[Resolved] Browser Redirection

[ohtara1211]

I was redirected to a UK site. Here is the log file from notebook


Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1205      ir1.fp.vip.mud.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1205      ir1.fp.vip.mud.yahoo.com:http  CLOSE_WAIT      2972
  [iexplore.exe]

  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1210      ir1.fp.vip.mud.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1211      ir1.fp.vip.mud.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1212      l3.ycs.vip.dxs.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1210      ir1.fp.vip.mud.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1211      ir1.fp.vip.mud.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1212      l3.ycs.vip.dxs.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1214      gossip3.search.vip.ac4.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1210      ir1.fp.vip.mud.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1211      ir1.fp.vip.mud.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1214      gossip3.search.vip.ac4.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1210      ir1.fp.vip.mud.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1211      ir1.fp.vip.mud.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1214      gossip3.search.vip.ac4.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1216      64.211.162.98:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1217      ngyts.img.search.vip.ac4.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1216      64.211.162.98:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1217      ngyts.img.search.vip.ac4.yahoo.com:http  ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1210      ir1.fp.vip.mud.yahoo.com:http  CLOSE_WAIT      2972
  [iexplore.exe]

  TCP    JeffsNetbook:1214      gossip3.search.vip.ac4.yahoo.com:http  CLOSE_WAIT      2972
  [iexplore.exe]

  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1216      64.211.162.98:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1216      64.211.162.98:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1226      83.138.179.75:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1227      83.138.179.75:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1216      64.211.162.98:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1227      83.138.179.75:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1216      64.211.162.98:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1227      83.138.179.75:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1216      64.211.162.98:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:1227      83.138.179.75:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1227      83.138.179.75:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1227      83.138.179.75:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1227      83.138.179.75:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1227      83.138.179.75:http     ESTABLISHED     2972
  [iexplore.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1208      bs2.ads.vip.mud.yahoo.com:http  TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1228      cds413.dal.llnw.net:http  ESTABLISHED     1136
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\System32\WINHTTP.dll
  [svchost.exe]

  TCP    JeffsNetbook:1229      65.55.184.27:https     ESTABLISHED     1136
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\System32\WINHTTP.dll
  [svchost.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1229      65.55.184.27:https     ESTABLISHED     1136
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\System32\WINHTTP.dll
  -- unknown component(s) --
  [svchost.exe]

  TCP    JeffsNetbook:1228      cds413.dal.llnw.net:http  CLOSE_WAIT      1136
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\System32\WINHTTP.dll
  [svchost.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1229      65.55.184.27:https     ESTABLISHED     1136
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\System32\WINHTTP.dll
  [svchost.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
  TCP    JeffsNetbook:1220      64.211.162.91:http     TIME_WAIT       0

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    JeffsNetbook:1229      65.55.184.27:https     ESTABLISHED     1136
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\System32\WINHTTP.dll
  [svchost.exe]

  TCP    JeffsNetbook:26544     localhost:1223         TIME_WAIT       0
Ridge1992@Yahoo.com

[Hoov]

DO you know how to change your DNS servers? If you do please change them to 8.8.8.8 and 8.8.4.4 and then reboot your computer and check your browser to see if you are still being redirected.

[ohtara1211]

o.k. I'll have to admit you've stumped me with that one. I'll see if I can help from someone with a little more knowledge. I'll post again when I have changed them.

[Hoov]

There are some instructions here.

[ohtara1211]

Changed to the reccomended DNS servers. It worked temporarily. At the 3rd reboot it reverted back to it's old ways.

[Hoov]

You can change them back to the automatic option, or whatever was in there before.

Please enter this into the address bar of whatever browser you are using, 74.125.65.105 , and when the search engine comes up, do a search thru that and see if you are getting redirected. Let me know how it goes.

[ohtara1211]

I tried it and am still being directed in the same manner

[Hoov]

Go to the control panel, and then to internet options. Once that is open, click on the connections tab, and then the LAN settings button. Make sure all the boxes on the page the opens are unchecked. Then click OK and then close all the windows back to the desktop. Now reboot the computer and test your browser to see if you are still being redirected.

[ohtara1211]

All the boxes on the page the opens were already unchecked. I clicked ok and rebooted, no change

[Hoov]

Please download RunScanner

• Save it to a folder you create such as C:\Runscanner (this assumes Windows is installed on your C: drive).
  
• Launch Runscanner by double-clicking runscanner.exe within the C:\Runscanner folder.
• Vista users must also click Continue to open Runscanner when prompted by User Account Control (UAC)
• Check Beginner Mode
• Click Scan computer
• Your will see a "Runscanner scan in progress" window displayed while Runscanner scans your system
• At the conclusion of the scan, save the run file called runscanner.run to your documents folder or directly to the Runscanner folder. This is the file you will need to upload.
• A runscanner.log file will automatically open in Notepad. Just close the Notepad window because, it is ONLY the runscanner.run file that we are interested in.
• Next, zip up the runscanner.run file that you just saved.
• I want you to upload the zipped runscanner.run file as an attachment in your next reply
• To do that choose "Additional Options" under "Post Reply"
• Browse to the zipped RUN file location and then click the "Post" button to attach the file.
• I will review the run file, and then upload it back to you with items marked for deletion.
• Please await my directions and the returned RUN file, and do not delete anything in the interim

[ohtara1211]

Here is the Runscanner "run" file. Thanks for sticking with this. It's turning out to be a little more complex than I had thought originally.

I know you wanted it zipped. When I did the file was 1.6 meg and could not be accepted. The original file is much smaller.

If it is an issue I will try it again. Maybe it could be compressed a little more.

[Hoov]

Please do a search on your drive for Podmena

[ohtara1211]

I did the search and nothing came up except an internet short cut that must have been when from i tried to Yahoo search the word. Nothing that was actually on the hard drive.

[Hoov]

Please run hijackthis again and post the log.

[ohtara1211]

H, here is a copy of the latest and greatest.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:57 PM, on 3/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AsScrPro.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Shortcut to SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup:  SuperHybridEngine.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://173.9.66.81:8082/SysCamInst.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

--
End of file - 9048 bytes