View Full Version : Corrupted Search Results
howe0144
2009-11-09, 18:42
When I run a google search on Chrome or Firefox, clicking on my search results redirects me to an ad site. I'd appreciate any help. Here's my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:29 AM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Palm\HOTSYNC.EXE
C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\TMW8E\tmw8e.exe
C:\TMW8E\TMMSG8E.exe
C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8E\TMIETB.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8E\TMIETB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
O4 - HKLM\..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe -s10
O4 - HKLM\..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231215051843
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eech.local
O17 - HKLM\Software\..\Telephony: DomainName = eech.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eech.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eech.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {a8c9c5a9-4e47-4fa2-a6c5-d541d62b7c86} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MFP Data Manage Super - Panasonic Communications Co., Ltd. - C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
--
End of file - 9634 bytes
Hello
Welcome to Safer Networking.
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O18 - Filter hijack: text/html - {a8c9c5a9-4e47-4fa2-a6c5-d541d62b7c86} - (no file)
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please
howe0144
2009-11-12, 22:44
Thanks so much for your help. Here are the logs:
Malwarebytes' Anti-Malware log:
Malwarebytes' Anti-Malware 1.41
Database version: 3155
Windows 5.1.2600 Service Pack 3
11/12/2009 12:40:52 PM
mbam-log-2009-11-12 (12-40-52).txt
Scan type: Quick Scan
Objects scanned: 112689
Time elapsed: 3 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:11 PM, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8E\TMIETB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8E\TMIETB.DLL
O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
O4 - HKLM\..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe -s10
O4 - HKLM\..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231215051843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257991272343
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eech.local
O17 - HKLM\Software\..\Telephony: DomainName = eech.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eech.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eech.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = eech.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {a8c9c5a9-4e47-4fa2-a6c5-d541d62b7c86} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MFP Data Manage Super - Panasonic Communications Co., Ltd. - C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
--
End of file - 6986 bytes
How are things running now ? We can dig deeper if need be
howe0144
2009-11-16, 18:54
unfortunately, my search results are still redirecting from google. any help is/would be appreciated. What info can i give you?
OK, run these two scans, they wont fix anything but I need to see the reports
Please download RootRepeal one of these locations and save it to your desktop
Here (http://ad13.geekstogo.com/RootRepeal.exe)
Here (http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe)
Here (http://rootrepeal.psikotick.com/RootRepeal.exe)
Open http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png on your desktop.
Click the http://billy-oneal.com/forums/rootRepeal/reportTab.png tab.
Click the http://billy-oneal.com/forums/rootRepeal/btnScan.png button.
Check just these boxes:
http://forums.whatthetech.com/uploads/monthly_08_2009/post-75503-1250480183.gif
Push Ok
Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
howe0144
2009-11-16, 21:40
thank you again, ken. here are the reports:
Root Repeal:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/16 11:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8451000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA61C000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6D5A000 Size: 49152 File Visible: No Signed: -
Status: -
==EOF==
log.txt report:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Joel at 2009-11-16 11:37:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 215 GB (90%) free of 238 GB
Total RAM: 2039 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:48 AM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\TMW8E\tmw8e.exe
C:\TMW8E\TMMSG8E.exe
C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\NCH Swift Sound\Express\express.exe
C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joel.EECH\Desktop\RootRepeal.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Joel.EECH\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Joel.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8E\TMIETB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8E\TMIETB.DLL
O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
O4 - HKLM\..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe -s10
O4 - HKLM\..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231215051843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257991272343
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eech.local
O17 - HKLM\Software\..\Telephony: DomainName = eech.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eech.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eech.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = eech.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {a8c9c5a9-4e47-4fa2-a6c5-d541d62b7c86} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MFP Data Manage Super - Panasonic Communications Co., Ltd. - C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
--
End of file - 7720 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\SyncBack Joel.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F17ECE-12DA-46A0-B541-BDE4EB7DF027}]
Time Matters - C:\TMW8E\TMIETB.DLL [2007-08-15 181872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-02-12 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-15 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-15 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-02-12 806912]
{00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - Time Matters - C:\TMW8E\TMIETB.DLL [2007-08-15 181872]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Panasonic Device Monitor Wakeup"=C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe [2006-11-02 303104]
"Panasonic Device Manager for Multi-Function Station software"=C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe [2008-05-15 126976]
"Panasonic IP Address Checker for Multi-Function Station software"=C:\Program Files\Panasonic\MFStation\PccChgIP.exe [2008-02-19 131072]
"Panasonic LPD Manager"=C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe [2007-06-15 147456]
"PspContr"=C:\WINDOWS\system32\PspContr.Exe [2003-10-01 376832]
"PspUsbCf"=C:\WINDOWS\system32\PspUsbCf.exe [2003-10-01 65536]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-03 2028312]
"PowerPanel Personal Edition User Interaction"=C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [2009-05-27 315392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-02 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2006-08-14 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2006-08-14 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic PCFAX for Multi-Function Station software]
C:\Program Files\Panasonic\MFStation\KmPcFax.exe [2008-07-11 757760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2006-08-14 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-12-17 16062464]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-15 2879488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-15 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joel.EECH^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
C:\DOCUME~1\JOEL~1.EEC\LOCALS~1\APPLIC~1\Autobahn\MLB-NE~1.EXE [2009-04-01 801032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joel.EECH^Start Menu^Programs^Startup^palmOne Registration.lnk]
C:\Palm\register.exe [2004-04-13 3207168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joel.EECH^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
C:\Documents and Settings\Joel.EECH\Start Menu\Programs\Startup\PowerReg Scheduler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - C:\Palm\Hotsync.exe
Panasonic Communications Utility.lnk - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Documents and Settings\Joel.EECH\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Palm\HOTSYNC.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-08-14 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe"="C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe:*:Enabled:MFPSCDL"
"C:\WINDOWS\system32\PCCMFLPD.EXE"="C:\WINDOWS\system32\PCCMFLPD.EXE:*:Enabled:PCCMFLPD"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe"="C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe:*:Enabled:MFPSCDL"
"C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe"="C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe:*:Enabled:Panasonic Trap Monitor Service"
"C:\WINDOWS\system32\PCCMFLPD.EXE"="C:\WINDOWS\system32\PCCMFLPD.EXE:*:Enabled:PCCMFLPD"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
======List of files/folders created in the last 1 months======
2009-11-16 11:37:30 ----D---- C:\rsit
2009-11-16 11:07:11 ----A---- C:\RootRepeal report 11-16-09 (11-07-11).txt
2009-11-16 11:06:35 ----A---- C:\RootRepeal report 11-16-09 (11-06-35).txt
2009-11-11 13:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-11 13:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-11 13:56:45 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-11-11 13:56:45 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-11-11 13:56:45 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-11-11 13:56:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-11 13:56:39 ----D---- C:\Program Files\MSXML 4.0
2009-11-11 13:56:30 ----A---- C:\WINDOWS\system32\query.dll
2009-11-11 13:56:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-11 13:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-11 13:56:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-11 13:56:11 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-11-11 13:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-11 13:56:07 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-11-11 13:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-11 13:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-11 13:56:00 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2009-11-11 13:55:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-11 13:55:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-11 13:53:40 ----A---- C:\WINDOWS\system32\wmvcore.dll
2009-11-11 13:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-11-11 13:53:37 ----A---- C:\WINDOWS\system32\jscript.dll
2009-11-11 13:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-11-11 13:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-11 13:53:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-11-11 13:53:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-11-11 13:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-11-11 13:53:26 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-11-11 13:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-11-11 13:53:23 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-11-11 13:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-11 13:53:19 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-11-11 13:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-11 13:53:14 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-11-11 13:53:14 ----A---- C:\WINDOWS\system32\telnet.exe
2009-11-11 13:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-11 13:53:10 ----A---- C:\WINDOWS\system32\atl.dll
2009-11-11 13:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-11 13:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-11 13:53:02 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-11-11 13:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-11-11 13:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-11 13:52:54 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-11-11 13:52:50 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-11-11 13:52:50 ----A---- C:\WINDOWS\system32\wmp.dll
2009-11-11 13:52:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-11-11 13:52:43 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-11-11 13:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-11 13:52:23 ----A---- C:\WINDOWS\system32\quartz.dll
2009-11-11 13:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-11 13:52:19 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-11-11 13:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-11 13:52:15 ----A---- C:\WINDOWS\system32\localspl.dll
2009-11-11 13:52:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-11 13:52:11 ----A---- C:\WINDOWS\system32\secur32.dll
2009-11-11 13:52:11 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-11-11 13:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-11 13:52:07 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-11-11 13:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-11 13:52:01 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-11-11 13:52:01 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-11-11 13:52:01 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-11-11 13:52:01 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-11-11 13:52:01 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-11-11 13:52:01 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-11-11 13:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-11 13:51:48 ----A---- C:\WINDOWS\system32\services.exe
2009-11-11 13:51:48 ----A---- C:\WINDOWS\system32\sc.exe
2009-11-11 13:51:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-11-11 13:51:48 ----A---- C:\WINDOWS\system32\pdh.dll
2009-11-11 13:51:48 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-11-11 13:51:48 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-11-11 13:51:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-11-11 13:51:48 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-11-11 13:51:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-11-11 13:51:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-11 13:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-11 13:51:11 ----D---- C:\d466b50d8c3b804b244c4160fe
2009-11-11 13:51:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-11 13:51:04 ----SHD---- C:\Config.Msi
2009-11-11 13:50:33 ----D---- C:\61b3c50c0a9d51be8a6c
2009-11-11 13:50:29 ----A---- C:\WINDOWS\system32\shell32.dll
2009-11-11 13:50:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-11 13:50:24 ----A---- C:\WINDOWS\system32\schannel.dll
2009-11-11 13:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-11 13:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-11 13:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-11-11 13:49:53 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-11-11 13:49:53 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-11-11 13:49:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-11-11 13:49:24 ----A---- C:\WINDOWS\system32\wmasf.dll
2009-11-11 13:49:23 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-11-11 13:40:30 ----D---- C:\Documents and Settings\Joel.EECH\Application Data\Malwarebytes
2009-11-11 13:40:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-11 13:40:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-11 13:39:17 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-11-11 13:20:01 ----D---- C:\Documents and Settings\Joel.EECH\Application Data\SUPERAntiSpyware.com
2009-11-08 14:54:49 ----D---- C:\Program Files\Trend Micro
2009-11-08 14:49:00 ----D---- C:\WINDOWS\ERDNT
2009-11-08 14:48:02 ----D---- C:\Program Files\ERUNT
2009-11-01 17:12:31 ----D---- C:\WINDOWS\Minidump
2009-10-29 16:16:53 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-29 16:16:50 ----D---- C:\Program Files\MSBuild
2009-10-29 16:16:44 ----D---- C:\Program Files\Reference Assemblies
2009-10-29 16:16:17 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-29 16:16:17 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-29 16:16:17 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-29 16:16:17 ----D---- C:\5e5569304e5d584afc94ace55476fa
2009-10-29 16:10:21 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-10-28 09:39:12 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-10-28 09:38:45 ----D---- C:\Program Files\iPod
2009-10-28 09:38:43 ----D---- C:\Program Files\iTunes
2009-10-28 09:38:43 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-28 09:38:28 ----D---- C:\Program Files\Bonjour
2009-10-28 09:38:00 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-28 09:37:18 ----D---- C:\Program Files\Common Files\Apple
2009-10-28 09:37:18 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
======List of files/folders modified in the last 1 months======
2009-11-16 11:37:35 ----D---- C:\WINDOWS\Prefetch
2009-11-16 11:37:04 ----D---- C:\WINDOWS\Temp
2009-11-16 11:15:26 ----D---- C:\Program Files\Mozilla Firefox
2009-11-16 11:03:44 ----A---- C:\WINDOWS\TMW80.INI
2009-11-16 08:50:39 ----A---- C:\WINDOWS\win.ini
2009-11-16 08:50:35 ----D---- C:\TMW8E
2009-11-16 00:00:00 ----D---- C:\Program Files\CyberPower PowerPanel Personal Edition
2009-11-15 21:35:55 ----D---- C:\WINDOWS\security
2009-11-13 14:50:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-12 12:35:22 ----D---- C:\WINDOWS\system32\drivers
2009-11-12 12:30:36 ----D---- C:\WINDOWS\system32
2009-11-12 12:30:35 ----D---- C:\WINDOWS
2009-11-12 08:27:14 ----HD---- C:\WINDOWS\inf
2009-11-12 08:27:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-11 19:08:07 ----HD---- C:\$AVG8.VAULT$
2009-11-11 18:59:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-11 18:52:47 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-11 18:04:22 ----SHD---- C:\WINDOWS\Installer
2009-11-11 18:00:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-11 18:00:02 ----D---- C:\WINDOWS\Debug
2009-11-11 17:58:04 ----RD---- C:\Program Files
2009-11-11 17:57:56 ----SD---- C:\WINDOWS\Tasks
2009-11-11 17:57:19 ----D---- C:\WINDOWS\pss
2009-11-11 14:05:10 ----RSD---- C:\WINDOWS\assembly
2009-11-11 14:02:55 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-11 13:56:41 ----D---- C:\WINDOWS\WinSxS
2009-11-11 13:56:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-11 13:55:44 ----D---- C:\WINDOWS\system32\en-us
2009-11-11 13:55:44 ----D---- C:\Program Files\Internet Explorer
2009-11-11 13:55:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-11 13:53:07 ----D---- C:\Program Files\Outlook Express
2009-11-11 13:52:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-11 13:51:09 ----D---- C:\Program Files\Common Files
2009-11-11 13:46:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-11 13:45:39 ----D---- C:\Program Files\SpywareBlaster
2009-11-11 13:39:17 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-11 09:52:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-11 09:51:16 ----D---- C:\WINDOWS\system32\wbem
2009-11-11 09:09:39 ----D---- C:\WINDOWS\AppPatch
2009-11-11 07:50:22 ----D---- C:\WINDOWS\system32\config
2009-11-11 07:49:36 ----SHD---- C:\RECYCLER
2009-11-05 09:36:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-01 17:12:32 ----SHD---- C:\WINDOWS\CSC
2009-10-29 16:16:48 ----RSD---- C:\WINDOWS\Fonts
2009-10-29 16:16:27 ----D---- C:\WINDOWS\system32\spool
2009-10-29 16:10:24 ----D---- C:\WINDOWS\Help
2009-10-28 09:40:01 ----D---- C:\Documents and Settings\Joel.EECH\Application Data\Apple Computer
2009-10-28 09:39:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-28 09:38:21 ----D---- C:\Program Files\QuickTime
2009-10-23 13:04:43 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-26 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-03-04 215872]
R2 MGCSECP;MGCSECP; C:\WINDOWS\system32\drivers\MGCSECP.sys [2001-10-25 99808]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2008-11-12 37376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-08-14 1109568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-20 4405248]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2009-01-14 16694]
R3 Psp6174s;Philips SpeechMike Driver; C:\WINDOWS\system32\DRIVERS\Psp6174s.sys [2000-06-16 16648]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-15 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 MFP Data Manage Super;MFP Data Manage Super; C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe [2003-04-23 552960]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service; C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe [2004-08-03 36864]
R2 Panasonic Trap Monitor Service;Panasonic Trap Monitor Service; C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe [2004-02-24 69632]
R2 ppped;PowerPanel Personal Edition Service; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [2009-05-27 868352]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
-----------------EOF-----------------
info.txt report:
info.txt logfile of random's system information tool 1.06 2009-11-16 11:37:50
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{5A0597D9-FFF7-4BDE-B205-AB8D1FB2B4EA}\Setup.exe" /l0x0009 MFSUNINST /clone_wait -s -f1"C:\Program Files\InstallShield Installation Information\{5A0597D9-FFF7-4BDE-B205-AB8D1FB2B4EA}\Uninstall\setup.iss" -removeonly
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.43 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Attansic Giga Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Communication Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D16A1202-2BC5-4BB9-BEBA-D2FD14C8A1CE}\setup.exe"
CyberPower PowerPanel Personal Edition 1.2.3-->MsiExec.exe /I{46E21083-D598-4217-99B0-2ED3E4152759}
Dell Laser Printer 1110 Software Uninstall-->C:\Program Files\DELL\Dell Laser Printer 1110\Install\setup.exe /Uninstall
Document Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEC264C1-6234-4739-94B3-630CD04C4CAE}\setup.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Express Dictate-->C:\Program Files\NCH Swift Sound\Express\uninst.exe
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Icon Restore 1.0-->C:\WINDOWS\unins000.exe
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
LexisNexis Practice Management Installer-->MsiExec.exe /X{D2AD588F-6592-4DDE-95A5-6CAC18F528C3}
LightScribe System Software 1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MLB.TV NexDef Plug-in-->C:\Documents and Settings\Joel.EECH\Local Settings\Application Data\Autobahn\Uninstall.exe
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 Essentials-->MsiExec.exe /X{D323F1F1-E9F4-4B61-BE3B-4147276D1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network MFP Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C8886D1-56EB-47B1-8058-1EFD9D269FAD}\setup.exe"
Palm Desktop-->MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Panafax Desktop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BBCB4BF-F42C-486C-AED1-E617D83958C8}\setup.exe"
Panasonic DP-3520/4520/6020-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{007B48F3-4590-4C24-A883-1A1BB1253B58}\setup.exe" -Remove
Panasonic Multi-Function Station software-->"C:\Program Files\InstallShield Installation Information\{53DE4FAD-F853-44F3-AC39-AD2940E5DD53}\setup.exe" -runfromtemp -l0x0009 MFSUNINST -removeonly
Panasonic V1.13.00E Device Monitor-->C:\Program Files\InstallShield Installation Information\{5061C9FB-BA2D-4498-92B6-5459A0E2F6E3}\setup.exe -runfromtemp -l0x0009/U -removeonly
Panasonic-DMS Read Me DP-3520-4520-6020-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C57B101-B6A7-478B-AE55-61DC6AAC3888}\setup.exe"
Panasonic-DMS Version-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB0CBC71-5791-4D45-828C-893B28A25CD6}\setup.exe"
Panasonic-DMS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055193C9-9A9C-4956-A71E-4BBE5167ADCA}\setup.exe"
PDF reDirect (remove only)-->C:\Program Files\PDF reDirect\Uninstall.exe
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_8328.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_8328.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Readiris Pro 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{875F2DAB-3B03-11D5-AB3E-000102B0F79A}\Setup.exe" -l0x9
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SpeechMike Application-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE813B0-BF65-11D2-92B4-0060B0686AFB}\setup.exe" -uninst
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
=====HijackThis Backups=====
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-11-11]
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) [2009-11-11]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL [2009-11-11]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2009-11-11]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2009-11-11]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-11-11]
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html [2009-11-11]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [2009-11-11]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2009-11-11]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-11-11]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-11-11]
O18 - Filter hijack: text/html - {a8c9c5a9-4e47-4fa2-a6c5-d541d62b7c86} - (no file) [2009-11-11]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-11-11]
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-11-11]
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-11-11]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL [2009-11-11]
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE [2009-11-11]
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file) [2009-11-11]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-11-11]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-11-11]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-11-11]
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-11-11]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-11-11]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab [2009-11-11]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-11-11]
O18 - Filter hijack: text/html - {a8c9c5a9-4e47-4fa2-a6c5-d541d62b7c86} - (no file) [2009-11-11]
O18 - Filter hijack: text/html - {a8c9c5a9-4e47-4fa2-a6c5-d541d62b7c86} - (no file) [2009-11-12]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Anti-Virus Network Edition
======System event log======
Computer Name: HOWE
Event Code: 256
Message: Timed out sending notification of device interface change to window of "HotSync Manager"
Record Number: 517
Source Name: PlugPlayManager
Time Written: 20090113164151.000000-480
Event Type: warning
User:
Computer Name: HOWE
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.
Record Number: 407
Source Name: Print
Time Written: 20090112190425.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: HOWE
Event Code: 20
Message: Printer Driver PDF reDirect Pro for Windows NT x86 Version-3 was added or updated. Files:- PSCRIPT5.DLL, PS5UI.DLL, PDFR_NST.PPD, PSCRIPT.HLP, PSCRIPT.NTF.
Record Number: 382
Source Name: Print
Time Written: 20090112183310.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: HOWE
Event Code: 6161
Message: The document Test Page owned by Joel failed to print on printer Panasonic DP-3520. Data type: NT EMF 1.008. Size of the spool file in bytes: 76900. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\HOWE. Win32 error code returned by the print processor: 21 (0x15). The device is not ready.
Record Number: 378
Source Name: Print
Time Written: 20090112182546.000000-480
Event Type: error
User: EECH\Joel
Computer Name: HOWE
Event Code: 20
Message: Printer Driver HP LaserJet 5 for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPLJ5.GPD, UNIDRV.HLP, PCL5ERES.DLL, TTFSUB.GPD, UNIRES.DLL, STDNAMES.GPD.
Record Number: 377
Source Name: Print
Time Written: 20090112182459.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: HOWE
Event Code: 1517
Message: Windows saved user EECH\Joel registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 273
Source Name: Userenv
Time Written: 20090212084622.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: HOWE
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Record Number: 272
Source Name: Userenv
Time Written: 20090212082811.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: HOWE
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Record Number: 269
Source Name: AutoEnrollment
Time Written: 20090212082216.000000-480
Event Type: error
User:
Computer Name: HOWE
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Record Number: 266
Source Name: Userenv
Time Written: 20090212082216.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: HOWE
Event Code: 1517
Message: Windows saved user EECH\Joel registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 265
Source Name: Userenv
Time Written: 20090212082127.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Hi,
Looks like you removed some entries with HJT previously, remove this entry.
O18 - Filter hijack: text/html - {a8c9c5a9-4e47-4fa2-a6c5-d541d62b7c86} - (no file)
Lets reset your hosts file and see if that helps.
Download the HostsXpert 4.3 - Hosts File Manager (http://www.funkytoad.com/download/HostsXpert.zip).
Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper left corner.
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Please run this free online virus scanner from ESET (http://www.eset.eu/online-scanner)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic