Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine Results Redirect and Pop-ups [Solved]

Started by bluegrassnash , Nov 30 2009 08:47 AM

  • This topic is locked This topic is locked

#1
bluegrassnash
Posted 30 November 2009 - 08:47 AM

bluegrassnash

    Member

  • Member
  • PipPip
  • 11 posts
When I use the search engines, such as Google or Yahoo, to find sites and click on the link, I am redirected to a wrong site. I'm receiving the same results IE and FireFox. I'm also receiving pop-ups to unsolicted web sites too.

Also, a shortcut has showed up on my desktop "Send files to another computer", pointing to irftp.exe

I've used Malware Anti-Malware, Spybot, SuperAntiSpyware, AVG, and Smitfraud to try to resolve this issue.

I'm not for sure if this is related but I did receive the AntivirusPros virus and I believed that is removed now.

If anyone has any helpful suggestions, I would really appreciate it.
I think these are the log files that are needed:

Malwarebytes' Anti-Malware 1.41
Database version: 3257
Windows 5.1.2600 Service Pack 3

11/29/2009 7:48:19 PM
mbam-log-2009-11-29 (19-48-19).txt

Scan type: Quick Scan
Objects scanned: 126068
Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------
OTL logfile created on: 11/29/2009 7:25:52 PM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\Dana\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.92 Mb Total Physical Memory | 343.97 Mb Available Physical Memory | 44.85% Memory free
1.46 Gb Paging File | 0.68 Gb Available in Paging File | 46.57% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.61 Gb Total Space | 16.69 Gb Free Space | 28.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DB-LP
Current User Name: Dana
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/29 19:20:10 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dana\Desktop\OTL.exe
PRC - [2009/11/23 08:43:26 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/18 18:16:34 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/18 18:16:34 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/18 18:16:34 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/18 18:16:34 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/18 18:16:25 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/18 18:16:23 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/18 18:16:21 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 06:54:22 | 00,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/09/18 20:11:19 | 01,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/08/19 11:13:54 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/07/03 23:17:00 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/07/03 23:10:00 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/06/01 02:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2006/11/11 15:43:16 | 00,397,312 | ---- | M] (www.tortoisesvn.org) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2006/10/24 16:10:18 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/06/16 15:55:14 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2005/06/06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/05/25 21:56:48 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/04/02 07:23:18 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/02/11 18:49:20 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/10/14 09:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/03/10 09:10:44 | 00,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/03/10 09:10:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/01/16 03:00:00 | 00,651,264 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2004/01/16 03:00:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2003/12/25 02:04:00 | 00,208,896 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
PRC - [2003/11/06 02:57:00 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/11/06 02:57:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2003/09/05 04:04:00 | 00,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2003/08/29 18:10:26 | 02,718,720 | ---- | M] () -- C:\Program Files\Xpoint\PE\PCRecSA.exe
PRC - [2003/08/29 18:00:24 | 00,098,304 | ---- | M] () -- C:\Program Files\Xpoint\agent\Xpagent.exe
PRC - [2003/08/29 17:59:18 | 00,827,453 | ---- | M] (Xpoint Technologies) -- C:\Program Files\Xpoint\EEClient\Xpclient.exe
PRC - [2003/08/29 17:57:42 | 00,028,672 | ---- | M] () -- C:\Program Files\Xpoint\xpadmin\xpadmin.exe
PRC - [2003/08/29 17:42:54 | 00,020,549 | ---- | M] () -- C:\Program Files\Xpoint\SAS\JRE\bin\javaw.exe
PRC - [2003/08/22 05:01:00 | 00,225,280 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2003/08/06 12:17:36 | 00,180,224 | ---- | M] () -- C:\Program Files\Xpoint\PE\Skin\RRPCSB.EXE
PRC - [2003/07/11 17:19:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2003/06/27 11:53:32 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/01/10 18:01:34 | 00,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/29 19:20:10 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dana\Desktop\OTL.exe
MOD - [2008/10/02 11:48:33 | 00,198,144 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (WUJOZJT)
SRV - File not found -- -- (NSAIRR)
SRV - [2009/11/18 18:16:23 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/18 18:16:21 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/02/27 06:54:22 | 00,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/08/19 11:13:54 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/04/07 18:16:26 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/06/01 02:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2006/12/02 06:17:54 | 02,805,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/06/16 15:58:42 | 00,426,051 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2006/06/16 15:55:14 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2005/05/25 21:56:48 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/02 07:23:18 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2004/01/16 03:00:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2003/11/06 02:57:00 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/08/29 18:03:50 | 00,040,960 | ---- | M] () -- C:\Program Files\Xpoint\PE\pcradmin.exe -- (PCRadminServer)
SRV - [2003/08/29 18:00:24 | 00,098,304 | ---- | M] () -- C:\Program Files\Xpoint\agent\Xpagent.exe -- (xpAgentServer)
SRV - [2003/08/29 17:57:42 | 00,028,672 | ---- | M] () -- C:\Program Files\Xpoint\xpadmin\xpadmin.exe -- (XPadminServer)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/07/11 17:19:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/08/12 02:17:04 | 00,026,624 | R--- | M] () -- C:\WINDOWS\system32\Psasrv.exe -- (PsaSrv)
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: avg@igeared:2.710.016.005
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.18
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/18 18:16:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/11/18 18:16:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 06:20:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 06:20:45 | 00,000,000 | ---D | M]

[2009/05/23 18:23:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\Mozilla\Extensions
[2009/11/29 09:16:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\2pi4l4tl.default\extensions
[2009/11/29 09:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\2pi4l4tl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/05/21 18:00:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\2pi4l4tl.default\extensions\[email protected]
[2009/05/23 18:23:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (305970 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10535 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Microsoft Web Test Recorder Helper) - {62355041-605D-4469-84FD-5D66ED67A7E3} - C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\RRPCSB.EXE ()
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tgcmd] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [UC_Start] C:\IBMTOOLS\Updater\ucstartup.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [tgcmd] File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnceEx: [RRPC-nls] C:\Program Files\Xpoint\nls\nls.bat File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 16
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/11/10 22:35:08 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/11/10 22:35:08 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/11/10 22:35:08 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/11/10 22:35:08 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...irector7/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1093170264837 (MSSecurityAdvisor Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.r...ip/RdxIE601.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1137852639838 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-306.ibm.c...rt/IbmEgath.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...all-141-win.cab (Java Plug-in 1.4.1)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...all-141-win.cab (Java Plug-in 1.4.1 <applet> redirector)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/30 10:00:21 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bec5f000-c34f-11de-abd7-000d60383045}\Shell - "" = AutoRun
O33 - MountPoints2\{bec5f000-c34f-11de-abd7-000d60383045}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8944780-43f1-11de-ab9f-000d6011db5a}\Shell - "" = AutoRun
O33 - MountPoints2\{e8944780-43f1-11de-ab9f-000d6011db5a}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/02/20 11:59:54 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (67557499103870976)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/29 19:23:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dana\Desktop\To Geeks To Go
[2009/11/29 19:20:00 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dana\Desktop\OTL.exe
[2009/11/29 19:19:28 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dana\Desktop\RootRepeal.exe
[2009/11/29 19:18:32 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dana\Desktop\erunt_setup.exe
[2009/11/29 19:06:15 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dana\Desktop\TFC.exe
[2009/11/29 15:20:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dana\Desktop\GooredFix Backups
[2009/11/29 15:20:25 | 00,070,778 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Dana\Desktop\GooredFix.exe
[2009/11/29 14:40:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dana\Desktop\SmitfraudFix
[2009/11/29 13:14:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dana\Desktop\RootkitRevealer
[2009/11/29 07:54:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/28 19:33:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/11/28 18:52:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/28 18:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/28 18:44:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dana\Application Data\SUPERAntiSpyware.com
[2009/11/28 18:43:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/28 17:25:46 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/11/28 14:27:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/28 14:27:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/11/20 07:52:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dana\Local Settings\Application Data\AVG Security Toolbar
[2009/11/18 18:17:40 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/18 18:16:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/18 18:16:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/17 15:19:32 | 00,000,000 | ---D | C] -- C:\symantec

========== Files - Modified Within 14 Days ==========

[2009/11/29 19:22:11 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\settings.dat
[2009/11/29 19:20:10 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dana\Desktop\OTL.exe
[2009/11/29 19:19:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dana\Desktop\RootRepeal.exe
[2009/11/29 19:18:39 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dana\Desktop\erunt_setup.exe
[2009/11/29 19:12:29 | 00,000,104 | ---- | M] () -- C:\WINDOWS\IBMVPD.INI
[2009/11/29 19:11:49 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/29 19:09:36 | 08,912,896 | ---- | M] () -- C:\Documents and Settings\Dana\ntuser.dat
[2009/11/29 19:09:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/29 19:08:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/29 19:08:48 | 80,424,5504 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/29 19:07:23 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dana\ntuser.ini
[2009/11/29 19:06:31 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dana\Desktop\TFC.exe
[2009/11/29 15:20:30 | 00,070,778 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Dana\Desktop\GooredFix.exe
[2009/11/29 14:46:04 | 00,284,153 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\gmer.zip
[2009/11/29 14:45:34 | 00,524,800 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\dds.scr
[2009/11/29 14:41:52 | 00,004,256 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/29 14:38:45 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\SmitfraudFix.exe
[2009/11/29 14:37:46 | 00,000,656 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\Send files to another computer.lnk
[2009/11/29 13:33:17 | 52,396,032 | ---- | M] () -- C:\WINDOWS\System32\DKANF
[2009/11/29 13:14:48 | 00,231,390 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\RootkitRevealer.zip
[2009/11/29 08:57:42 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/29 07:54:32 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\HijackThis.lnk
[2009/11/28 19:35:12 | 00,000,482 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/28 18:44:58 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/28 18:43:50 | 07,392,800 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\SUPERAntiSpyware.exe
[2009/11/28 17:44:51 | 45,868,556 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/28 17:43:20 | 00,105,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/28 08:08:32 | 03,899,578 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\startup.rtf
[2009/11/18 18:17:10 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/18 18:17:10 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/18 18:17:10 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/18 18:16:54 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/18 18:16:52 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/18 18:16:52 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/17 13:20:12 | 06,996,547 | ---- | M] () -- C:\Documents and Settings\Dana\Desktop\wireless configuration.rtf
[2009/11/16 10:42:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2009/11/29 19:21:41 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\settings.dat
[2009/11/29 14:46:02 | 00,284,153 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\gmer.zip
[2009/11/29 14:45:26 | 00,524,800 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\dds.scr
[2009/11/29 14:38:45 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\SmitfraudFix.exe
[2009/11/29 14:37:46 | 00,000,656 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\Send files to another computer.lnk
[2009/11/29 13:30:10 | 52,396,032 | ---- | C] () -- C:\WINDOWS\System32\DKANF
[2009/11/29 13:27:00 | 80,424,5504 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/29 13:14:44 | 00,231,390 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\RootkitRevealer.zip
[2009/11/29 12:21:11 | 00,004,256 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/29 07:54:32 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\HijackThis.lnk
[2009/11/28 18:44:58 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/28 18:43:41 | 07,392,800 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\SUPERAntiSpyware.exe
[2009/11/28 14:28:51 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/11/28 14:28:51 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/11/28 14:28:51 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/11/28 14:28:51 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/11/28 08:08:32 | 03,899,578 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\startup.rtf
[2009/11/24 14:30:19 | 08,912,896 | ---- | C] () -- C:\Documents and Settings\Dana\ntuser.dat
[2009/11/18 18:16:54 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/18 17:00:14 | 00,000,104 | ---- | C] () -- C:\WINDOWS\IBMVPD.INI
[2009/11/17 13:22:07 | 00,000,013 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLANver.tic
[2009/11/17 13:20:12 | 06,996,547 | ---- | C] () -- C:\Documents and Settings\Dana\Desktop\wireless configuration.rtf
[2008/03/22 19:27:21 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/05 19:13:34 | 00,001,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/23 17:28:33 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006/09/04 12:56:15 | 00,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/16 16:09:52 | 00,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2006/06/16 15:57:32 | 00,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2006/06/16 15:56:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2006/05/07 10:10:16 | 00,000,298 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/02/09 17:51:35 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Dana\Local Settings\Application Data\fusioncache.dat
[2005/01/13 03:00:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/13 03:00:10 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/06/26 06:07:47 | 00,240,640 | ---- | C] () -- C:\WINDOWS\System32\nmocod.dll
[2004/06/26 06:04:58 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2004/06/04 12:59:22 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sensor.dll
[2004/03/18 11:55:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/08 15:10:32 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2004/01/01 19:40:45 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Dana\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/01 19:32:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/12/14 11:32:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/14 11:30:27 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/12/14 11:29:45 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/12/14 11:29:45 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/12/14 11:28:58 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\ANC.sys
[2003/12/14 11:28:58 | 00,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2003/12/14 11:21:03 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/14 11:15:32 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2003/12/14 11:08:23 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2003/12/14 11:08:13 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2003/12/14 11:07:33 | 00,008,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2003/12/14 11:06:21 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/12/14 10:48:33 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/14 10:34:12 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/02/20 12:32:29 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/07 22:15:36 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/11/18 18:29:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/28 17:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2003/12/14 11:14:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2005/05/29 18:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2006/09/04 12:30:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/11/02 14:51:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/25 14:36:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/02/25 17:18:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\AnkhSVN
[2004/01/19 14:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\IBM
[2009/10/07 18:47:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\ImgBurn
[2005/05/29 18:31:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\Individual Software
[2004/01/17 12:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\InterTrust
[2004/02/11 19:27:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\InterVideo
[2007/02/25 15:18:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dana\Application Data\Subversion
[2004/06/04 13:14:43 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2009/11/28 21:40:50 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/11/28 21:40:50 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >
-------------------------------------------------------------------
OTL Extras logfile created on: 11/29/2009 7:25:52 PM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\Dana\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.92 Mb Total Physical Memory | 343.97 Mb Available Physical Memory | 44.85% Memory free
1.46 Gb Paging File | 0.68 Gb Available in Paging File | 46.57% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.61 Gb Total Space | 16.69 Gb Free Space | 28.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DB-LP
Current User Name: Dana
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Quicken WillMaker Plus 2004\qlp.exe" = C:\Program Files\Quicken WillMaker Plus 2004\qlp.exe:*:Disabled:Quicken WillMaker Plus 2004 application -- (Nolo)
"C:\Program Files\CrossLoop\CrossLoopConnect.exe" = C:\Program Files\CrossLoop\CrossLoopConnect.exe:*:Disabled:CrossLoop - Simple Secure Screen Sharing -- (CrossLoop)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1862162E-3BBC-448F-AA63-49F33152D54A}" = Microsoft Visual Studio 2005 Team Suite - ENU
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29F0F7F6-3AE6-4A04-B002-8C8CC7AD9BAD}" = Microsoft Visual Studio 2005 Web Deployment Projects
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BC1AB78-2D98-4906-84B5-4230B5420DCC}" = Offline Course Player
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4B27715E-43C5-42E7-9DFD-0DE6ED8A99AB}" = Masterpages_CS
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67D7BC74-E8DF-4811-9B41-6023A8C9BB3F}" = Intel® Sebring API
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD1F16BE-7B1B-4C8B-9C37-C99724513225}" = TortoiseSVN 1.4.1.7992 (32 bit)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = Access IBM Cleanup Utility
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{DE7F0297-C168-477C-AE8A-1CFC912D3720}" = Microsoft Office Live Meeting 2005 Replay Wrapper
"{E3A6D38C-AAA8-4587-BC42-53FA0E8883B2}" = Webparts_CS
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E76300D5-8E7C-4DB7-9443-FC84C4DA6919}" = AnkhSvn
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel® PROSet/Wireless WiFi Software
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F8C1DCF4-FFC0-4D9D-9F9B-69C57E59830B}" = AnkhSvn
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ASP.NET Visual Blueprint" = ASP.NET Visual Blueprint
"ATI Display Driver" = ATI Display Driver
"ATT-SST" = AT&T Self Support Tool
"AVG9Uninstall" = AVG Free 9.0
"CrossLoop_is1" = CrossLoop 2.41
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"EZ Gig II" = Apricorn EZ Gig II
"HijackThis" = HijackThis 2.0.2
"IBM Access Support" = IBM Access Support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"InterActual Player" = InterActual Player
"Lexmark 510 Series" = Lexmark 510 Series
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Team Suite - ENU" = Microsoft Visual Studio 2005 Team Suite - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MuVo Driver" = MuVo Driver
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"Professor Answers" = Professor Answers
"Professor Teaches FrontPage 2002" = Professor Teaches FrontPage 2002
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quicken WillMaker Plus 2004" = Quicken WillMaker Plus 2004
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Subversion_is1" = Subversion 1.4.2-r22196
"Support.com" = Support.com Software
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2009 7:42:10 AM | Computer Name = DB-LP | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2009 7:42:15 AM | Computer Name = DB-LP | Source = Application Hang | ID = 1001
Description = Fault bucket 337816799.

Error - 10/10/2009 7:43:42 AM | Computer Name = DB-LP | Source = Application Hang | ID = 1002
Description = Hanging application WinDVD.exe, version 4.0.11.280, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2009 2:34:27 PM | Computer Name = DB-LP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 11/28/2009 6:36:45 PM | Computer Name = DB-LP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 11/28/2009 7:35:53 PM | Computer Name = DB-LP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 11/28/2009 7:35:53 PM | Computer Name = DB-LP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 11/28/2009 7:38:22 PM | Computer Name = DB-LP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2009 9:53:45 AM | Computer Name = DB-LP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2009 9:56:33 AM | Computer Name = DB-LP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 11/29/2009 8:06:48 PM | Computer Name = DB-LP | Source = Service Control Manager | ID = 7034
Description = The Symantec Core LC service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/29/2009 8:06:48 PM | Computer Name = DB-LP | Source = Service Control Manager | ID = 7034
Description = The IBM KCU Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/29/2009 8:06:48 PM | Computer Name = DB-LP | Source = Service Control Manager | ID = 7034
Description = The Xpoint Admin Server service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/29/2009 8:06:48 PM | Computer Name = DB-LP | Source = Service Control Manager | ID = 7034
Description = The Xpoint Agent Server service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/29/2009 8:06:49 PM | Computer Name = DB-LP | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/29/2009 8:06:56 PM | Computer Name = DB-LP | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 11/29/2009 8:09:10 PM | Computer Name = DB-LP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/29/2009 8:09:10 PM | Computer Name = DB-LP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/29/2009 8:11:20 PM | Computer Name = DB-LP | Source = Service Control Manager | ID = 7019
Description = Circular dependency: The Spectrum24 Event Monitor service depends
on a service in a group which starts later.

Error - 11/29/2009 8:11:20 PM | Computer Name = DB-LP | Source = Service Control Manager | ID = 7018
Description = Detected circular dependencies auto-starting services.


< End of report >
----------------------------------
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/29 19:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB18D9000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb4fba0b0

==EOF==
  • 0

Advertisements

#2
Rorschach112
Posted 30 November 2009 - 09:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
where else have you posted for help ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - File not found -- -- (WUJOZJT)
SRV - File not found -- -- (NSAIRR)
O4 - HKCU..\Run: [tgcmd] File not found
O4 - HKLM..\RunOnceEx: [RRPC-nls] C:\Program Files\Xpoint\nls\nls.bat File not found
O33 - MountPoints2\{bec5f000-c34f-11de-abd7-000d60383045}\Shell - "" = AutoRun
O33 - MountPoints2\{bec5f000-c34f-11de-abd7-000d60383045}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8944780-43f1-11de-ab9f-000d6011db5a}\Shell - "" = AutoRun
O33 - MountPoints2\{e8944780-43f1-11de-ab9f-000d6011db5a}\Shell\AutoRun - "" = Auto&Play
[2009/11/29 13:30:10 | 52,396,032 | ---- | C] () -- C:\WINDOWS\System32\DKANF

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • 0

#3
bluegrassnash
Posted 30 November 2009 - 10:08 AM

bluegrassnash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I had posted for help at spybot but never received any assistance. No one ever responded. I've asked to have the posting removed.
---------------------------------

I completed the OLT process and rebooted. I received a pop-up when I opened IE. Here are the results from it:
All processes killed
========== OTL ==========
Service WUJOZJT stopped successfully!
Service WUJOZJT deleted successfully!
Service NSAIRR stopped successfully!
Service NSAIRR deleted successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tgcmd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\RRPC-nls deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bec5f000-c34f-11de-abd7-000d60383045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bec5f000-c34f-11de-abd7-000d60383045}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bec5f000-c34f-11de-abd7-000d60383045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bec5f000-c34f-11de-abd7-000d60383045}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8944780-43f1-11de-ab9f-000d6011db5a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8944780-43f1-11de-ab9f-000d6011db5a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8944780-43f1-11de-ab9f-000d6011db5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8944780-43f1-11de-ab9f-000d6011db5a}\ not found.
C:\WINDOWS\system32\DKANF moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dana
->Temp folder emptied: 173554 bytes
->Temporary Internet Files folder emptied: 1680190 bytes
->FireFox cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Roger
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 488 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.86 mb


OTL by OldTimer - Version 3.1.11.3 log created on 11302009_104035

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_ec4.dat not found!

Registry entries deleted on Reboot...


---------------
Thank you.
  • 0

#4
bluegrassnash
Posted 30 November 2009 - 11:20 AM

bluegrassnash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
It appears as though the redirecting of urls is continuing to occurs. The pop-ups are too.

Thank you.
  • 0

#5
Rorschach112
Posted 30 November 2009 - 05:08 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
don't worry will fix it

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#6
bluegrassnash
Posted 01 December 2009 - 06:08 PM

bluegrassnash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I ran the GOOREDFIX.exe and the ComboFix.
The ComboFix ran and installed the Recovery console. It also stated that it identified a root kit and stated it was rebooting. On the shutdown, a message came up such as "catchme.cfxxe dll initializaiton failed". The PC rebooted and the ComboFix continued to run.
And I was humbled AGAIN ( always good to be humbled )... I TRIED to stop AVG and apparently couldn't. The only AVG service listed didn't have a stop option listed. I stopped the task that I thought was running AVG and it appeared to be restarting.

Below is the output of both utilities.

Thanks again for your help.

-------------------------------------------------------


GooredFix by jpshortstuff (27.11.09.1)
Log created at 17:58 on 01/12/2009 (Dana)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:55 27/11/2007]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [23:16 18/11/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [12:18 15/08/2009]
"avg@igeared"="C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" [23:16 18/11/2009]

---------- Old Logs ----------

-=E.O.F=-
----------------------------------------------------------------



ComboFix 09-12-01.01 - Dana 12/01/2009 18:36.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.335 [GMT -5:00]
Running from: c:\documents and settings\Dana\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dana\My Documents\fullreg.reg
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\system32\tmp.reg

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :)
.
((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.

2009-11-30 15:40 . 2009-11-30 15:40 -------- d-----w- C:\_OTL
2009-11-29 12:54 . 2009-11-29 12:54 -------- d-----w- c:\program files\Trend Micro
2009-11-29 00:33 . 2009-11-29 00:33 -------- d--h--w- c:\windows\PIF
2009-11-28 23:53 . 2009-11-28 23:53 117760 ----a-w- c:\documents and settings\Dana\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-28 23:52 . 2009-11-28 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-28 23:44 . 2009-11-28 23:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-28 23:44 . 2009-11-28 23:44 -------- d-----w- c:\documents and settings\Dana\Application Data\SUPERAntiSpyware.com
2009-11-28 23:43 . 2009-11-28 23:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-28 22:26 . 2009-11-28 22:26 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-28 20:48 . 2009-11-28 22:21 -------- d-----w- c:\documents and settings\NetworkService\UserData
2009-11-28 20:47 . 2009-11-28 20:47 -------- d-----w- c:\documents and settings\NetworkService\PrivacIE
2009-11-28 20:47 . 2009-11-28 20:47 -------- d-----w- c:\documents and settings\NetworkService\IECompatCache
2009-11-28 19:28 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2009-11-28 19:28 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2009-11-28 19:27 . 2009-11-28 22:22 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-28 19:27 . 2009-11-28 22:22 -------- d-----w- c:\program files\Spyware Doctor
2009-11-28 12:53 . 2009-11-28 12:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-21 21:41 . 2009-11-18 23:16 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-21 21:41 . 2009-11-18 23:16 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-21 21:40 . 2009-11-18 23:16 798488 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2009-11-21 21:40 . 2009-11-18 23:16 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-20 12:52 . 2009-11-20 12:52 -------- d-----w- c:\documents and settings\Dana\Local Settings\Application Data\AVG Security Toolbar
2009-11-20 11:33 . 2009-11-20 11:32 844056 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-20 11:33 . 2009-11-20 11:32 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-18 23:29 . 2009-10-16 17:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-18 23:17 . 2009-11-18 23:25 -------- d-----w- C:\$AVG
2009-11-18 23:16 . 2009-11-18 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-18 23:16 . 2009-11-28 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-17 20:19 . 2009-11-17 20:19 -------- d-----w- C:\symantec
2009-11-17 18:24 . 2009-11-17 18:24 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-11-02 19:50 . 2009-11-02 19:50 -------- d-----w- c:\program files\iPod
2009-11-02 19:50 . 2009-11-02 19:51 -------- d-----w- c:\program files\iTunes
2009-11-02 19:50 . 2009-11-02 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-02 19:46 . 2009-11-02 19:46 -------- d-----w- c:\program files\QuickTime
2009-11-02 19:34 . 2009-11-02 19:34 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 15:42 . 2009-11-02 15:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 02:40 . 2003-02-20 18:38 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-28 22:21 . 2004-08-05 00:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 19:28 . 2006-09-04 15:45 -------- d-----w- c:\program files\Google
2009-11-18 23:17 . 2008-05-23 22:25 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-18 23:17 . 2008-05-23 22:25 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-18 23:17 . 2007-03-17 00:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-18 23:16 . 2008-05-23 22:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-18 23:16 . 2008-05-23 22:24 -------- d-----w- c:\program files\AVG
2009-11-17 18:24 . 2003-12-14 16:09 -------- d-----w- c:\program files\Intel
2009-11-08 12:02 . 2005-03-19 01:53 -------- d-----w- c:\documents and settings\Dana\Application Data\Apple Computer
2009-11-04 01:36 . 2004-12-31 23:33 -------- d-----w- c:\program files\Audible
2009-11-02 19:50 . 2007-07-01 18:08 -------- d-----w- c:\program files\Common Files\Apple
2009-11-02 19:26 . 2008-04-03 22:34 -------- d-----w- c:\program files\Safari
2009-10-17 11:36 . 2006-09-04 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-17 11:17 . 2006-09-04 18:10 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-07 23:47 . 2009-10-07 23:47 -------- d-----w- c:\documents and settings\Dana\Application Data\ImgBurn
2009-10-07 23:40 . 2009-10-07 23:40 -------- d-----w- c:\program files\ImgBurn
2009-09-11 20:30 . 2004-08-27 16:56 65808 ----a-w- c:\documents and settings\Dana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 1980-01-01 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2009-09-11 18:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-09-11 18:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 1980-01-01 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 17:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1" [X]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 4662776]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-03-10 94208]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-26 344064]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-09-05 114741]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-02-05 106496]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-02-05 20480]
"Rapid Restore"="c:\program files\Xpoint\PE\Skin\rrpcsb.exe" [2003-08-06 180224]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-11 180269]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-18 2020120]
"S3TRAY2"="S3Tray2.exe" - c:\windows\system32\S3Tray2.exe [2001-10-12 69632]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2004-03-26 102400]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2002-09-04 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-06-27 88363]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-18 23:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Quicken WillMaker Plus 2004\\qlp.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 ezgmntr;EZ GIG II Backup Archive Explorer;c:\windows\system32\drivers\ezgmntr.sys [9/23/2006 5:28 PM 213760]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 5:25 PM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 5:25 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [12/14/2003 11:06 AM 15360]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/18/2009 6:16 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/18/2009 6:16 PM 285392]
R2 ezgfsfilt;EZ GIG II FS Filter;c:\windows\system32\drivers\ezgfsfilt.sys [9/23/2006 5:28 PM 28800]
R2 SRFilter;SRFilter;c:\windows\system32\drivers\srntflt.sys [6/26/2004 6:07 AM 84224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [12/2/2006 3:10 AM 48128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2004-06-04 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2003-12-14 06:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - c:\documents and settings\Dana\Application Data\Mozilla\Firefox\Profiles\2pi4l4tl.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Dana\Application Data\Mozilla\Firefox\Profiles\2pi4l4tl.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-tgcmd - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\program files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-01 18:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-01 18:57
ComboFix-quarantined-files.txt 2009-12-01 23:56

Pre-Run: 17,736,433,664 bytes free
Post-Run: 17,700,741,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - FCE81DAF1C3FE2419E93806EAB7B3689
  • 0

#7
bluegrassnash
Posted 01 December 2009 - 06:45 PM

bluegrassnash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I believe that my problems have been resolved. I've been surfing the web from IE and FireFox and haven't had any popups or redirects so far.
<happydance>
Thanks so much!!! I'm extremely grateful.
  • 0

#8
Rorschach112
Posted 01 December 2009 - 06:49 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#9
bluegrassnash
Posted 02 December 2009 - 05:54 PM

bluegrassnash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello....
I've ran the TFC and Anti-Malware. The online scanner is running and seems like it will run for a good long time. I'll post the results when I receive them.
Thanks again for your help.
---------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 3282
Windows 5.1.2600 Service Pack 3

12/2/2009 5:43:36 PM
mbam-log-2009-12-02 (17-43-36).txt

Scan type: Quick Scan
Objects scanned: 126385
Time elapsed: 11 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Rorschach112
Posted 02 December 2009 - 05:55 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
cool
  • 0

Advertisements

#11
bluegrassnash
Posted 02 December 2009 - 06:25 PM

bluegrassnash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The Kaspersky online scanner is running and it is at 2% and been running 45 minutes. So, this thing will probably have to run all night long and I'll check it tomorrow.
Tks again!
  • 0

#12
Rorschach112
Posted 02 December 2009 - 06:32 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
aye it takes a while
  • 0

#13
bluegrassnash
Posted 03 December 2009 - 03:41 AM

bluegrassnash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The online scan completed. Here are the results:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, December 3, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 02, 2009 23:22:11
Records in database: 3324203
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 123257
Threats found: 5
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 06:06:38


File name / Threat / Threats count
C:\Documents and Settings\Dana\.jpi_cache\jar\1.0\nRT.jar-34cbe719-3e52df98.zip Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\IBMTOOLS\APPS\RRPC\RRPC\superinstall.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 2
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.y 1
C:\WINDOWS\system32\drivers\etc\hosts.20090515-203356.backup Infected: Trojan.Win32.Qhost.mcf 1

Selected area has been scanned.
  • 0

#14
Rorschach112
Posted 03 December 2009 - 05:09 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

:Services

:Reg

:Files
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll
C:\WINDOWS\system32\drivers\etc\hosts.20090515-203356.backup

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
bluegrassnash
Posted 03 December 2009 - 03:26 PM

bluegrassnash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I ran OLT and here are the results:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20090515-203356.backup moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dana
->Temp folder emptied: 96781999 bytes
->Temporary Internet Files folder emptied: 6912305 bytes
->Java cache emptied: 13817519 bytes
->FireFox cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Roger
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 488 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 112.13 mb


OTL by OldTimer - Version 3.1.11.3 log created on 12032009_161045

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_5d4.dat not found!

Registry entries deleted on Reboot...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP