiceConfig
API failed System Error: The system cannot find the file specified. .

Error - 23/10/2011 5:11:57 PM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service McAfee Anti-Spam Service since QueryServiceConfig API failed System Error:
The
system cannot find the file specified. .

Error - 23/10/2011 11:10:15 PM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary mwlPSDNServ. System Error: The system cannot find the file specified. .

Error - 23/10/2011 11:10:15 PM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary mwlPSDVDisk. System Error: The system cannot find the file specified. .

Error - 23/10/2011 11:16:44 PM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary mwlPSDNServ. System Error: The system cannot find the file specified. .

Error - 23/10/2011 11:16:44 PM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary mwlPSDVDisk. System Error: The system cannot find the file specified. .

Error - 23/10/2011 11:55:01 PM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary mwlPSDNServ. System Error: The system cannot find the file specified. .

Error - 23/10/2011 11:55:01 PM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary mwlPSDVDisk. System Error: The system cannot find the file specified. .

Error - 24/10/2011 12:12:20 AM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary mwlPSDNServ. System Error: The system cannot find the file specified. .

Error - 24/10/2011 12:12:20 AM | Computer Name = aroon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary mwlPSDVDisk. System Error: The system cannot find the file specified. .

[ System Events ]
Error - 23/10/2011 4:17:23 PM | Computer Name = aroon-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >


aswMBR.txt

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-24 00:34:14
-----------------------------
00:34:14.148 OS Version: Windows 6.1.7600
00:34:14.148 Number of processors: 2 586 0x100
00:34:14.148 ComputerName: AROON-PC UserName: aroon
00:34:16.457 Initialize success
00:34:17.221 AVAST engine defs: 11102302
00:34:55.238 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:34:55.254 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC60F Size: 238475MB BusType: 11
00:34:57.297 Disk 0 MBR read successfully
00:34:57.297 Disk 0 MBR scan
00:34:57.313 Disk 0 Windows 7 default MBR code
00:34:57.329 Disk 0 scanning sectors +488394752
00:34:57.453 Disk 0 scanning C:\Windows\system32\drivers
00:35:09.075 Service scanning
00:35:12.414 Modules scanning
00:35:27.078 Disk 0 trace - called modules:
00:35:27.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
00:35:27.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83d485f8]
00:35:27.109 3 CLASSPNP.SYS[85faa59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83c86030]
00:35:29.277 AVAST engine scan C:\Windows
00:35:36.968 AVAST engine scan C:\Windows\system32
00:38:06.537 AVAST engine scan C:\Windows\system32\drivers
00:38:16.505 AVAST engine scan C:\Users\aroon
00:38:53.087 AVAST engine scan C:\ProgramData
00:40:08.981 Scan finished successfully
00:41:17.699 Disk 0 MBR has been saved successfully to "C:\Users\aroon\Downloads\MBR.dat"
00:41:17.715 The log file has been saved successfully to "C:\Users\aroon\Downloads\aswMBR.txt"

checkup txt

Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by Belahzur on 24th October 2011, 9:12 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 25th October 2011, 4:15 am

Combofix log:

ComboFix 11-10-24.05 - aroon 24/10/2011 23:40:31.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.747.119 [GMT -4:00]
Running from: c:\users\aroon\Desktop\commy.exe
Command switches used :: /stepdel
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-25 04:01 . 2011-10-25 04:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 02:18 . 2011-10-25 02:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B6973E2-736C-45F7-AE20-499A4DDE5AEF}\offreg.dll
2011-10-24 05:34 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-24 05:34 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-24 05:34 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-24 05:34 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-24 05:34 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-24 05:14 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-24 05:13 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-10-24 05:11 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-10-24 05:10 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-24 05:09 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-10-24 05:08 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-10-24 04:54 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-24 04:54 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-10-24 04:54 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-10-24 03:56 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-24 03:56 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-24 03:56 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-24 03:56 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-24 03:56 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-24 03:56 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-24 03:55 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-24 03:55 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-24 03:55 . 2011-10-24 03:55 -------- d-----w- c:\programdata\AVAST Software
2011-10-24 03:55 . 2011-10-24 03:55 -------- d-----w- c:\program files\AVAST Software
2011-10-23 21:40 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B6973E2-736C-45F7-AE20-499A4DDE5AEF}\mpengine.dll
2011-10-23 21:40 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-23 21:08 . 2011-10-23 21:08 -------- d-----w- c:\programdata\ATI
2011-10-23 21:01 . 2011-10-23 21:01 -------- d-----w- c:\windows\NAPP_Dism_Log
2011-10-23 20:39 . 2011-10-23 20:39 -------- d-----w- c:\program files\CCleaner
2011-10-23 20:36 . 2011-10-23 21:48 -------- d-----w- c:\program files\Google
2011-10-23 20:31 . 2011-10-23 20:31 -------- d-----w- c:\program files\FileHippo.com
2011-10-23 18:23 . 2011-10-23 18:23 -------- d-----w- c:\programdata\OEM_E471269A730E
2011-10-23 18:23 . 2011-10-23 18:26 -------- d-----w- c:\users\aroon
2011-10-23 18:22 . 2011-10-23 18:22 -------- d-----w- C:\Recovery
2011-10-23 17:45 . 2011-10-25 03:22 -------- d-----w- c:\programdata\boost_interprocess
2011-10-23 17:44 . 2011-10-23 17:44 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-23 17:31 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-10-23 17:31 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-10-23 17:31 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-10-23 17:31 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-10-23 17:31 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-10-23 17:31 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-10-23 17:30 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-10-23 17:30 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2011-10-23 17:30 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-10-23 17:30 . 2011-10-23 17:30 -------- d-----w- c:\program files\Common Files\Windows Live
2011-10-23 17:27 . 2011-10-23 20:30 -------- d-----w- c:\program files\Microsoft
2011-10-23 17:20 . 2009-12-03 07:29 26624 ------w- c:\windows\system32\agrscoin.dll
2011-10-23 17:20 . 2009-12-03 07:28 64000 ------w- c:\windows\system32\agrsmdel.exe
2011-10-23 17:20 . 2011-10-23 17:20 -------- d-----w- c:\windows\Options
2011-10-23 17:19 . 2011-10-23 17:19 -------- d-----w- c:\program files\Synaptics
2011-10-23 17:18 . 2011-10-23 17:18 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-10-23 17:18 . 2011-10-23 17:18 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-23 17:18 . 2010-04-28 20:43 30464 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2011-10-23 17:17 . 2011-10-23 17:17 -------- d-----w- c:\programdata\AMD
2011-10-23 17:17 . 2010-02-18 13:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2011-10-23 17:16 . 2011-10-23 17:16 -------- d-----w- c:\program files\ATI
2011-10-23 17:16 . 2011-10-23 17:18 -------- d-----w- c:\program files\ATI Technologies
2011-10-23 17:15 . 2011-10-23 17:15 -------- d-----w- c:\program files\Launch Manager
2011-10-23 17:10 . 2011-10-23 17:10 -------- d---a-w- C:\book
2011-10-23 17:10 . 2011-10-23 17:10 -------- d-----w- c:\programdata\EgisTec
2011-10-23 17:08 . 2011-10-23 17:08 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 07:09 . 2011-10-23 20:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 714120]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-12-09 1025616]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2009-07-14 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-08-09 82768]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-09 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 284160]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-12-09 311376]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 734592]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-09 6574080]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-09 229888]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-23 102416]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27 68208]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-28 30464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 213.109.65.26 213.109.75.213
FF - ProfilePath - c:\users\aroon\AppData\Roaming\Mozilla\Firefox\Profiles\ibkn18vz.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4056)
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
Completion time: 2011-10-25 00:06:13
ComboFix-quarantined-files.txt 2011-10-25 04:06
.
Pre-Run: 216,172,658,688 bytes free
Post-Run: 216,153,767,936 bytes free
.
- - End Of File - - 109C604BC7503AF702FCD257EE13077D

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 28th October 2011, 4:05 am

Bump

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by Belahzur on 31st October 2011, 1:25 am

Sorry, busy week.

Still being re-directed?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 31st October 2011, 3:16 am

yes.. still being redirected on both IE and mozilla..
I had to close three popups and click back three times to come to this website using google..

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by Belahzur on 3rd November 2011, 1:44 am

Lets see what this says.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 3rd November 2011, 4:00 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Starter Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire One 522
Logical Drives Mask: 0x00000004

Kernel Drivers (total 186):
0x81815000 \SystemRoot\system32\ntkrnlpa.exe
0x81C27000 \SystemRoot\system32\halmacpi.dll
0x81797000 \SystemRoot\system32\kdcom.dll
0x81E02000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x81E0D000 \SystemRoot\system32\PSHED.dll
0x81E1E000 \SystemRoot\system32\BOOTVID.dll
0x81E26000 \SystemRoot\system32\CLFS.SYS
0x81E68000 \SystemRoot\system32\CI.dll
0x81F13000 \SystemRoot\system32\drivers\Wdf01000.sys
0x81F84000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x81F92000 \SystemRoot\system32\drivers\ACPI.sys
0x81FDA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x81FE3000 \SystemRoot\system32\drivers\msisadrv.sys
0x85C21000 \SystemRoot\system32\drivers\pci.sys
0x85C4B000 \SystemRoot\system32\drivers\vdrvroot.sys
0x85C56000 \SystemRoot\System32\drivers\partmgr.sys
0x85C67000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x85C6F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x85C7A000 \SystemRoot\system32\drivers\volmgr.sys
0x85C8A000 \SystemRoot\System32\drivers\volmgrx.sys
0x85CD5000 \SystemRoot\System32\drivers\mountmgr.sys
0x85CEB000 \SystemRoot\system32\drivers\atapi.sys
0x85CF4000 \SystemRoot\system32\drivers\ataport.SYS
0x85D17000 \SystemRoot\system32\drivers\msahci.sys
0x85D21000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x85D2F000 \SystemRoot\system32\drivers\amdxata.sys
0x85D38000 \SystemRoot\system32\drivers\fltmgr.sys
0x85D6C000 \SystemRoot\system32\drivers\fileinfo.sys
0x85E20000 \SystemRoot\System32\Drivers\Ntfs.sys
0x85F4F000 \SystemRoot\System32\Drivers\msrpc.sys
0x85F7A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x85F8D000 \SystemRoot\System32\Drivers\cng.sys
0x85FEA000 \SystemRoot\System32\drivers\pcw.sys
0x85E00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8601B000 \SystemRoot\system32\drivers\ndis.sys
0x860D2000 \SystemRoot\system32\drivers\NETIO.SYS
0x86110000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x86200000 \SystemRoot\System32\drivers\tcpip.sys
0x8634A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8637B000 \SystemRoot\system32\drivers\volsnap.sys
0x863BA000 \SystemRoot\System32\Drivers\spldr.sys
0x863C2000 \SystemRoot\System32\drivers\rdyboost.sys
0x863EF000 \SystemRoot\System32\Drivers\mup.sys
0x86135000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8613D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8616F000 \SystemRoot\system32\DRIVERS\disk.sys
0x86180000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x85D7D000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x861D8000 \SystemRoot\System32\Drivers\Null.SYS
0x861DF000 \SystemRoot\System32\Drivers\Beep.SYS
0x861E6000 \SystemRoot\System32\drivers\vga.sys
0x85C00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x861F2000 \SystemRoot\System32\drivers\watchdog.sys
0x86000000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x86008000 \SystemRoot\system32\drivers\rdpencdd.sys
0x86010000 \SystemRoot\system32\drivers\rdprefmp.sys
0x85E09000 \SystemRoot\System32\Drivers\Msfs.SYS
0x85DED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89413000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8942A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89436000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x89441000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89473000 \SystemRoot\system32\drivers\afd.sys
0x894CD000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x894D4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x894DB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x894FA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8950B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89519000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8952C000 \SystemRoot\system32\drivers\termdd.sys
0x8953D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8957E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x89588000 \SystemRoot\system32\drivers\mssmbios.sys
0x89592000 \SystemRoot\System32\drivers\discache.sys
0x8959E000 \SystemRoot\System32\Drivers\dfsc.sys
0x895B6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8960E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8965B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8967C000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x8968D000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8AC12000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8B2A6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B35D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8B396000 \SystemRoot\system32\drivers\HDAudBus.sys
0x8B3B5000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x896CA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B3BF000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8B3C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B3D4000 \SystemRoot\system32\drivers\i8042prt.sys
0x8B3EC000 \SystemRoot\system32\drivers\kbdclass.sys
0x8C003000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C143000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C145000 \SystemRoot\system32\drivers\mouclass.sys
0x8C152000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
0x8C803000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8CBF3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8C164000 \SystemRoot\system32\drivers\wmiacpi.sys
0x8C16D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C171000 \SystemRoot\system32\drivers\CompositeBus.sys
0x8C17E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8C190000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C1A8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C1B3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C1D5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89715000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8972C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CBFD000 \SystemRoot\system32\drivers\swenum.sys
0x89743000 \SystemRoot\system32\drivers\ks.sys
0x8C1ED000 \SystemRoot\system32\DRIVERS\amdiox86.sys
0x8AC00000 \SystemRoot\system32\drivers\umbus.sys
0x89777000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x897BB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x897CC000 \SystemRoot\system32\drivers\AtihdW73.sys
0x895C4000 \SystemRoot\system32\drivers\portcls.sys
0x8BE18000 \SystemRoot\system32\drivers\drmk.sys
0x8BE31000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8BF63000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BF70000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BF7B000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8BF85000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x80EF0000 \SystemRoot\System32\win32k.sys
0x8BF96000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BFA0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8BFB7000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8BFDB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81150000 \SystemRoot\System32\TSDDD.dll
0x81180000 \SystemRoot\System32\cdd.dll
0x861A5000 \SystemRoot\system32\drivers\luafv.sys
0x9143E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x91476000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x91479000 \SystemRoot\system32\drivers\WudfPf.sys
0x91493000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x914A3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x914E9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x914F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9150C000 \SystemRoot\system32\drivers\HTTP.sys
0x91591000 \SystemRoot\system32\DRIVERS\bowser.sys
0x915AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x915BC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x91400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x915DF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x96810000 \SystemRoot\system32\drivers\peauth.sys
0x968A7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x968B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x968D2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x968DF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9692F000 \SystemRoot\System32\DRIVERS\srv.sys
0x77D40000 \Windows\System32\ntdll.dll
0x47FA0000 \Windows\System32\smss.exe
0x77F80000 \Windows\System32\apisetschema.dll
0x00C50000 \Windows\System32\autochk.exe
0x77F60000 \Windows\System32\normaliz.dll
0x77BA0000 \Windows\System32\setupapi.dll
0x77F50000 \Windows\System32\nsi.dll
0x77A40000 \Windows\System32\ole32.dll
0x77960000 \Windows\System32\kernel32.dll
0x77EF0000 \Windows\System32\difxapi.dll
0x77EE0000 \Windows\System32\psapi.dll
0x778C0000 \Windows\System32\advapi32.dll
0x77830000 \Windows\System32\clbcatq.dll
0x77E80000 \Windows\System32\shlwapi.dll
0x77800000 \Windows\System32\imagehlp.dll
0x777E0000 \Windows\System32\sechost.dll
0x77760000 \Windows\System32\comdlg32.dll
0x77750000 \Windows\System32\lpk.dll
0x77590000 \Windows\System32\iertutil.dll
0x77540000 \Windows\System32\gdi32.dll
0x774B0000 \Windows\System32\oleaut32.dll
0x773E0000 \Windows\System32\user32.dll
0x773A0000 \Windows\System32\ws2_32.dll
0x772F0000 \Windows\System32\msvcrt.dll
0x77220000 \Windows\System32\msctf.dll
0x77110000 \Windows\System32\urlmon.dll
0x76FF0000 \Windows\System32\wininet.dll
0x76FA0000 \Windows\System32\Wldap32.dll
0x76F80000 \Windows\System32\imm32.dll
0x76330000 \Windows\System32\shell32.dll
0x76290000 \Windows\System32\usp10.dll
0x761E0000 \Windows\System32\rpcrt4.dll
0x761B0000 \Windows\System32\wintrust.dll
0x76180000 \Windows\System32\cfgmgr32.dll
0x76130000 \Windows\System32\KernelBase.dll
0x76110000 \Windows\System32\devobj.dll
0x76080000 \Windows\System32\comctl32.dll
0x75F60000 \Windows\System32\crypt32.dll
0x75F50000 \Windows\System32\msasn1.dll

Processes (total 54):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
408 csrss.exe
484 C:\Windows\System32\wininit.exe
496 csrss.exe
540 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\winlogon.exe
588 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\atiesrxx.exe
944 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\svchost.exe
1432 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1440 C:\Windows\System32\wlanext.exe
1448 C:\Windows\System32\conhost.exe
1824 C:\Windows\System32\spoolsv.exe
1852 C:\Windows\System32\svchost.exe
1928 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
1980 C:\Program Files\Launch Manager\dsiwmis.exe
2000 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
2020 C:\Windows\System32\svchost.exe
348 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
1112 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2288 C:\Windows\System32\atieclxx.exe
2680 C:\Windows\System32\svchost.exe
2756 C:\Windows\System32\SearchIndexer.exe
3160 WmiPrvSE.exe
3684 C:\Windows\System32\taskhost.exe
3808 C:\Windows\System32\dwm.exe
3856 C:\Windows\explorer.exe
4048 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
4056 C:\Program Files\Launch Manager\LManager.exe
2132 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2152 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1196 C:\Program Files\Launch Manager\LMworker.exe
1032 C:\Windows\System32\wbem\unsecapp.exe
2364 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
2764 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1516 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1220 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3332 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
3448 C:\Windows\servicing\TrustedInstaller.exe
1180 C:\Windows\System32\audiodg.exe
680 C:\Windows\System32\svchost.exe
1060 C:\Program Files\Mozilla Firefox\firefox.exe
3704 C:\Windows\explorer.exe
2092 C:\Users\aroon\Desktop\MBRCheck.exe
3652 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`86500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OC60F

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by Belahzur on 4th November 2011, 3:29 pm

Hello.
I think I found the cause of your problems.

Are you/your ISP from Russia?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 27th November 2011, 3:29 pm

No. From Canada.
Bell Canada

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by Belahzur on 1st December 2011, 1:10 am

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 2nd December 2011, 3:40 am

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.1.7601]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : aroon-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : 90-00-4E-97-5A-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fc56:801b:172f:b35b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.26(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : December-01-11 10:32:31 PM
Lease Expires . . . . . . . . . . : December-04-11 10:32:31 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 395313230
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-36-02-15-1C-75-08-DD-69-D2
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 1C-75-08-DD-69-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C203E804-0A84-4668-95A0-690341249771}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c1e:2fa3:b9e5:b64e(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c1e:2fa3:b9e5:b64e%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=49ms TTL=52
Reply from 209.191.122.70: bytes=32 time=49ms TTL=52
Reply from 209.191.122.70: bytes=32 time=114ms TTL=52
Reply from 209.191.122.70: bytes=32 time=54ms TTL=52

Ping statistics for 209.191.122.70:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 49ms, Maximum = 114ms, Average = 66ms

Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:
Reply from 64.202.189.170: bytes=32 time=101ms TTL=116
Reply from 64.202.189.170: bytes=32 time=99ms TTL=116
Reply from 64.202.189.170: bytes=32 time=100ms TTL=116
Reply from 64.202.189.170: bytes=32 time=100ms TTL=116

Ping statistics for 64.202.189.170:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 99ms, Maximum = 101ms, Average = 100ms

Pinging facebook.com [69.171.224.11] with 32 bytes of data:
Reply from 69.171.224.11: bytes=32 time=92ms TTL=242
Reply from 69.171.224.11: bytes=32 time=92ms TTL=242
Reply from 69.171.224.11: bytes=32 time=92ms TTL=242
Reply from 69.171.224.11: bytes=32 time=91ms TTL=242

Ping statistics for 69.171.224.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 91ms, Maximum = 92ms, Average = 91ms

Pinging microsoft.com [207.46.197.32] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.197.32:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

********************
EOF

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by Belahzur on 5th December 2011, 6:19 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 8th December 2011, 4:51 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:55 PM, on 07/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

--
End of file - 4343 bytes

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by Belahzur on 9th December 2011, 1:58 pm

Hello.
Your router has been hijacked, it will require manually resetting (I don't mean rebooting neither), the DNS has been changed, so a full factory reset on the router is required.

Who's your IP?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 10th December 2011, 6:26 am

bell canada is the ISP.
If this is the case then all computers on my home network should experience similar problems?? why is it only the netbook?

Also if you comparing it to previous posts.. I have used this netbook at different locations and so have been connected to different networks depending if I was at home or not.

I see a reset button on the router.. I think I will have to poke a pin and hold to reset the router. Will this help?

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by Belahzur on 12th December 2011, 12:26 am

Not sure why it's the netbook, but the logs do show your router is getting a Russian IP, no doubt malicious.

Yes, if your router has one of those extremely small pin holes, that will factory reset it and remove the hijack.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: website redirection

Post by karananand on 23rd December 2011, 6:17 am

okay.. I did a factory reset by pressing the pin hole ..
is this enough?

karananand
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2009-05-06
OS OS : XP
Points Points : 28512
# Likes # Likes : 0

View user profile

Back to top Go down

Re: website redirection

Post by Belahzur on 24th December 2011, 4:07 pm

That should factory reset it, see how things are now, if you get re-directed still.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum