I've gone to the Malware and Spyware Cleaning Guide, and followed all the steps and will attempt to correctly post log results.
I also went to the 'How to Fix Google Redirects' and followed instructions there but it is not fixed.
Thank you for your assistance! Please let me know if I've left anything out.
Running Windows XP Firefox browser
OTL Logs -
OTL logfile created on: 9/8/2010 9:07:10 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
254.00 Mb Total Physical Memory | 59.00 Mb Available Physical Memory | 23.00% Memory free
625.00 Mb Paging File | 332.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 70.35 Gb Free Space | 94.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TERRYLOFT
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/08 21:03:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/07/22 19:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/13 17:24:55 | 001,172,144 | ---- | M] (Proland Software) -- C:\Protector Plus\PPINUPDT.EXE
PRC - [2010/02/13 17:24:55 | 000,787,120 | ---- | M] (Proland Software ) -- C:\Protector Plus\POPSCAN.EXE
PRC - [2010/02/13 17:24:55 | 000,070,320 | ---- | M] (Proland Software) -- C:\Protector Plus\PPAVMON.EXE
PRC - [2010/02/13 17:24:54 | 001,303,216 | ---- | M] (Proland Software ) -- C:\Protector Plus\PPTBC.EXE
PRC - [2010/02/13 17:24:53 | 000,094,896 | ---- | M] (Proland Software) -- C:\Protector Plus\PPSERV.EXE
PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/04/13 17:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
========== Modules (SafeList) ==========
MOD - [2010/09/08 21:03:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/02/13 17:24:55 | 000,070,320 | ---- | M] (Proland Software) [Auto | Running] -- C:\Protector Plus\PPAVMon.exe -- (ProtectorPlusAVMonitor)
SRV - [2010/02/13 17:24:53 | 000,094,896 | ---- | M] (Proland Software) [Auto | Running] -- C:\Protector Plus\PPServ.exe -- (ProtectorPlusService)
========== Driver Services (SafeList) ==========
DRV - [2010/02/13 17:24:55 | 000,019,272 | ---- | M] (Proland Software) [Kernel | On_Demand | Running] -- C:\Protector Plus\PPEMSCAN.SYS -- (PPEMSCAN)
DRV - [2010/02/13 17:24:53 | 000,703,920 | ---- | M] (Proland Software) [Kernel | On_Demand | Running] -- C:\Protector Plus\PPDRV.SYS -- (PPDrv)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60426
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60426
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.crawler.c...bid=60426&qkw="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 21:05:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/07 07:33:25 | 000,000,000 | ---D | M]
[2010/02/13 19:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/08 07:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qpa13jxm.default\extensions
[2010/03/14 11:59:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qpa13jxm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/31 11:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qpa13jxm.default\extensions\[email protected]
[2010/09/08 07:49:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/08/03 08:31:47 | 000,415,577 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14347 more lines...
O4 - HKLM..\Run: [Protector Plus InstaUpdate] C:\Protector Plus\PPINUPDT.EXE (Proland Software)
O4 - HKLM..\Run: [Protector Plus Taskbar Control] C:\Protector Plus\PPTBC.EXE (Proland Software )
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/13 17:25:01 | 000,000,055 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/09/08 20:36:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 20:36:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 20:34:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/08 20:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/29 07:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2010/08/29 07:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Scans
[2010/08/28 07:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Server
[2010/08/12 07:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/08/04 08:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/03 13:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Dr Delete
[2010/08/03 08:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/03 07:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/08/03 07:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/03 07:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
========== Files - Modified Within 90 Days ==========
[2010/09/08 20:48:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 20:48:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 20:47:32 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/08 20:47:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/08 20:47:20 | 002,655,806 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/09/08 20:36:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 20:33:11 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/09/08 20:33:11 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/09/08 20:04:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/07 18:21:50 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/09/07 07:33:32 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/07 07:33:32 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/07 07:27:47 | 000,070,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bookmarks-2010-09-07.json
[2010/08/12 07:05:34 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/03 08:31:47 | 000,415,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 13:16:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/30 07:46:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/15 09:26:31 | 001,744,156 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KerdiShowerBook.pdf
========== Files Created - No Company Name ==========
[2010/09/08 20:36:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 20:33:11 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/09/08 20:33:11 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/09/07 07:33:32 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/07 07:33:32 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/07 07:27:47 | 000,070,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bookmarks-2010-09-07.json
[2010/06/15 09:26:27 | 001,744,156 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KerdiShowerBook.pdf
[2010/03/04 10:06:29 | 000,002,241 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/13 17:07:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
========== LOP Check ==========
[2010/02/13 19:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/03/14 11:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/09/07 18:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/08 20:04:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/02/13 17:25:01 | 000,000,055 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/13 17:39:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/13 16:54:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/13 16:54:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/13 16:54:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/13 17:34:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/02/13 18:46:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/08 20:48:16 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2010/02/13 08:44:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/13 08:44:21 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/13 08:44:21 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 03:01:28
========== Alternate Data Streams ==========
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
< End of report >
MBAM -
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4578
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/8/2010 8:46:30 PM
mbam-log-2010-09-08 (20-46-30).txt
Scan type: Quick scan
Objects scanned: 124219
Time elapsed: 7 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
GMER -
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-08 21:02:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwrcypob.sys
---- Kernel code sections - GMER 1.0.15 ----
? skvntd.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8CDBF80]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[1508] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B4874A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0015660B
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0015634D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00156511
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!recv 71AB676F 5 Bytes JMP 001563C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00156477
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs PPDrv.sys (Protector Plus Antivirus for Windows Kernel Driver/Proland Software)
AttachedDevice \FileSystem\Ntfs \Ntfs PPDrv.sys (Protector Plus Antivirus for Windows Kernel Driver/Proland Software)
AttachedDevice \Driver\Tcpip \Device\Tcp PPEMSCAN.sys (Protector Plus Antivirus Email Scan Driver/Proland Software)
---- EOF - GMER 1.0.15 ----