View Full Version : Google redirect help
Hello everyone, and thank you in advance. Recently I began getting annoying redirects that seem to be coming from "Find Fast Answers" that take me to Verde.us, yellowise and a few others. Being a newbie, well maybe not as you guided me through an rundll problem in the past can you please help me with step by step instruction on how to conquer this issue. I have a feeling KIDS who are forbidden form this computer have be meddling around. Thank you again
GKFISH
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Greg at 20:05:12 on 2011-08-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2138 [GMT -4:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
You did not post the entire DDS log, here are the instructions in case you deleted it
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Greg at 20:05:12 on 2011-08-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2138 [GMT -4:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] c:\program files\dell photo aio printer 926\memcard.exe
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DATAMNGR] c:\progra~1\imesha~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{477A5AC8-5CBC-4C60-BA9C-A2AF7719E1D3} : DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg\application data\mozilla\firefox\profiles\8zvej24t.default\
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\imesh applications\mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-4-3 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-4-3 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-3 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-4-3 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-25 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-25 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gsc\WLService.exe [2008-11-26 53307]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\r169419\atidgllk.sys [2008-4-2 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
.
=============== Created Last 30 ================
.
2011-08-18 17:29:05 -------- d-----w- c:\program files\iPod
2011-08-18 17:29:00 -------- d-----w- c:\program files\iTunes
2011-08-18 17:18:42 -------- d-----w- c:\program files\Bonjour
2011-08-13 16:42:11 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-13 16:40:47 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-27 20:32:43 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-08-27 20:32:42 104 --sh--r- c:\windows\system32\5018098FE8.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-22 15:01:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 18:18:34 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:18:34 667136 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18:34 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 12:58:45 369664 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:12:12.98 ===============
Thank you.
Hi,
You do have some malware on this system, iMesh Media Bar needs to go.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Run this scan to check for a rootkit
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Post both the Malwarebytes log and the log from aswMBR please
Malwarebytes' Anti-Malware 1.34
Database version: 1849
Windows 5.1.2600 Service Pack 3
8/30/2011 2:32:20 PM
mbam-log-2011-08-30 (14-32-20).txt
Scan type: Quick Scan
Objects scanned: 90142
Time elapsed: 6 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Temp\cd11fa16-6fcc-4b9b-9209-7ad9d601cf67.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cd1da5d7-535a-4438-b5e7-c2899dd6bf7c.tmp (Heuristics.Ma
Thank you.
Hi Ken,
For whatever reason, after I downlaoded the second program it will not scan. The security warning comes up, at which time I chose allow...then nothing.
Thank You
Thanks for the logs, lets try this , first drag aswMBR to the trash and download a fresh copy, make sure to download it to your desktop, dont run it yet
Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.
1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
Run rkill repeatedly until it's able to do it's job. This may take a few tries.
You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
Now try asWMBR once more
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 08/30/2011 at 23:10:21.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Greg\Desktop\uSeRiNiT.exe
Rkill completed on 08/30/2011 at 23:10:30.
Ken, this was the only log after running all 5 rkill files. I still cannot run aswMBR. Thank you
Try aswMBR in Safemode
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
If still a no go then try this one
RootRepeal - Rootkit Detector
Download RootRepeal from the following location and save it to your desktop.
Link 1 (http://rootrepeal.googlepages.com/RootRepeal.zip)
Link 2 (http://ad13.geekstogo.com/RootRepeal.zip)
Link 3 (http://rootrepeal.psikotick.com/RootRepeal.zip)
Unzip it to your Desktop
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
Click the OK button
Check the box for your main system drive (Usually C:), and Click OK to start the scan
The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 00000024
Image Path: \Driver\00000024
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: 00000161
Image Path: \Driver\00000161
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8D11000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5BC000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA4EB2000 Size: 49152 File Visible: No Signed: -
Status: -
Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x8afecb30]
Process: System Address: 0x8b00c0c3 Size: 3902
Object: Hidden Code [ETHREAD: 0x8afeb020]
Process: System Address: 0x8b00d9fd Size: 1540
==EOF==
Hope I did this correctly, again, Thank You.
Hi,
I would like you to run Combofix, a while back it would not run with AVG installed but I believe they fixed that, if it will not run then go to your Add Remove Programs in your Control Panel and uninstall AVG, we will reinstall it when where done.
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ComboFix 11-08-31.04 - Greg 08/31/2011 16:26:58.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2335 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\COMBO-FIX.exe
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL32.tmp
c:\documents and settings\All Users\SPL34.tmp
c:\documents and settings\All Users\SPL78.tmp
c:\documents and settings\All Users\SPL7D.tmp
c:\documents and settings\Kiddies\My Documents\~WRL0003.tmp
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))
.
.
2011-08-18 17:29 . 2011-08-18 17:29 -------- d-----w- c:\program files\iPod
2011-08-18 17:29 . 2011-08-18 17:29 -------- d-----w- c:\program files\iTunes
2011-08-18 17:18 . 2011-08-18 17:18 -------- d-----w- c:\program files\Bonjour
2011-08-18 17:15 . 2011-08-18 17:15 -------- d-----w- c:\program files\Apple Software Update
2011-08-13 16:42 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-13 16:40 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-30 18:17 . 2011-06-22 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-10 17:51 667136 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-10 17:51 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 12:58 . 2004-08-10 17:51 369664 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-08-31 20:12 . 2011-05-08 01:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2010-10-19 12:43 585608 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\documents and settings\Kiddies\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-13 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 14:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 926\\dlcxmon.exe"=
"c:\\Program Files\\Linksys\\WUSB54GSC\\WUSB54GSC.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2008 8:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2008 8:06 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2008 8:06 PM 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/25/2010 10:30 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/25/2010 10:30 AM 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [11/26/2008 1:19 PM 53307]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [4/2/2008 7:47 PM 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 5:57 PM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 01:59]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-31 17:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1972)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys\WUSB54GSC\WUSB54GSC.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2011-08-31 17:17:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-31 21:17
ComboFix2.txt 2009-03-14 00:37
.
Pre-Run: 471,316,488,192 bytes free
Post-Run: 472,252,825,600 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1E9FADA1A2C333D829189CE7E761B8A6
Ken, Thank you !!
This will remove iMesh. File Sharing in any way shape or form is dangerous
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
File::
C:\PROGRA~1\IMESHA~1
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"=-
[-HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
ComboFix 11-08-31.04 - Greg 08/31/2011 19:06:20.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2397 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\COMBO-FIX.exe
Command switches used :: c:\documents and settings\Greg\Desktop\CFScript.txt
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\progra~1\IMESHA~1"
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))
.
.
2011-08-31 19:56 . 2011-08-31 21:18 -------- d-----w- C:\COMBO-FIX
2011-08-18 17:29 . 2011-08-18 17:29 -------- d-----w- c:\program files\iPod
2011-08-18 17:29 . 2011-08-18 17:29 -------- d-----w- c:\program files\iTunes
2011-08-18 17:18 . 2011-08-18 17:18 -------- d-----w- c:\program files\Bonjour
2011-08-18 17:15 . 2011-08-18 17:15 -------- d-----w- c:\program files\Apple Software Update
2011-08-13 16:42 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-13 16:40 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-30 18:17 . 2011-06-22 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-10 17:51 667136 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-10 17:51 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 12:58 . 2004-08-10 17:51 369664 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-08-31 20:12 . 2011-05-08 01:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\documents and settings\Kiddies\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-13 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 14:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 926\\dlcxmon.exe"=
"c:\\Program Files\\Linksys\\WUSB54GSC\\WUSB54GSC.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2008 8:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2008 8:06 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2008 8:06 PM 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/25/2010 10:30 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/25/2010 10:30 AM 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [11/26/2008 1:19 PM 53307]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [4/2/2008 7:47 PM 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 5:57 PM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 01:59]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-31 19:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-31 19:48:22
ComboFix-quarantined-files.txt 2011-08-31 23:47
ComboFix2.txt 2011-08-31 21:18
ComboFix3.txt 2009-03-14 00:37
.
Pre-Run: 472,309,710,848 bytes free
Post-Run: 472,290,074,624 bytes free
.
- - End Of File - - C1CA0BF99FB8E7C182428C8178DC210A
Thanks Ken!
Good Morning,
After further review we need to close these ports to keep the bad guys out
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Yes,
After running combo fix again, after about 25 min. it said "waiting to create report". I feel asleep and never saw report and cannot locate it...Now i'm really stuck. The computer still redirects and app. like word, paint, and notebook take forever to open. Me thinks me machine is dying!!!!
Thanks
Lets go back a few steps, see if you can run aswMBR in safemode
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Hi Ken,
I still cannot run aswMBR.
Thanks, Greg
Hi Ken,
ComboFix 11-09-05.05 - Greg 09/05/2011 21:01:04.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2415 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\COMBO-FIX.exe
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse
c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse
c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-06 01:32 . 2011-09-06 01:34 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory
2011-08-31 19:56 . 2011-08-31 21:18 -------- d-----w- C:\COMBO-FIX
2011-08-18 17:29 . 2011-08-18 17:29 -------- d-----w- c:\program files\iPod
2011-08-18 17:29 . 2011-08-18 17:29 -------- d-----w- c:\program files\iTunes
2011-08-18 17:18 . 2011-08-18 17:18 -------- d-----w- c:\program files\Bonjour
2011-08-18 17:15 . 2011-08-18 17:15 -------- d-----w- c:\program files\Apple Software Update
2011-08-13 16:42 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-13 16:40 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-30 18:17 . 2011-06-22 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-10 17:51 667136 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-10 17:51 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 12:58 . 2004-08-10 17:51 369664 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-08-31 20:12 . 2011-05-08 01:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-31_21.01.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-05 16:57 . 2011-09-05 16:57 278528 c:\windows\ERDNT\AutoBackup\9-5-2011\Users\00000002\UsrClass.dat
+ 2011-09-05 16:57 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-5-2011\ERDNT.EXE
+ 2011-09-04 23:28 . 2011-09-04 23:28 278528 c:\windows\ERDNT\AutoBackup\9-4-2011\Users\00000002\UsrClass.dat
+ 2011-09-04 23:28 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-4-2011\ERDNT.EXE
+ 2011-09-05 16:56 . 2011-09-05 16:57 3133440 c:\windows\ERDNT\AutoBackup\9-5-2011\Users\00000001\ntuser.dat
+ 2011-09-04 23:28 . 2011-09-04 23:28 3133440 c:\windows\ERDNT\AutoBackup\9-4-2011\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
.
c:\documents and settings\Kiddies\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-13 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 14:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 926\\dlcxmon.exe"=
"c:\\Program Files\\Linksys\\WUSB54GSC\\WUSB54GSC.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2008 8:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2008 8:06 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2008 8:06 PM 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/25/2010 10:30 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/25/2010 10:30 AM 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [4/2/2008 7:47 PM 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 5:57 PM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 01:59]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 21:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(188)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys\WUSB54GSC\WLService.exe
c:\program files\Linksys\WUSB54GSC\WUSB54GSC.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-09-05 21:49:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-06 01:48
ComboFix2.txt 2011-09-05 02:41
ComboFix3.txt 2011-08-31 23:48
ComboFix4.txt 2011-08-31 21:18
ComboFix5.txt 2011-09-06 00:56
.
Pre-Run: 472,221,155,328 bytes free
Post-Run: 472,216,002,560 bytes free
.
- - End Of File - - C84E1716DD86A03DC51D27284F93E78D
Latest log, thanks
Good Morning,
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
TDSS will not run???
Greg
Run this program first, then try both aswMBR and TDSSkiller
Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.
1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
Run rkill repeatedly until it's able to do it's job. This may take a few tries.
You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 09/06/2011 at 12:40:17.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\Greg\Desktop\rkill.scr
C:\Documents and Settings\Greg\Desktop\uSeRiNiT.exe
C:\WINDOWS\system32\grpconv.exe
Rkill completed on 09/06/2011 at 12:42:20.
Run this program first, then try both aswMBR and TDSSkiller
Ken,
Neither will run.
Greg
Run this program first and try them again, but boot to safemode with networking and try it from there
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
exeHelper by Raktor
Build 20100414
Run at 21:15:27 on 09/09/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Thanks, Greg
exeHelper by Raktor
Build 20100414
Run at 21:15:27 on 09/09/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 21:21:35 on 09/09/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Will either of those programs run ?
Ken, That is the only log I get, I get a "press any key to continue" prompt which I do, then nothing. However when I do this my computer seems to sound as if its running very loud, could be safe mode though. Should I discontinue use of Firefox as my browser?
Thanks, Greg
Firefox is a lot more secure than IE.
Try this
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Gooredfix log
GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:50 on 12/09/2011 (Greg)
Firefox version 6.0.2 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:52 02/04/2008]
C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [15:40 28/01/2011]
{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} [22:49 16/02/2010]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [19:18 20/08/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [01:25 24/10/2009]
"avg@igeared"="C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" [16:41 13/08/2011]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:52 10/12/2010]
-=E.O.F=-
Thank you.
Hi Ken,
It seems as if the problem has been solved, computer on longer redirects. Should I dispose of all tools and texts that we downloaded during this process. I really appreciate you time and patients.
Greg
Hello Greg,
Thats great, we will remove all the tools we used when where done, just woulld like you to run a free online virus scanner in case we missed something.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Ken'
I ran the scan which found 2 infected files, however I didnt save the text and lost it. If need be i'll run again, I'm certainly not making your job any easier.
Greg
Thats ok, not to worry but if you had it set not to remove them then we need to know what they where , so lets run it again
Ken,
Its redirecting again....ugh
Ok, run ESET again and post the log
Hi Ken,
Ran eset again, it did not create a log, the scanning window only stated "no threats found". and gave file totals and time scan took.
Greg
Hello Greg,
Thats good. Where are you being redirected to ??
Say I do a search on Google, i'll get the results and click on one and I get redirected to sites such as " yellowbook.com, funbrain,gimmieanswers, find fast answers, catty etc.etc
But now its only certain result or sites, it seem that on government sites I dont get redirected, but MLB.com I got redirected. I cannot firgure out which I do or dont, theres really no pattern.
Thanks, Greg
Where you ever able to get aswMBR to run, now that Combofix removed some bad entries it may run, but drag it to the trash and grab a fresh copy.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Or try this one
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
Ken,
ran GMER here is log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-14 14:39:18
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Greg\LOCALS~1\Temp\ugtyapog.sys
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\temp\97c17011-9581-4593-8aef-912c43f8db59.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
Greg
Lets try updating Malwarebytes , run a Quick Scan and post the log, then try this program also.
Please download SuperAntiSpyware Free (http://www.superantispyware.com/superantispyware.html)
Install the program
Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)
Please provide the SuperAntiSpyware log in your next reply
Ken,
Am I administering these programs correctly? Could it be something i'm doing wrong!!
Malwarebytes' Anti-Malware 1.34
Database version: 1849
Windows 5.1.2600 Service Pack 3
9/14/2011 6:32:48 PM
mbam-log-2011-09-14 (18-32-48).txt
Scan type: Full Scan (C:\|)
Objects scanned: 155136
Time elapsed: 30 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Greg\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit)
:bigthumb:
Now run SuperAntiSpyware
Ken, foeum say the log is 62,100 characters too long to post.
Greg
See if you can attach it, look towards the bottom of this thread under MANAGE ATTACHMENTS
You already posted the Malwarebytes log, I need you to run SuperAntiSpyware and post that log, if its to large than attach it
Ken,
When I try to upload log using "manage attachments" option it keeps telling me its and invalid file??
Thanks, Greg
Gregg,
SuperAntiSpyware will open the log in Notepad which is a .txt file, it should attach unless you saved it as another format.
Try opening the log and make sure you save it as a txt. Or open the log and copy and paste half of it in and then do another post and paste the other half, take as many replies as you need to post it all
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/14/2011 at 08:07 PM
Application Version : 5.0.1118
Core Rules Database Version : 7691
Trace Rules Database Version: 5503
Scan type : Complete Scan
Total Scan Time : 00:39:37
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 686
Memory threats detected : 0
Registry items scanned : 37643
Registry threats detected : 0
File items scanned : 50331
File threats detected : 576
Adware.Tracking Cookie
C:\Documents and Settings\Greg\Cookies\greg@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Greg\Cookies\greg@mediaforgews[1].txt
C:\Documents and Settings\Greg\Cookies\greg@microsoftmachinetranslation.112.2o7[1].txt
C:\Documents and Settings\Greg\Cookies\CAY367KT.txt
C:\Documents and Settings\Greg\Cookies\CAMN49OT.txt
C:\Documents and Settings\Greg\Cookies\CA1SX85X.txt
C:\Documents and Settings\Greg\Cookies\CAEYV7PO.txt
C:\Documents and Settings\Greg\Cookies\CABPCUBF.txt
C:\Documents and Settings\Greg\Cookies\CASP6B81.txt
C:\Documents and Settings\Greg\Cookies\CAONK34D.txt
C:\Documents and Settings\Greg\Cookies\CA6RK9AR.txt
C:\Documents and Settings\Greg\Cookies\CAY30FTE.txt
C:\Documents and Settings\Greg\Cookies\CAE1K94L.txt
C:\Documents and Settings\Greg\Cookies\CAKXU7OR.txt
C:\Documents and Settings\Greg\Cookies\CA2HW381.txt
C:\Documents and Settings\Greg\Cookies\CAUIAGVT.txt
C:\Documents and Settings\Greg\Cookies\CA11W2UJ.txt
C:\Documents and Settings\Greg\Cookies\CARH7MUB.txt
C:\Documents and Settings\Greg\Cookies\CA8RV3XH.txt
C:\Documents and Settings\Greg\Cookies\CA27SVGL.txt
C:\Documents and Settings\Greg\Cookies\CA4JKLUB.txt
C:\Documents and Settings\Greg\Cookies\CAFW7P50.txt
C:\Documents and Settings\Greg\Cookies\CAQDSPST.txt
C:\Documents and Settings\Greg\Cookies\CAHVBUC8.txt
C:\Documents and Settings\Greg\Cookies\CAG167OP.txt
C:\Documents and Settings\Greg\Cookies\CAC4DUR7.txt
C:\Documents and Settings\Greg\Cookies\CAQZCTST.txt
C:\Documents and Settings\Greg\Cookies\CAOLM7SP.txt
C:\Documents and Settings\Greg\Cookies\CAKCX6JR.txt
C:\Documents and Settings\Greg\Cookies\CAYBIZ6X.txt
C:\Documents and Settings\Greg\Cookies\CAVMU57V.txt
C:\Documents and Settings\Greg\Cookies\CAXF7BN6.txt
C:\Documents and Settings\Greg\Cookies\CA6ZYNMP.txt
C:\Documents and Settings\Greg\Cookies\CA6B8XAN.txt
C:\Documents and Settings\Greg\Cookies\CA0TQDET.txt
C:\Documents and Settings\Greg\Cookies\CASVEPIZ.txt
C:\Documents and Settings\Greg\Cookies\CAY301UF.txt
C:\Documents and Settings\Greg\Cookies\CA6JY1CJ.txt
C:\Documents and Settings\Greg\Cookies\CAPR7JQN.txt
C:\Documents and Settings\Greg\Cookies\CA25OTQ9.txt
C:\Documents and Settings\Greg\Cookies\CAW5AF8X.txt
C:\Documents and Settings\Greg\Cookies\CAY1W1U5.txt
C:\Documents and Settings\Greg\Cookies\CACRYPIL.txt
C:\Documents and Settings\Greg\Cookies\CARNGM0H.txt
C:\Documents and Settings\Greg\Cookies\CALVZO8H.txt
C:\Documents and Settings\Greg\Cookies\CAOT4LS3.txt
C:\Documents and Settings\Greg\Cookies\CAK3ANWV.txt
C:\Documents and Settings\Greg\Cookies\CAHKGGHP.txt
C:\Documents and Settings\Greg\Cookies\CAETMDW5.txt
C:\Documents and Settings\Greg\Cookies\CA69CF65.txt
C:\Documents and Settings\Greg\Cookies\CAIFSPUV.txt
C:\Documents and Settings\Greg\Cookies\CAKG54EY.txt
C:\Documents and Settings\Greg\Cookies\CAOPGN63.txt
C:\Documents and Settings\Greg\Cookies\CA5WYYR2.txt
C:\Documents and Settings\Greg\Cookies\CA61KJIH.txt
C:\Documents and Settings\Greg\Cookies\CAKT27SH.txt
C:\Documents and Settings\Greg\Cookies\CA87WVMN.txt
C:\Documents and Settings\Greg\Cookies\CAWPSZW1.txt
C:\Documents and Settings\Greg\Cookies\CA2V4LQB.txt
C:\Documents and Settings\Greg\Cookies\CAT3H8KX.txt
C:\Documents and Settings\Greg\Cookies\CAKLAB41.txt
C:\Documents and Settings\Greg\Cookies\CAPSAXDF.txt
C:\Documents and Settings\Greg\Cookies\CAQ5Y9WT.txt
C:\Documents and Settings\Greg\Cookies\CAEVKH63.txt
C:\Documents and Settings\Greg\Cookies\CA0BHZE6.txt
C:\Documents and Settings\Greg\Cookies\CAJS3AJO.txt
C:\Documents and Settings\Greg\Cookies\CAEDODGL.txt
C:\Documents and Settings\Greg\Cookies\CAI7AJ25.txt
C:\Documents and Settings\Greg\Cookies\CA3B4OQ1.txt
C:\Documents and Settings\Greg\Cookies\CA4J25AH.txt
media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4RGBY4CF ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4RGBY4CF ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4RGBY4CF ]
.aon.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
segment-pixel.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.activenetwork.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.nhl.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.readersdigest.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.newsday.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.msgvarsitynetwork.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.analytics.rogersmedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.rogersmedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
www.find-fast-answers.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
clicks.thespecialsearch.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.findology.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.findology.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.findology.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
www.cpcadnet.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.cpcadnet.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
weddingwire.advertserve.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
bridge1.admarketplace.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.admarketplace.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
counter.surfcounters.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.amtk-media.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.amtk-media.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ads2.zeusclicks.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ads.zeusclicks.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.traffichaus.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adxpansion.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.smartclicksystem.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
tracking.smartclicksystem.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
tracking.smartclicksystem.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
tracking.smartclicksystem.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adknowledge.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adknowledge.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adknowledge.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
pornografish.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.c5.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.andomedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adcentriconline.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.eset.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
www.teenspeak.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.shopica.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.advertise.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
adserver2.exgfnetwork.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZVEJ24T.DEFAULT\COOKIES.SQLITE ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MACRO
.ru4.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
adserver2.exgfnetwork.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
delivery.trafficjunky.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
delivery.trafficjunky.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.find-fast-answers.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
gotacha.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
gotacha.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.inspiremediagrouponline.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.inspiremediagrouponline.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.rkteens.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.rkteens.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.rkteens.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.rkteens.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.rkteens.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.rkteens.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.rkteens.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.rkteens.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.xxxcupid.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.xxxcupid.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.xxxcupid.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
wt.xxxcupid.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.pornhublive.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ads.zeusclicks.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.blackteenrevenge.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.blackteenrevenge.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.blackteenrevenge.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.blackteenrevenge.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.delivery.trafficjunky.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ads2.zeusclicks.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.daywithapornstar.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.daywithapornstar.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.daywithapornstar.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.daywithapornstar.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.daywithapornstar.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.daywithapornstar.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.daywithapornstar.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
counter.surfcounters.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.shopica.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pornhublive.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
pornhublive.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pornhublive.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
ads.trafficjunky.net [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.advertise.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KIDDIES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VWCKJTW.DEFAULT\COOKIES.SQLITE ]
C:\DOCUMENTS AND SETTINGS\KIDDIES\COOKIES\KIDDIES@AVGTECHNOLOGIES.112.2O7[1].TXT
C:\DOCUMENTS AND SETTINGS\KIDDIES\COOKIES\KIDDIES@CDN4.SPECIFICCLICK[2].TXT
C:\DOCUMENTS AND SETTINGS\KIDDIES\COOKIES\KIDDIES@INSIGHTEXPRESSAI[2].TXT
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0086420.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP
Thank you.
Looks like all it found where cookies and a couple of bad files in your Windows System Restore Program, lets flush it all out
System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.
Please follow the steps below to create a clean restore point:
Click Start > Run > copy and paste the following into the run box:
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.
Then remove all previous Restore Points
Click Start > Run > copy and paste the following into the run box:
cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.
How are things running now ?
Hi Ken,
Followed your instructions, computer is still redirecting when I do a search in Google.
Thanks Greg
This may be the culprit
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Been looking over this thread, lets try this
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Sorry for not being able to post. Here is the Combo Fix log from today. I will wait to hear from you before I run OTL.
Thanks, Greg
ComboFix 11-09-21.03 - Greg 09/21/2011 13:50:04.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2232 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\COMBO-FIX.exe
Command switches used :: c:\documents and settings\Greg\Desktop\CFScript.txt
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse
c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse
c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 18:22 . 2011-09-21 18:24 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory
2011-09-14 23:27 . 2011-09-14 23:27 -------- d-----w- c:\documents and settings\Greg\Application Data\SUPERAntiSpyware.com
2011-09-14 23:26 . 2011-09-14 23:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-14 23:26 . 2011-09-14 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-13 20:39 . 2011-09-13 20:40 -------- d-----w- c:\program files\iPod
2011-09-13 20:39 . 2011-09-13 20:41 -------- d-----w- c:\program files\iTunes
2011-09-12 23:46 . 2011-09-12 23:46 -------- d-----w- c:\program files\ESET
2011-09-10 01:07 . 2011-09-10 01:07 -------- d--h--w- c:\windows\PIF
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-08-31 19:56 . 2011-08-31 21:18 -------- d-----w- C:\COMBO-FIX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 18:48 . 2008-04-04 00:06 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-30 18:17 . 2011-06-22 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-09-10 14:44 . 2011-05-08 01:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-31_21.01.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-14 16:59 . 2011-09-14 16:59 22016 c:\windows\Installer\2b0ec8.msi
- 2008-03-13 23:43 . 2011-06-17 01:20 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-06 01:07 . 2011-08-27 20:32 5852 c:\windows\system32\KGyGaAvL.sys
+ 2008-04-06 01:07 . 2011-09-06 17:21 5852 c:\windows\system32\KGyGaAvL.sys
- 2008-03-13 23:43 . 2011-06-17 01:20 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-09-13 20:42 . 2011-09-13 20:42 380928 c:\windows\Installer\{69995C7A-062A-4A90-A4DF-8C22895DF522}\iTunesIco.exe
+ 2011-01-14 11:10 . 2011-01-14 11:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-09-10 00:59 . 2011-09-10 00:59 278528 c:\windows\ERDNT\AutoBackup\9-9-2011\Users\00000002\UsrClass.dat
+ 2011-09-10 00:59 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-9-2011\ERDNT.EXE
+ 2011-09-06 15:21 . 2011-09-06 15:21 278528 c:\windows\ERDNT\AutoBackup\9-6-2011\Users\00000002\UsrClass.dat
+ 2011-09-06 15:21 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-6-2011\ERDNT.EXE
+ 2011-09-05 16:57 . 2011-09-05 16:57 278528 c:\windows\ERDNT\AutoBackup\9-5-2011\Users\00000002\UsrClass.dat
+ 2011-09-05 16:57 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-5-2011\ERDNT.EXE
+ 2011-09-04 23:28 . 2011-09-04 23:28 278528 c:\windows\ERDNT\AutoBackup\9-4-2011\Users\00000002\UsrClass.dat
+ 2011-09-04 23:28 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-4-2011\ERDNT.EXE
+ 2011-09-21 17:19 . 2011-09-21 17:19 278528 c:\windows\ERDNT\AutoBackup\9-21-2011\Users\00000002\UsrClass.dat
+ 2011-09-21 17:20 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-21-2011\ERDNT.EXE
+ 2011-09-17 16:54 . 2011-09-17 16:54 278528 c:\windows\ERDNT\AutoBackup\9-17-2011\Users\00000002\UsrClass.dat
+ 2011-09-17 16:54 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-17-2011\ERDNT.EXE
+ 2011-09-17 00:00 . 2011-09-17 00:00 278528 c:\windows\ERDNT\AutoBackup\9-16-2011\Users\00000002\UsrClass.dat
+ 2011-09-17 00:00 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-16-2011\ERDNT.EXE
+ 2011-09-14 16:13 . 2011-09-14 16:13 278528 c:\windows\ERDNT\AutoBackup\9-14-2011\Users\00000002\UsrClass.dat
+ 2011-09-14 16:13 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-14-2011\ERDNT.EXE
+ 2011-09-13 12:22 . 2011-09-13 12:22 278528 c:\windows\ERDNT\AutoBackup\9-13-2011\Users\00000002\UsrClass.dat
+ 2011-09-13 12:22 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-13-2011\ERDNT.EXE
+ 2011-09-12 18:45 . 2011-09-12 18:45 278528 c:\windows\ERDNT\AutoBackup\9-12-2011\Users\00000002\UsrClass.dat
+ 2011-09-12 18:45 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-12-2011\ERDNT.EXE
+ 2011-09-10 14:41 . 2011-09-10 14:41 278528 c:\windows\ERDNT\AutoBackup\9-10-2011\Users\00000002\UsrClass.dat
+ 2011-09-10 14:41 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-10-2011\ERDNT.EXE
+ 2011-09-13 20:42 . 2011-09-13 20:42 5467136 c:\windows\Installer\5b9be.msi
+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\26740d.msp
+ 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\2673fc.msp
+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\2673eb.msp
+ 2011-07-21 16:34 . 2011-07-21 16:34 3456000 c:\windows\Installer\2673db.msp
+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\2673d0.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\2673bf.msp
- 2008-03-13 23:43 . 2011-06-17 01:20 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-01-14 11:10 . 2011-01-14 11:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2011-09-10 00:59 . 2011-09-10 00:59 3141632 c:\windows\ERDNT\AutoBackup\9-9-2011\Users\00000001\ntuser.dat
+ 2011-09-06 15:21 . 2011-09-06 15:21 3141632 c:\windows\ERDNT\AutoBackup\9-6-2011\Users\00000001\ntuser.dat
+ 2011-09-05 16:56 . 2011-09-05 16:57 3133440 c:\windows\ERDNT\AutoBackup\9-5-2011\Users\00000001\ntuser.dat
+ 2011-09-04 23:28 . 2011-09-04 23:28 3133440 c:\windows\ERDNT\AutoBackup\9-4-2011\Users\00000001\ntuser.dat
+ 2011-09-21 17:19 . 2011-09-21 17:19 3153920 c:\windows\ERDNT\AutoBackup\9-21-2011\Users\00000001\ntuser.dat
+ 2011-09-17 16:54 . 2011-09-17 16:54 3153920 c:\windows\ERDNT\AutoBackup\9-17-2011\Users\00000001\ntuser.dat
+ 2011-09-17 00:00 . 2011-09-17 00:00 3153920 c:\windows\ERDNT\AutoBackup\9-16-2011\Users\00000001\ntuser.dat
+ 2011-09-14 16:13 . 2011-09-14 16:13 3141632 c:\windows\ERDNT\AutoBackup\9-14-2011\Users\00000001\ntuser.dat
+ 2011-09-13 12:22 . 2011-09-13 12:22 3141632 c:\windows\ERDNT\AutoBackup\9-13-2011\Users\00000001\ntuser.dat
+ 2011-09-12 18:45 . 2011-09-12 18:45 3141632 c:\windows\ERDNT\AutoBackup\9-12-2011\Users\00000001\ntuser.dat
+ 2011-09-10 14:41 . 2011-09-10 14:41 3141632 c:\windows\ERDNT\AutoBackup\9-10-2011\Users\00000001\ntuser.dat
+ 2009-03-20 00:59 . 2011-09-15 00:58 46249416 c:\windows\system32\MRT.exe
+ 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OART.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-12 2076512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\Kiddies\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-13 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 14:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 926\\dlcxmon.exe"=
"c:\\Program Files\\Linksys\\WUSB54GSC\\WUSB54GSC.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2008 8:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2008 8:06 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2008 8:06 PM 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/25/2010 10:30 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/25/2010 10:30 AM 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [4/2/2008 7:47 PM 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 5:57 PM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 19:40]
.
2011-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://free.avg.com/ww.homepage-tlbrf
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-21 14:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys\WUSB54GSC\WLService.exe
c:\program files\Linksys\WUSB54GSC\WUSB54GSC.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2011-09-21 14:39:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-21 18:38
ComboFix2.txt 2011-09-06 01:49
ComboFix3.txt 2011-09-05 02:41
ComboFix4.txt 2011-08-31 23:48
ComboFix5.txt 2011-09-21 17:40
.
Pre-Run: 473,422,430,208 bytes free
Post-Run: 473,529,610,240 bytes free
.
- - End Of File - - 8A269A71A6280886C60F07BDB0B83781
Hi Ken, here are the Extras and OTL files...Greg
Ken, the only way to fit this file was to zip it, hope it helps. Greg
OTL logfile created on: 9/21/2011 4:43:50 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Greg\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 84.16% Memory free
4.84 Gb Paging File | 4.10 Gb Available in Paging File | 84.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.40 Gb Total Space | 441.04 Gb Free Space | 95.38% Space Free | Partition Type: NTFS
Computer Name: D9BJXTF1 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\Linksys\WUSB54GSC\WLService.exe (GEMTEKS)
========== Modules (No Company Name) ==========
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e144f4b7\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_47d53a12\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ad779118\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d9d19370\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bac3bd0\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxprpr.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxdrui.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxdr.dll ()
MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll ()
MOD - C:\WINDOWS\system32\DLPRMON.DLL ()
MOD - C:\Program Files\Dell PC Fax\ipcmt.dll ()
MOD - C:\WINDOWS\system32\dlcxcaps.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxcfg.dll ()
MOD - C:\WINDOWS\system32\dlcxcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll ()
MOD - C:\WINDOWS\system32\dlcxdrs.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxhpec.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxflib.dll ()
MOD - C:\WINDOWS\system32\dlcxcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\Security.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\GEMWEP.DLL ()
========== Win32 Services (SafeList) ==========
SRV - (WUSB54GSC) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (atidgllk) -- C:\dell\drivers\R169419\atidgllk.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://free.avg.com/ww.homepage-tlbrf
IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
FF - prefs.js..browser.startup.homepage: " WWW.GOOGLE.COM"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/12 14:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/13 12:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 10:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 13:22:42 | 000,000,000 | ---D | M]
[2008/12/15 12:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions
[2011/01/28 11:40:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/16 18:49:57 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/14 16:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/13 12:43:11 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/09/10 10:44:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/07 21:03:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/08/12 04:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
O1 HOSTS File: ([2011/09/21 14:22:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477A5AC8-5CBC-4C60-BA9C-A2AF7719E1D3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/21 15:10:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\ApplicationHistory
[2011/09/21 14:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/21 13:38:27 | 000,000,000 | ---D | C] -- C:\COMBO-FIX4520C
[2011/09/21 13:35:22 | 000,000,000 | ---D | C] -- C:\COMBO-FIX17960C
[2011/09/14 19:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/14 13:59:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/13 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/12 21:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\New Folder
[2011/09/12 19:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/12 14:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\GooredFix Backups
[2011/09/12 14:48:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/06 11:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\tdsskiller
[2011/09/05 20:54:16 | 000,000,000 | ---D | C] -- C:\COMBO-FIX30049C
[2011/09/05 20:47:55 | 000,000,000 | ---D | C] -- C:\COMBO-FIX12903C
[2011/09/04 20:57:59 | 000,000,000 | ---D | C] -- C:\COMBO-FIX24678C
[2011/09/04 20:54:45 | 000,000,000 | ---D | C] -- C:\COMBO-FIX18701C
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 18:57:18 | 000,000,000 | ---D | C] -- C:\COMBO-FIX13920C
[2011/08/31 16:13:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 15:57:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 15:57:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 15:57:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 15:57:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 15:56:06 | 000,000,000 | ---D | C] -- C:\COMBO-FIX
[2011/08/31 15:40:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 15:31:02 | 004,222,691 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/08/31 11:39:01 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Greg\Desktop\RootRepeal.exe
[2011/08/30 23:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\My Documents\My Received Files
[2011/08/27 19:56:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools
[2008/04/02 15:56:23 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2008/04/02 15:55:31 | 000,385,928 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2008/04/02 15:55:30 | 000,537,480 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2008/04/02 15:55:29 | 000,381,832 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/21 16:41:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/21 16:04:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/21 14:22:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/21 14:21:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/21 14:21:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/21 14:21:00 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/21 13:36:22 | 004,222,691 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/09/21 13:15:14 | 086,494,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/21 13:11:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/17 19:01:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2011/09/14 20:58:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 19:26:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 14:29:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:07:46 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/14 13:59:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:41:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/12 20:36:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Microsoft Office Word 2007.lnk
[2011/09/12 14:48:56 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/09/12 14:48:05 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/08 14:41:34 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/06 13:21:58 | 000,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/06 13:21:57 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\5018098FE8.sys
[2011/09/06 13:21:13 | 000,019,574 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:10 | 000,008,761 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:59 | 001,384,962 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 16:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/31 11:38:18 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:40 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/30 14:17:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/27 20:03:08 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/27 20:02:54 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\NTREGOPT.lnk
[2011/08/27 20:02:54 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\ERUNT.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tusijozo
[2011/09/14 19:26:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 15:53:35 | 000,089,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/14 14:29:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:00:19 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/13 16:41:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/09 23:32:55 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/09 21:07:09 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/06 13:21:13 | 000,019,574 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:41 | 000,008,761 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:57 | 001,384,962 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 15:57:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 15:57:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 15:57:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 15:57:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 15:57:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/31 11:38:18 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:31 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:47 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/27 20:03:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/27 20:02:54 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\NTREGOPT.lnk
[2011/08/27 20:02:54 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\ERUNT.lnk
[2011/01/22 13:21:17 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/30 21:03:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2009/03/08 21:01:34 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/26 13:19:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/11/26 13:19:18 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/04/05 21:07:20 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5018098FE8.sys
[2008/04/05 21:07:19 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/03 19:16:04 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/02 19:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:56:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/04/02 15:56:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/04/02 15:56:23 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/04/02 15:55:30 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/04/02 15:55:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2008/04/02 15:53:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:50:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/13 19:20:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/13 19:16:37 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/13 19:16:36 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/03/13 19:16:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/03/13 19:16:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/03/13 19:16:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/13 19:15:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:36 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,443,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2010/12/09 18:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1038A
[2010/10/26 17:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/23 21:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 16:12:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/19 20:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iNp06504gIpPp06504
[2008/03/13 19:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/23 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2008/03/13 19:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/01/03 18:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/19 20:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG9
[2011/08/27 21:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\imeshmediabartb
[2011/04/03 16:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kiddies\Application Data\AVG9
[2011/08/30 23:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kiddies\Application Data\imeshmediabartb
[2011/03/02 17:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kiddies\Application Data\PCDr
[2009/07/05 13:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kiddies\Application Data\VirtualStore
========== Purity Check ==========
< End of report >
Hi
after i posted last i was called away, I have very little internet access where im, i am on my phone and cant open the attachment, i hopefully will
Be back later today
Hi,
Let do this
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Let me know how things are running after the fix
Hello Ken,
Here is the latest OTL scan file after running fix. Thank you.
OTL logfile created on: 9/23/2011 10:59:14 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Greg\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.72% Memory free
4.84 Gb Paging File | 4.07 Gb Available in Paging File | 84.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.40 Gb Total Space | 441.33 Gb Free Space | 95.44% Space Free | Partition Type: NTFS
Computer Name: D9BJXTF1 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\Linksys\WUSB54GSC\WLService.exe (GEMTEKS)
========== Modules (No Company Name) ==========
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e144f4b7\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_47d53a12\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ad779118\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d9d19370\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bac3bd0\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll ()
MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll ()
MOD - C:\WINDOWS\system32\DLPRMON.DLL ()
MOD - C:\Program Files\Dell PC Fax\ipcmt.dll ()
MOD - C:\WINDOWS\system32\dlcxcaps.dll ()
MOD - C:\WINDOWS\system32\dlcxcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll ()
MOD - C:\WINDOWS\system32\dlcxdrs.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll ()
MOD - C:\WINDOWS\system32\dlcxcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\Security.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\GEMWEP.DLL ()
========== Win32 Services (SafeList) ==========
SRV - (WUSB54GSC) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (atidgllk) -- C:\dell\drivers\R169419\atidgllk.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://free.avg.com/ww.homepage-tlbrf
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: " WWW.GOOGLE.COM"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/12 14:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/13 12:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 10:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 13:22:42 | 000,000,000 | ---D | M]
[2008/12/15 12:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions
[2011/01/28 11:40:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/16 18:49:57 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/14 16:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/13 12:43:11 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/09/10 10:44:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/07 21:03:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/08/12 04:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
O1 HOSTS File: ([2011/09/23 22:53:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477A5AC8-5CBC-4C60-BA9C-A2AF7719E1D3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/23 22:52:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/21 15:10:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\ApplicationHistory
[2011/09/21 14:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/21 13:38:27 | 000,000,000 | ---D | C] -- C:\COMBO-FIX4520C
[2011/09/21 13:35:22 | 000,000,000 | ---D | C] -- C:\COMBO-FIX17960C
[2011/09/14 19:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/14 13:59:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/13 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/12 21:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\New Folder
[2011/09/12 19:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/12 14:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\GooredFix Backups
[2011/09/12 14:48:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/06 11:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\tdsskiller
[2011/09/05 20:54:16 | 000,000,000 | ---D | C] -- C:\COMBO-FIX30049C
[2011/09/05 20:47:55 | 000,000,000 | ---D | C] -- C:\COMBO-FIX12903C
[2011/09/04 20:57:59 | 000,000,000 | ---D | C] -- C:\COMBO-FIX24678C
[2011/09/04 20:54:45 | 000,000,000 | ---D | C] -- C:\COMBO-FIX18701C
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 18:57:18 | 000,000,000 | ---D | C] -- C:\COMBO-FIX13920C
[2011/08/31 16:13:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 15:57:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 15:57:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 15:57:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 15:57:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 15:56:06 | 000,000,000 | ---D | C] -- C:\COMBO-FIX
[2011/08/31 15:40:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 15:31:02 | 004,222,691 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/08/31 11:39:01 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Greg\Desktop\RootRepeal.exe
[2011/08/30 23:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\My Documents\My Received Files
[2011/08/27 19:56:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools
[2008/04/02 15:56:23 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2008/04/02 15:55:31 | 000,385,928 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2008/04/02 15:55:30 | 000,537,480 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2008/04/02 15:55:29 | 000,381,832 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
========== Files - Modified Within 30 Days ==========
[2011/09/23 23:01:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/23 22:55:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 22:55:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/23 22:55:25 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 22:53:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/23 18:13:17 | 086,583,278 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/22 16:04:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/22 15:27:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/21 13:36:22 | 004,222,691 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/09/17 19:01:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2011/09/14 20:58:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 19:26:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 14:29:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:07:46 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/14 13:59:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:41:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/12 20:36:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Microsoft Office Word 2007.lnk
[2011/09/12 14:48:56 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/09/12 14:48:05 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/08 14:41:34 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/06 13:21:58 | 000,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/06 13:21:57 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\5018098FE8.sys
[2011/09/06 13:21:13 | 000,019,574 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:10 | 000,008,761 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:59 | 001,384,962 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 16:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/31 11:38:18 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:40 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/30 14:17:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/27 20:03:08 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/27 20:02:54 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\NTREGOPT.lnk
[2011/08/27 20:02:54 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\ERUNT.lnk
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tusijozo
[2011/09/14 19:26:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 15:53:35 | 000,089,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/14 14:29:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:00:19 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/13 16:41:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/09 23:32:55 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/09 21:07:09 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/06 13:21:13 | 000,019,574 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:41 | 000,008,761 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:57 | 001,384,962 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 15:57:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 15:57:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 15:57:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 15:57:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 15:57:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/31 11:38:18 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:31 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:47 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/27 20:03:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/27 20:02:54 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\NTREGOPT.lnk
[2011/08/27 20:02:54 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\ERUNT.lnk
[2011/01/22 13:21:17 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/30 21:03:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2009/03/08 21:01:34 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/26 13:19:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/11/26 13:19:18 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/04/05 21:07:20 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5018098FE8.sys
[2008/04/05 21:07:19 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/03 19:16:04 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/02 19:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:56:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/04/02 15:56:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/04/02 15:56:23 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/04/02 15:55:30 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/04/02 15:55:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2008/04/02 15:53:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:50:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/13 19:20:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/13 19:16:37 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/13 19:16:36 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/03/13 19:16:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/03/13 19:16:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/03/13 19:16:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/13 19:15:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:36 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,443,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== Custom Scans ==========
< :processes >
< killallprocesses >
< >
< :OTL >
< PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) >
< FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search" >
< >
< >
< :Services >
< >
< :Reg >
< >
< :Files >
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.242
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
< >
< >
< >
< >
< >
< :Commands >
< [purity] >
< [resethosts] >
< [emptytemp] >
< [start explorer] >
< [Reboot] >
< End of report >
Hi,
I cant see on the log from the fix if the hosts file was replaced, we need to remove one more entry so lets try it again.
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
:Services
:Reg
:Files
C:\Program Files\iMesh Applications
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
1. Post the log from the fix
2. Run a new OTL scan and post a new log
3. Let me know if the redirects have stopped
Hi Ken,
Below is the latest OTL scan, Thank you. Greg
User: Greg
->Temp folder emptied: 685496 bytes
->Temporary Internet Files folder emptied: 4193493 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13155027 bytes
->Flash cache emptied: 456 bytes
User: Kiddies
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14415 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 17.00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 09242011_124516
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Greg\Local Settings\Temp\config.dat scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Greg\Local Settings\Temp\Perflib_Perfdata_a50.dat not found!
File\Folder C:\Documents and Settings\Greg\Local Settings\Temp\Perflib_Perfdata_e60.dat not found!
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\XG6WNTGG\adholder[1].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\XG6WNTGG\CARMN2RK.htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\XG6WNTGG\login_status[1].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\OHY3CLYB\emily[1].htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\OHY3CLYB\meviomusicvideos.mevio[1] moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\OHY3CLYB\rubicon_sync[1].htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\base.ie6[1].css moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\data_sync[1].htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\fw-nonplayer-banner[1].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\fw-nonplayer-banner[2].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\pixel[1].ROZOv84PFESr_s8Ey0Rlari_wHedhsl&redirectURL=;ord=077dca2c-7e30-46c7-9608-9fdd57484bb1 moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\xd_receiver[1].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\ads.ie6[1].css moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\bristol-palin-gets-in-to-an-argument[1] moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\CACX6F8H moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\CAG9IJWX.htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\fw-nonplayer-banner[1].php moved successfully.
Registry entries deleted on Reboot...
1. Post the log from the fix
2. Run a new OTL scan and post a new log
3. Let me know if the redirects have stopped
Greg,
Have not heard from you. You have to understand that I am not sitting in front of your computer to see whats going on, your my eyes and ears, if I dont get the logs and comments from you that I ask for then I cant help you, you need to read what I post
This was from Post #70 after the last fix
1. Post the log from the fix <--You posted this
I still need these
2. Run a new OTL scan and post a new log
3. Let me know if the redirects have stopped
Ken,
I apologize for my absence. The computer is still redirecting on searches, to get around that I cut and paste addresses and go directly to sites.
OTL logfile created on: 9/27/2011 2:23:17 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Greg\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.24% Memory free
4.84 Gb Paging File | 3.75 Gb Available in Paging File | 77.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.40 Gb Total Space | 441.14 Gb Free Space | 95.40% Space Free | Partition Type: NTFS
Computer Name: D9BJXTF1 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\Linksys\WUSB54GSC\WLService.exe (GEMTEKS)
========== Modules (No Company Name) ==========
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e144f4b7\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_47d53a12\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ad779118\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d9d19370\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bac3bd0\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll ()
MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll ()
MOD - C:\WINDOWS\system32\DLPRMON.DLL ()
MOD - C:\Program Files\Dell PC Fax\ipcmt.dll ()
MOD - C:\WINDOWS\system32\dlcxcaps.dll ()
MOD - C:\WINDOWS\system32\dlcxcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll ()
MOD - C:\WINDOWS\system32\dlcxdrs.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll ()
MOD - C:\WINDOWS\system32\dlcxcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\Security.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\GEMWEP.DLL ()
========== Win32 Services (SafeList) ==========
SRV - (WUSB54GSC) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (atidgllk) -- C:\dell\drivers\R169419\atidgllk.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://free.avg.com/ww.homepage-tlbrf
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: " WWW.GOOGLE.COM"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/12 14:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/13 12:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 10:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 13:22:42 | 000,000,000 | ---D | M]
[2008/12/15 12:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions
[2011/01/28 11:40:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/16 18:49:57 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/24 12:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/13 12:43:11 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/09/10 10:44:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/07 21:03:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/08/12 04:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
O1 HOSTS File: ([2011/09/24 12:45:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477A5AC8-5CBC-4C60-BA9C-A2AF7719E1D3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/23 22:52:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/21 15:10:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\ApplicationHistory
[2011/09/21 14:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/21 13:38:27 | 000,000,000 | ---D | C] -- C:\COMBO-FIX4520C
[2011/09/21 13:35:22 | 000,000,000 | ---D | C] -- C:\COMBO-FIX17960C
[2011/09/14 19:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/14 13:59:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/13 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/12 21:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\New Folder
[2011/09/12 19:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/12 14:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\GooredFix Backups
[2011/09/12 14:48:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/06 11:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\tdsskiller
[2011/09/05 20:54:16 | 000,000,000 | ---D | C] -- C:\COMBO-FIX30049C
[2011/09/05 20:47:55 | 000,000,000 | ---D | C] -- C:\COMBO-FIX12903C
[2011/09/04 20:57:59 | 000,000,000 | ---D | C] -- C:\COMBO-FIX24678C
[2011/09/04 20:54:45 | 000,000,000 | ---D | C] -- C:\COMBO-FIX18701C
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 18:57:18 | 000,000,000 | ---D | C] -- C:\COMBO-FIX13920C
[2011/08/31 16:13:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 15:57:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 15:57:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 15:57:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 15:57:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 15:56:06 | 000,000,000 | ---D | C] -- C:\COMBO-FIX
[2011/08/31 15:40:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 15:31:02 | 004,222,691 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/08/31 11:39:01 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Greg\Desktop\RootRepeal.exe
[2011/08/30 23:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\My Documents\My Received Files
[2008/04/02 15:56:23 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2008/04/02 15:55:31 | 000,385,928 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2008/04/02 15:55:30 | 000,537,480 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2008/04/02 15:55:29 | 000,381,832 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
========== Files - Modified Within 30 Days ==========
[2011/09/27 14:21:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/27 14:04:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/27 14:04:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/27 13:04:04 | 086,688,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/27 12:59:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/27 12:59:48 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 16:32:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2011/09/24 12:45:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/22 15:27:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/21 13:36:22 | 004,222,691 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/09/14 20:58:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 19:26:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 14:29:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:07:46 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/14 13:59:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:41:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/12 20:36:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Microsoft Office Word 2007.lnk
[2011/09/12 14:48:56 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/09/12 14:48:05 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/08 14:41:34 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/06 13:21:58 | 000,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/06 13:21:57 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\5018098FE8.sys
[2011/09/06 13:21:13 | 000,019,574 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:10 | 000,008,761 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:59 | 001,384,962 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 16:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/31 11:38:18 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:40 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/30 14:17:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tusijozo
[2011/09/14 19:26:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 15:53:35 | 000,089,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/14 14:29:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:00:19 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/13 16:41:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/09 23:32:55 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/09 21:07:09 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/06 13:21:13 | 000,019,574 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:41 | 000,008,761 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:57 | 001,384,962 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 15:57:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 15:57:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 15:57:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 15:57:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 15:57:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/31 11:38:18 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:31 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:47 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/01/22 13:21:17 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/30 21:03:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2009/03/08 21:01:34 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/26 13:19:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/11/26 13:19:18 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/04/05 21:07:20 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5018098FE8.sys
[2008/04/05 21:07:19 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/03 19:16:04 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/02 19:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:56:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/04/02 15:56:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/04/02 15:56:23 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/04/02 15:55:30 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/04/02 15:55:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2008/04/02 15:53:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:50:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/13 19:20:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/13 19:16:37 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/13 19:16:36 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/03/13 19:16:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/03/13 19:16:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/03/13 19:16:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/13 19:15:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:36 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,443,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
< End of report >
Thank You.
Hi,
The log from the fix is not showing that the DNS Cache was emptied and also does not show that the hosts file was replaced. Run this quick fix and post the log from the fix.
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Let me know if this new fix stopped the redirects
You also have a file with a date for 2099, strange, we will check that next
C:\WINDOWS\System32\tusijozo
Hi Ken,
Heres the log from the latest OTL fix you had me run. Just want to thank you for your patients with this fix. Greg
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Greg\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Greg\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Greg
->Temp folder emptied: 652756 bytes
->Temporary Internet Files folder emptied: 58302225 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89179682 bytes
->Flash cache emptied: 4836 bytes
User: Kiddies
->Temp folder emptied: 652757 bytes
->Temporary Internet Files folder emptied: 54126906 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 125948151 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1640 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14621 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 314.00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 09282011_203459
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Greg\Local Settings\Temp\config.dat scheduled to be moved on reboot.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\8T3032FC\dns_err[1].htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\8T3032FC\dns_err[2].htm moved successfully.
File\Folder C:\WINDOWS\temp\1a5e6605-75ec-42e0-b866-ea21a260541d.tmp not found!
Registry entries deleted on Reboot...
Still redirecting.:confused:
Are both IE and Firefox redirecting or is just one of them
Open IE and go to Tools > Internet Options> Advanced Tab> Reset Internet Explorer Setting> Reset .......this will take a few moments, then close IE and reopen it and let me know if the redirects have stopped with IE
Ken, redirects have stopped on IE, but persist on Firefox, in fact I now have some type of audio cookie where im getting pharmaceutical ads,petsmart and such. For the life of me I cannot find where this is coming from, even if I close the wind it still plays........Greg
This is what I would do, is completely uninstall Firefox, use this free utility to uninstall it along with all the registry entries.
http://www.revouninstaller.com/revo_uninstaller_free_download.html
Then go into Program Files and if there is still a Firefox folder, delete it.
We will install the latest version in a bit, but lets rerun this program, those adds through the speakers can mean trouble.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Have the adds through the speakers just occurred or has this been present all along since you posted. A combination of browser redirects and adds through the speakers could mean a possible Whistler Rootkit infection, I need you to run aswMBR, if it asks to update the definitions, do so, then post the new log
Ken, the first audio was last night, it was very strange kind of like a radio station with ads, but I could hear what sounded like teenagers say how they knew all aspects of someone life and could do anything through there computer...no specific names were ever mentioned.
I will follow your latest instructions and post results.
Greg
Ken, I followed your instructions, however aswMBR will not run a scan? Greg
Hey,
Sorry your having so many problems, but some of this garbage is really hard to remove, lets try a few things.
Try running aswMBR in Safemode
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
If still a no go, then if you still have Combofix on your desktop, drag it to the trash and download and run a fresh new copy
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Hi Ken, just to keep you up to date I removed Firefox successfully, but could not run aswMBR it would not start. I also had to update IE to version 8, im not sure if this will effect anything ...just letting you know. I will try aswMSB in safe mode and post.
Thanks..Greg
Ken,
Heres the latest Combofix log..Thanks
ComboFix 11-09-30.05 - Greg 10/01/2011 10:52:40.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2397 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))
.
.
2011-10-01 00:04 . 2011-10-01 00:04 -------- d-sh--w- c:\documents and settings\Greg\PrivacIE
2011-10-01 00:03 . 2011-10-01 00:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-01 00:03 . 2011-10-01 00:03 -------- d-sh--w- c:\documents and settings\Greg\IETldCache
2011-09-30 23:58 . 2011-09-30 23:58 -------- dc-h--w- c:\windows\ie8
2011-09-30 23:56 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-09-30 23:56 . 2011-06-23 18:36 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-30 23:56 . 2011-06-23 18:36 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-30 23:56 . 2011-06-23 18:36 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-30 23:56 . 2011-06-23 18:36 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-09-30 23:56 . 2011-06-23 18:36 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-30 23:56 . 2011-06-23 18:36 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-09-30 23:56 . 2011-06-23 18:36 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-09-30 23:31 . 2011-09-30 23:31 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\VS Revo Group
2011-09-30 23:31 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-09-30 23:31 . 2011-09-30 23:31 -------- d-----w- c:\program files\VS Revo Group
2011-09-24 02:52 . 2011-09-24 02:52 -------- d-----w- C:\_OTL
2011-09-21 18:59 . 2011-09-28 18:40 -------- d-----w- c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory
2011-09-21 18:22 . 2011-10-01 14:19 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory
2011-09-21 17:38 . 2011-09-21 18:39 -------- d-----w- C:\COMBO-FIX4520C
2011-09-21 17:35 . 2011-09-21 17:37 -------- d-----w- C:\COMBO-FIX17960C
2011-09-14 23:27 . 2011-09-14 23:27 -------- d-----w- c:\documents and settings\Greg\Application Data\SUPERAntiSpyware.com
2011-09-14 23:26 . 2011-09-30 00:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-14 23:26 . 2011-09-14 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-13 20:39 . 2011-09-13 20:40 -------- d-----w- c:\program files\iPod
2011-09-13 20:39 . 2011-09-13 20:41 -------- d-----w- c:\program files\iTunes
2011-09-12 23:46 . 2011-09-12 23:46 -------- d-----w- c:\program files\ESET
2011-09-10 01:07 . 2011-09-10 01:07 -------- d--h--w- c:\windows\PIF
2011-09-06 00:54 . 2011-09-06 01:50 -------- d-----w- C:\COMBO-FIX30049C
2011-09-06 00:47 . 2011-09-06 00:53 -------- d-----w- C:\COMBO-FIX12903C
2011-09-05 00:57 . 2011-09-05 02:42 -------- d-----w- C:\COMBO-FIX24678C
2011-09-05 00:54 . 2011-09-05 00:56 -------- d-----w- C:\COMBO-FIX18701C
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 18:48 . 2008-04-04 00:06 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-30 18:17 . 2011-06-22 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-21_18.23.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-13 23:37 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-03-13 23:37 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 17:51 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-10 17:51 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-10 17:51 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2010-09-09 14:16 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 08:34 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 08:24 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-10 17:50 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-10 17:50 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2011-10-01 00:00 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-10-01 00:00 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-10-01 00:00 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-10-01 00:00 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 37888 c:\windows\ie8\url.dll
+ 2011-09-30 23:58 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll
+ 2011-09-30 23:58 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe
+ 2011-09-30 23:58 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe
+ 2011-09-30 23:58 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 81920 c:\windows\ie8\ieencode.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe
+ 2011-09-30 23:58 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll
+ 2011-10-01 00:00 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
+ 2008-08-27 14:58 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
- 2008-08-27 14:58 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 916480 c:\windows\system32\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-10 17:51 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
+ 2004-08-10 17:51 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-10 17:51 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 17:51 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-10 17:51 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 17:51 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-04-21 06:44 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2011-06-17 01:04 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2011-06-21 18:18 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-03-08 08:34 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2010-11-05 05:05 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 18:09 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2010-02-26 05:43 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 18:09 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 08:32 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 17:50 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-10-01 00:00 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-10-01 00:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-10-01 00:00 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-10-01 00:00 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-10-01 00:00 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-10-01 00:00 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-10-01 00:00 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-10-01 00:00 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-10-01 00:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-10-01 00:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-10-01 00:00 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-10-01 00:01 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-10-01 00:00 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2011-10-01 00:00 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
+ 2011-09-30 23:58 . 2011-06-21 18:18 667136 c:\windows\ie8\wininet.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll
+ 2011-09-30 23:58 . 2011-04-29 19:07 852480 c:\windows\ie8\vgx.dll
+ 2011-09-30 23:58 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 633344 c:\windows\ie8\urlmon.dll
+ 2011-09-30 23:58 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-09-30 23:58 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-09-30 23:58 . 2011-06-21 18:18 532480 c:\windows\ie8\mstime.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll
+ 2011-09-30 23:58 . 2004-08-04 10:00 146432 c:\windows\ie8\msls31.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 449536 c:\windows\ie8\mshtmled.dll
+ 2011-09-30 23:58 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 251904 c:\windows\ie8\iepeers.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll
+ 2011-09-30 23:58 . 2004-08-04 10:00 221184 c:\windows\ie8\ieakui.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll
+ 2011-09-30 23:12 . 2011-09-30 23:12 278528 c:\windows\ERDNT\AutoBackup\9-30-2011\Users\00000002\UsrClass.dat
+ 2011-09-30 23:12 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-30-2011\ERDNT.EXE
+ 2011-09-30 00:00 . 2011-09-30 00:00 278528 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000002\UsrClass.dat
+ 2011-09-30 00:00 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2011\ERDNT.EXE
+ 2011-09-29 00:33 . 2011-09-29 00:33 278528 c:\windows\ERDNT\AutoBackup\9-28-2011\Users\00000002\UsrClass.dat
+ 2011-09-29 00:33 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-28-2011\ERDNT.EXE
+ 2011-09-27 18:05 . 2011-09-27 18:05 278528 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000002\UsrClass.dat
+ 2011-09-27 18:05 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-27-2011\ERDNT.EXE
+ 2011-09-25 04:45 . 2011-09-25 04:45 278528 c:\windows\ERDNT\AutoBackup\9-25-2011\Users\00000002\UsrClass.dat
+ 2011-09-25 04:45 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-25-2011\ERDNT.EXE
+ 2011-09-24 16:26 . 2011-09-24 16:26 278528 c:\windows\ERDNT\AutoBackup\9-24-2011\Users\00000002\UsrClass.dat
+ 2011-09-24 16:26 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-24-2011\ERDNT.EXE
+ 2011-09-24 02:39 . 2011-09-24 02:39 278528 c:\windows\ERDNT\AutoBackup\9-23-2011\Users\00000002\UsrClass.dat
+ 2011-09-24 02:39 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-23-2011\ERDNT.EXE
+ 2011-10-01 13:03 . 2011-10-01 13:03 278528 c:\windows\ERDNT\AutoBackup\10-1-2011\Users\00000002\UsrClass.dat
+ 2011-10-01 13:03 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\10-1-2011\ERDNT.EXE
+ 2004-08-10 17:51 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-06-26 08:15 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-21 06:44 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-10-01 00:00 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-09-30 23:58 . 2011-06-27 14:43 3084800 c:\windows\ie8\mshtml.dll
+ 2011-09-30 23:12 . 2011-09-30 23:12 3170304 c:\windows\ERDNT\AutoBackup\9-30-2011\Users\00000001\ntuser.dat
+ 2011-09-30 00:00 . 2011-09-30 00:00 3162112 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000001\ntuser.dat
+ 2011-09-29 00:33 . 2011-09-29 00:33 3170304 c:\windows\ERDNT\AutoBackup\9-28-2011\Users\00000001\ntuser.dat
+ 2011-09-27 18:05 . 2011-09-27 18:05 3170304 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000001\ntuser.dat
+ 2011-09-25 04:45 . 2011-09-25 04:45 3170304 c:\windows\ERDNT\AutoBackup\9-25-2011\Users\00000001\ntuser.dat
+ 2011-09-24 16:26 . 2011-09-24 16:26 3162112 c:\windows\ERDNT\AutoBackup\9-24-2011\Users\00000001\ntuser.dat
+ 2011-09-24 02:39 . 2011-09-24 02:39 3162112 c:\windows\ERDNT\AutoBackup\9-23-2011\Users\00000001\ntuser.dat
+ 2011-10-01 13:03 . 2011-10-01 13:03 3350528 c:\windows\ERDNT\AutoBackup\10-1-2011\Users\00000001\ntuser.dat
+ 2009-03-20 00:59 . 2011-09-28 16:35 47369160 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2011-10-01 00:00 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-30 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-12 2076512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\Kiddies\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-13 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 14:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 926\\dlcxmon.exe"=
"c:\\Program Files\\Linksys\\WUSB54GSC\\WUSB54GSC.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2008 8:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2008 8:06 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2008 8:06 PM 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/25/2010 10:30 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/25/2010 10:30 AM 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [11/26/2008 1:19 PM 53307]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [4/2/2008 7:47 PM 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 5:57 PM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [9/30/2011 7:31 PM 27064]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DATAMNGR - c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
AddRemove-iMesh MediaBar - c:\program files\iMesh Applications\MediaBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-01 11:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-10-01 11:37:09
ComboFix-quarantined-files.txt 2011-10-01 15:36
ComboFix2.txt 2011-09-21 18:39
ComboFix3.txt 2011-09-06 01:49
ComboFix4.txt 2011-09-05 02:41
ComboFix5.txt 2011-10-01 14:47
.
Pre-Run: 472,406,814,720 bytes free
Post-Run: 472,801,579,008 bytes free
.
- - End Of File - - BA35FF33FAFF2BB2FD1C1C7FE295D46C
Nothing really earth shattering removed and the rest of the log looks fine, lets try installing the new version of Firefox and see how it goes
http://firefox7.org/
Have the adds thru your speakers stopped ?
Hi Ken,
I reinstalled Firefox, but im afraid my computer is running very slowly, the audio pop ups still persist and AVG keeps blocking something called "Blackhole Exploit Kit (type 2055). The computer also keeps making a noise similar to when you close a window or turn the machine off. I realize the log indicated little in the way of problem....there are more now then before. Dont know what to do next..
Thanks, Greg
Hello Greg,
Read this
http://community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx
I think it would be in your best interest to back up all your data, documents and photos and do a format and reinstall of windows. If you need help with this let me know
Ken, I forgot to mention that I have a program on my desktop named "Open cloud AV" that I never down loaded. When I boot computer it prompt me that I have various serious virus threat and need to take action immediately, then the computer freezes.
Thank greg
Open Cloud is a trojan, its a fake anti virus program.
Try running Malwarebytes in safemode
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
In case you removed Malwarebytes
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Hi Ken,
I have to download Malware to my desktop, but now my AVG has been disabled, can I still go online without risking further damage. Im using my laptop now, thinking I would follow your instructions on the reinstall of windows. So tell me, am I the exception or is this type thuggery common. Thanks again...Greg
Well I tried downloading malwarebytes and I cannot. Everything is gone from my desktop and folders except IE and my recycle bin. i still have plenty of audio pop ups....:hair:
Hi,
Formatting and reinstalling windows would be your better option. Let me explain something, I have been at this for many years, when viruses first appeared with Windows 95, they where more of an annoyance then anything else, but not anymore, all this garbage is written by Cyber Criminals, I mean gangs of thieves stealing anything they can, most are off shore and hard to prosecute, the better percentage of this comes form the uKraine. You most likely are infected with a rootkit thats preventing us from running any malware removal programs. You can run this program to unhide your icons so you can go in and back anything up that you dont want to lose.
Just download this to your desktop and run it
http://download.bleepingcomputer.com/grinler/unhide.exe
We just do malware removal on this forum but post here for help if you need it to reinstall windows, all us forums work together so when you post link them to this thread so they can see what we have done. When you post I will find you and follow along and offer my two cents if its needed. By reinstalling a nice clean copy of windows your guaranteed to be free from infections and everything will be back to normal.
http://forums.whatthetech.com/index.php?showforum=119
Good luck,
Ken :)
Lets try one more program, if it fails than follow the instructions in my previous post
Step 1 | Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d
Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9E6A000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E4A000 fltmgr.sys
0xB9E38000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9E21000 KSecDD.sys
0xB9D94000 Ntfs.sys
0xB9D67000 NDIS.sys
0xB9D4D000 Mup.sys
0xBA108000 avgrkx86.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8BD1000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8BBD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8B7C000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8B58000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8B30000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8AFC000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB8AD9000 \SystemRoot\system32\DRIVERS\ks.sys
0xB89DA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB8933000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA480000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA7D3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA138000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D11000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB891C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA158000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB890B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA498000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB88AD000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8E7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA554000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA204000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA1E0000 \SystemRoot\system32\drivers\portcls.sys
0xAC187000 \SystemRoot\system32\drivers\drmk.sys
0xAC490000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA759000 \SystemRoot\System32\Drivers\Null.SYS
0xAB161000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA864B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA8F9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA8F97000 \SystemRoot\System32\drivers\vga.sys
0xBA66A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA66C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAB05F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAB057000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAB159000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA85F8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA859F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8565000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA853F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAB7B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAB165000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8517000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAB171000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA84D4000 \SystemRoot\System32\drivers\afd.sys
0xAAE28000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA84B2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xAB899000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8487000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8417000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAADD8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA450000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA83E3000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA8A9B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xAB869000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAB861000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8EBB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA83CB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC4A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xAB047000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0D1000 \SystemRoot\System32\atikvmag.dll
0xBF13D000 \SystemRoot\System32\atiok3x2.dll
0xBF16B000 \SystemRoot\System32\ati3duag.dll
0xBF468000 \SystemRoot\System32\ativvaxx.dll
0xBF5ED000 \SystemRoot\System32\ATMFD.DLL
0xA6162000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA60DC000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xAADF8000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA614E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA57C6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA57F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA867B000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA56CE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA5452000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA5235000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9837000 \SystemRoot\system32\drivers\sysaudio.sys
0xA52AE000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xA5147000 \SystemRoot\system32\drivers\kmixer.sys
0xA4225000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 53):
0 System Idle Process
4 System
652 C:\WINDOWS\system32\smss.exe
700 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
940 C:\WINDOWS\system32\ati2evxx.exe
968 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1420 svchost.exe
1564 C:\Program Files\AVG\AVG9\avgchsvx.exe
1688 C:\WINDOWS\system32\spoolsv.exe
1768 C:\WINDOWS\3238208952:1205533758.exe
284 svchost.exe
320 C:\Program Files\SUPERAntiSpyware\SASCore.exe
416 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
440 C:\Program Files\AVG\AVG9\avgwdsvc.exe
456 C:\Program Files\Bonjour\mDNSResponder.exe
516 C:\WINDOWS\system32\dlcxcoms.exe
1328 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1464 C:\WINDOWS\system32\svchost.exe
188 wdfmgr.exe
1352 C:\Program Files\Linksys\WUSB54GSC\WLService.exe
1860 C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
244 C:\Program Files\AVG\AVG9\avgam.exe
1652 C:\Program Files\AVG\AVG9\avgnsx.exe
2812 alg.exe
4032 C:\WINDOWS\explorer.exe
4044 C:\WINDOWS\system32\wscntfy.exe
1872 C:\WINDOWS\RTHDCPL.EXE
1880 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1908 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
1744 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2088 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2176 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
2368 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2892 C:\Program Files\QuickTime\QTTask.exe
3020 wmiprvse.exe
696 C:\Program Files\iTunes\iTunesHelper.exe
3224 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
180 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3360 C:\WINDOWS\system32\ctfmon.exe
3476 C:\Program Files\Internet Explorer\iexplore.exe
524 C:\WINDOWS\system32\svchost.exe
560 wmiprvse.exe
468 C:\Program Files\iPod\bin\iPodService.exe
1620 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1844 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
4004 F:\MBRCheck.exe
484 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.ADG
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d
Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9E6A000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E4A000 fltmgr.sys
0xB9E38000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9E21000 KSecDD.sys
0xB9D94000 Ntfs.sys
0xB9D67000 NDIS.sys
0xB9D4D000 Mup.sys
0xBA108000 avgrkx86.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8BD1000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8BBD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8B7C000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8B58000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8B30000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8AFC000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB8AD9000 \SystemRoot\system32\DRIVERS\ks.sys
0xB89DA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB8933000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA480000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA7D3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA138000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D11000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB891C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA158000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB890B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA498000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB88AD000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8E7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA554000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA204000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA1E0000 \SystemRoot\system32\drivers\portcls.sys
0xAC187000 \SystemRoot\system32\drivers\drmk.sys
0xAC490000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA759000 \SystemRoot\System32\Drivers\Null.SYS
0xAB161000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA864B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA8F9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA8F97000 \SystemRoot\System32\drivers\vga.sys
0xBA66A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA66C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAB05F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAB057000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAB159000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA85F8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA859F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8565000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA853F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAB7B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAB165000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8517000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAB171000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA84D4000 \SystemRoot\System32\drivers\afd.sys
0xAAE28000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA84B2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xAB899000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8487000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8417000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAADD8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA450000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA83E3000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA8A9B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xAB869000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAB861000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8EBB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA83CB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC4A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xAB047000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0D1000 \SystemRoot\System32\atikvmag.dll
0xBF13D000 \SystemRoot\System32\atiok3x2.dll
0xBF16B000 \SystemRoot\System32\ati3duag.dll
0xBF468000 \SystemRoot\System32\ativvaxx.dll
0xBF5ED000 \SystemRoot\System32\ATMFD.DLL
0xA6162000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA60DC000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xAADF8000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA614E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA57C6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA57F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA867B000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA56CE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA5452000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA5235000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9837000 \SystemRoot\system32\drivers\sysaudio.sys
0xA52AE000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xA5147000 \SystemRoot\system32\drivers\kmixer.sys
0xA4225000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 56):
0 System Idle Process
4 System
652 C:\WINDOWS\system32\smss.exe
700 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
940 C:\WINDOWS\system32\ati2evxx.exe
968 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1420 svchost.exe
1564 C:\Program Files\AVG\AVG9\avgchsvx.exe
1688 C:\WINDOWS\system32\spoolsv.exe
1768 C:\WINDOWS\3238208952:1205533758.exe
284 svchost.exe
320 C:\Program Files\SUPERAntiSpyware\SASCore.exe
416 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
440 C:\Program Files\AVG\AVG9\avgwdsvc.exe
456 C:\Program Files\Bonjour\mDNSResponder.exe
516 C:\WINDOWS\system32\dlcxcoms.exe
1328 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1464 C:\WINDOWS\system32\svchost.exe
188 wdfmgr.exe
1352 C:\Program Files\Linksys\WUSB54GSC\WLService.exe
1860 C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
244 C:\Program Files\AVG\AVG9\avgam.exe
1652 C:\Program Files\AVG\AVG9\avgnsx.exe
2812 alg.exe
4032 C:\WINDOWS\explorer.exe
4044 C:\WINDOWS\system32\wscntfy.exe
1872 C:\WINDOWS\RTHDCPL.EXE
1880 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1908 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
1744 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2088 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2176 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
2368 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2892 C:\Program Files\QuickTime\QTTask.exe
3020 wmiprvse.exe
696 C:\Program Files\iTunes\iTunesHelper.exe
3224 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
180 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3360 C:\WINDOWS\system32\ctfmon.exe
3476 C:\Program Files\Internet Explorer\iexplore.exe
524 C:\WINDOWS\system32\svchost.exe
3940 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3948 C:\WINDOWS\system32\wscript.exe
560 wmiprvse.exe
468 C:\Program Files\iPod\bin\iPodService.exe
1620 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2416 C:\Program Files\Internet Explorer\iexplore.exe
1844 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
2628 F:\MBRCheck.exe
1108 C:\Program Files\AVG\AVG9\avgui.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.ADG
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Ken, I ran both yes and no by mistake. I usde a flash drive to download program...Can I infect my laptop using this method? Thanks, Greg
Yes you can, but we can worry about that later.
Run MBRcheck again and do this
[2] Restore the MBR of a physical disk with a standard boot code.
Then reboot and post the logs
I'm sorry I dont know what a standard boot code is:red:
Try this
1. Run MBRCheck.exe
2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
3. Please push the 'Y' key and then press Enter
4. When program ask you Enter your choice: enter 2 and press the Enter key
5. Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
6. Enter 0 and press the Enter key.
7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
8. The program will prompt for confirmation. Type 'YES' and hit Enter.
9. Left click on the title bar (where program name and path is written).
10. From menu chose Edit -> Select All
11. Hit the Enter key on your keyboard to copy selected text.
12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
13. Restart your PC.
14. Post the text in "MBRCheck results.txt" here, please.
You have the patients of a saint....
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9E6A000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E4A000 fltmgr.sys
0xB9E38000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9E21000 KSecDD.sys
0xB9D94000 Ntfs.sys
0xB9D67000 NDIS.sys
0xB9D4D000 Mup.sys
0xBA108000 avgrkx86.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8BD1000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8BBD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8B7C000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8B58000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8B30000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8AFC000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB8AD9000 \SystemRoot\system32\DRIVERS\ks.sys
0xB89DA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB8933000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA480000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA7D3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA138000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D11000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB891C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA158000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB890B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA498000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB88AD000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8E7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA554000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA204000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA1E0000 \SystemRoot\system32\drivers\portcls.sys
0xAC187000 \SystemRoot\system32\drivers\drmk.sys
0xAC490000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA759000 \SystemRoot\System32\Drivers\Null.SYS
0xAB161000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA864B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA8F9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA8F97000 \SystemRoot\System32\drivers\vga.sys
0xBA66A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA66C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAB05F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAB057000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAB159000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA85F8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA859F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8565000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA853F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAB7B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAB165000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8517000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAB171000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA84D4000 \SystemRoot\System32\drivers\afd.sys
0xAAE28000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA84B2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xAB899000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8487000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8417000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAADD8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA450000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA83E3000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA8A9B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xAB869000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAB861000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8EBB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA83CB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC4A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xAB047000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0D1000 \SystemRoot\System32\atikvmag.dll
0xBF13D000 \SystemRoot\System32\atiok3x2.dll
0xBF16B000 \SystemRoot\System32\ati3duag.dll
0xBF468000 \SystemRoot\System32\ativvaxx.dll
0xBF5ED000 \SystemRoot\System32\ATMFD.DLL
0xA6162000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA60DC000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xAADF8000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA614E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA57C6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA57F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA867B000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA56CE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA5452000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA5235000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9837000 \SystemRoot\system32\drivers\sysaudio.sys
0xA52AE000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xA5147000 \SystemRoot\system32\drivers\kmixer.sys
0xA4225000 \SystemRoot\System32\Drivers\HTTP.sys
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 67):
0 System Idle Process
4 System
652 C:\WINDOWS\system32\smss.exe
700 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
940 C:\WINDOWS\system32\ati2evxx.exe
968 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1344 svchost.exe
1420 svchost.exe
1564 C:\Program Files\AVG\AVG9\avgchsvx.exe
1688 C:\WINDOWS\system32\spoolsv.exe
1768 C:\WINDOWS\3238208952:1205533758.exe
284 svchost.exe
320 C:\Program Files\SUPERAntiSpyware\SASCore.exe
416 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
440 C:\Program Files\AVG\AVG9\avgwdsvc.exe
456 C:\Program Files\Bonjour\mDNSResponder.exe
516 C:\WINDOWS\system32\dlcxcoms.exe
1328 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1464 C:\WINDOWS\system32\svchost.exe
188 wdfmgr.exe
1352 C:\Program Files\Linksys\WUSB54GSC\WLService.exe
1860 C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
244 C:\Program Files\AVG\AVG9\avgam.exe
1652 C:\Program Files\AVG\AVG9\avgnsx.exe
2812 alg.exe
4032 C:\WINDOWS\explorer.exe
4044 C:\WINDOWS\system32\wscntfy.exe
1872 C:\WINDOWS\RTHDCPL.EXE
1880 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1908 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
1744 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2088 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2176 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
2368 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2892 C:\Program Files\QuickTime\QTTask.exe
696 C:\Program Files\iTunes\iTunesHelper.exe
3224 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
180 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3360 C:\WINDOWS\system32\ctfmon.exe
3476 C:\Program Files\Internet Explorer\iexplore.exe
524 C:\WINDOWS\system32\svchost.exe
468 C:\Program Files\iPod\bin\iPodService.exe
1620 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1844 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
4496 csrss.exe
3912 C:\WINDOWS\system32\winlogon.exe
6120 explorer.exe
4660 RTHDCPL.EXE
2632 CLI.exe
6096 PDVDDXSrv.exe
3020 dlcxmon.exe
1200 MediaDetect.exe
5220 sprtcmd.exe
1340 avgtray.exe
3424 QTTask.exe
632 iTunesHelper.exe
3972 issch.exe
5704 ctfmon.exe
3980 msmsgs.exe
560 ONENOTEM.EXE
2400 CLI.exe
2448 C:\WINDOWS\system32\svchost.exe
5288 C:\Documents and Settings\Greg\Desktop\MBRCheck.exe
WARNING: Unsupported Windows version! Results may not be accurate!
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.ADG
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (UNKNOWN)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Out of memory!Could not read disk!
Done!
When I rebooted I've gotten a blue screen, A problem has been detected and windows was shut down to prevent damage. PAGE_FAULT_IN_NONPAGED_AREA appears. Also
Technical information:
***STOP:0x00000050 (0xf000c358, 0x00000001, 0x80637AF1, 0x00000002)
Ken, i'm in way over my head...Thanks Greg
See if it will restart. The MBR was infected,
Ken, it restarted. Please advise on next move. I have to shut down for the night. Thank you. Greg
You should be able to run aswMBR now, give it a shot and post the log and then also run DDS and post a new log
aswMBR will not run...please attach link for DDS. I seem to have lost it.
Thanks Greg
Have you tried aswMBR in Safemode ?
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Greg at 16:55:29 on 2011-10-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2217 [GMT -4:00]
.
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\3238208952:1205533758.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: adfabonppr Object: {26d02f99-ae5b-4533-ad67-e23b4b20d60d} - c:\windows\$blstun$\qgnnv.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: brumabonpgrm Object: {795f4311-02c9-4b7b-a9bb-78d4fe68a98d} - c:\windows\$blstun$\lmatn.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] c:\program files\dell photo aio printer 926\memcard.exe
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QNyxA1uvDoFpHs8234A] c:\windows\system32\FsWKfRL9gXjCkBz.exe
mRun: [volmgr] %APPDATA%\volmgr.exe
mRun: [DibD3pnG5Q6W8R8234A] c:\windows\system32\S4pmH5sQJdLgZhC.exe
dRun: [tgtYlbINMYG.exe] c:\documents and settings\all users\application data\tgtYlbINMYG.exe
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{477A5AC8-5CBC-4C60-BA9C-A2AF7719E1D3} : DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg\application data\mozilla\firefox\profiles\8zvej24t.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101182100&s=
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-4-3 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-4-3 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-3 29712]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-4-3 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-25 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gsc\WLService.exe [2008-11-26 53307]
S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-25 921952]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\r169419\atidgllk.sys [2008-4-2 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-30 27064]
.
=============== Created Last 30 ================
.
2011-10-07 20:50:36 -------- d-----w- c:\documents and settings\greg\application data\VK8gRZqhYwUrOtP
2011-10-07 20:50:10 -------- d-----w- c:\documents and settings\greg\application data\wvD2obF4pHsJd
2011-10-07 20:50:10 -------- d-----w- c:\documents and settings\greg\application data\H3pnG5aQHdK
2011-10-07 20:43:27 -------- d-----w- c:\windows\system32\NnG4aQH6dKfLhX
2011-10-07 20:43:27 -------- d-----w- C:\EwkUVrlOBx0c1b3
2011-10-07 20:43:16 3001856 ----a-w- c:\windows\system32\S4pmH5sQJdLgZhC.exe
2011-10-07 20:43:15 -------- d-----w- C:\urzPNyxA1v2b
2011-10-07 20:31:55 -------- d-----w- c:\documents and settings\greg\application data\XycA1ivD3n4m6W7
2011-10-07 20:31:54 -------- d-----w- c:\documents and settings\greg\application data\XIVrlONtx0c2b3n
2011-10-06 21:11:23 -------- d-----w- c:\documents and settings\greg\application data\hJ7dEK8gRqYwUrO
2011-10-06 21:11:22 -------- d-----w- c:\documents and settings\greg\application data\gonG4amH6W7E9Tq
2011-10-06 01:07:37 -------- d-----w- c:\documents and settings\greg\application data\tVrlOBtxPuSiD
2011-10-06 01:07:37 -------- d-----w- c:\documents and settings\greg\application data\hpnG4aQH6
2011-10-05 23:02:49 -------- d-----w- c:\documents and settings\greg\application data\XF4amH6sW7
2011-10-05 23:02:49 -------- d-----w- c:\documents and settings\greg\application data\HdWK8fRZ9TwUeIt
2011-10-05 20:02:10 -------- d-----w- c:\documents and settings\greg\application data\ZVrlONtxPuSiDpG
2011-10-05 20:02:09 -------- d-----w- c:\documents and settings\greg\application data\bmH5sQJ7dLgZhCk
2011-10-05 19:49:06 120832 ---ha-w- c:\windows\system32\beep.sys
2011-10-05 19:48:50 468480 ----a-w- c:\documents and settings\all users\application data\tgtYlbINMYG.exe
2011-10-05 19:48:35 -------- d--h--w- c:\windows\$BLSTUN$
2011-10-05 19:48:27 -------- d-----w- c:\documents and settings\all users\application data\WSTB
2011-10-05 19:23:34 -------- d-----w- c:\documents and settings\greg\application data\hmH5sQJ7dLgZhCk
2011-10-05 19:23:33 -------- d-----w- c:\documents and settings\greg\application data\VjUCekIBrPyAuDo
2011-10-04 21:46:55 -------- d-----w- c:\documents and settings\greg\application data\sEL8gTZqhCk
2011-10-04 21:46:55 -------- d-----w- c:\documents and settings\greg\application data\nNycA1uvDoFp
2011-10-03 23:37:31 -------- d-----w- c:\documents and settings\greg\application data\k7fRL9gTXjCkBzN
2011-10-03 23:37:31 -------- d-----w- c:\documents and settings\greg\application data\BonG4aQH6W
2011-10-03 23:30:18 -------- d-----w- c:\documents and settings\greg\application data\dD3onF4am6W7E9T
2011-10-03 23:30:17 -------- d-----w- c:\documents and settings\greg\application data\DcS2ibF3pGaJdKf
2011-10-03 19:04:23 2398208 ---ha-w- c:\windows\system32\FsWKfRL9gXjCkBz.exe
2011-10-01 14:45:53 -------- d--h--w- C:\ComboFix
2011-10-01 00:04:30 -------- d-sh--w- c:\documents and settings\greg\PrivacIE
2011-10-01 00:03:28 -------- d-sh--w- c:\documents and settings\greg\IETldCache
2011-10-01 00:00:28 -------- d--h--w- c:\windows\ie8updates
2011-09-30 23:58:20 -------- dc-h--w- c:\windows\ie8
2011-09-30 23:56:28 7680 ---h--w- c:\windows\system32\dllcache\iecompat.dll
2011-09-30 23:56:26 602112 ---h--w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-30 23:56:26 55296 ---h--w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-30 23:56:25 743424 ---h--w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-30 23:56:25 247808 ---h--w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-30 23:56:25 12800 ---h--w- c:\windows\system32\dllcache\xpshims.dll
2011-09-30 23:56:24 1991680 ---h--w- c:\windows\system32\dllcache\iertutil.dll
2011-09-30 23:56:23 11081728 ---h--w- c:\windows\system32\dllcache\ieframe.dll
2011-09-30 23:31:32 -------- d-----w- c:\documents and settings\greg\local settings\application data\VS Revo Group
2011-09-30 23:31:23 27064 ---ha-w- c:\windows\system32\drivers\revoflt.sys
2011-09-30 23:31:22 -------- d--h--w- c:\program files\VS Revo Group
2011-09-24 02:52:51 -------- d--h--w- C:\_OTL
2011-09-21 18:22:41 -------- d-----w- c:\documents and settings\greg\local settings\application data\ApplicationHistory
2011-09-21 17:38:27 -------- d--h--w- C:\COMBO-FIX4520C
2011-09-21 17:35:22 -------- d--h--w- C:\COMBO-FIX17960C
2011-09-14 23:27:11 -------- d-----w- c:\documents and settings\greg\application data\SUPERAntiSpyware.com
2011-09-14 23:26:42 -------- d--h--w- c:\program files\SUPERAntiSpyware
2011-09-14 23:26:42 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-13 20:39:51 -------- d--h--w- c:\program files\iPod
2011-09-13 20:39:42 -------- d--h--w- c:\program files\iTunes
2011-09-12 23:46:31 -------- d--h--w- c:\program files\ESET
2011-09-10 01:07:09 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2011-10-05 19:51:57 120832 ---ha-w- c:\windows\system32\drivers\beep.sys
2011-09-09 09:12:13 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-06 17:21:58 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-09-06 17:21:57 104 --sh--r- c:\windows\system32\5018098FE8.sys
2011-08-30 18:17:11 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 83816 ---ha-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ---ha-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 178536 ---ha-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 17:02:24.75 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2008 3:44:58 PM
System Uptime: 10/7/2011 4:48:36 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 462 GiB total, 438.578 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP566: 9/17/2011 9:47:37 PM - AEROSMITH
RP567: 9/21/2011 1:40:32 PM - ComboFix created restore point
RP568: 9/27/2011 1:17:13 PM - System Checkpoint
RP569: 9/28/2011 12:35:23 PM - Software Distribution Service 3.0
RP570: 9/30/2011 7:32:18 PM - Revo Uninstaller Pro's restore point - Mozilla Firefox 7.0.1 (x86 en-US)
RP571: 9/30/2011 7:42:53 PM - Revo Uninstaller Pro's restore point - IKEA Home Planner
RP572: 9/30/2011 7:43:12 PM - Removed IKEA Home Planner
RP573: 9/30/2011 7:58:56 PM - Installed Windows Internet Explorer 8.
RP574: 9/30/2011 7:59:35 PM - Software Distribution Service 3.0
RP575: 10/1/2011 10:42:24 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
AVG 9.0
Bonjour
Browser Address Error Redirector
Compact Wireless-G USB Network Adapter with SpeedBooster
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Dell DataSafe Online
Dell Driver Reset Tool
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support Center (Support Software)
Dell System Restore
Digital Line Detect
Documentation & Support Launcher
ERUNT 1.1j
ESET Online Scanner v3
Games, Music, & Photos Launcher
Google Earth
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NetWaiting
PowerDVD
QuickTime
REA's TESTware for the NYSTCE Multi-Subject CST
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.5
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
SearchAssist
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
SUPERAntiSpyware
Talul-Ads Browser Enhancer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
10/5/2011 4:01:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
10/5/2011 4:01:41 PM, error: SRService [104] - The System Restore initialization process failed.
10/5/2011 4:01:41 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
10/5/2011 3:38:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL
10/5/2011 3:23:11 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/1/2011 9:28:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/1/2011 9:26:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
Ken, my computer would not let me attach a file..it would bog down, so I cut and pasted both. Thanks Greg
I had no idea not to post last file, I couldnt zip it. Do it contain personal info. Greg
Your DDS log still shows your infected with Zero Access Rootkit, after running MBRCheck fix, have the adds through the speaker stopped ?????
If you still have Combofix on your desktop, drag it to the trash and lets grab a new copy and run it and post the log
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Ken,
I can no longer connect to the internet with my desktop. Ive checked all connections to no avail. I was able to download fresh Combo fix's however when I run it 2 specific things happen 1. A prompt says "system cannot find file specified. 2. "scan shut down due to Rootkit activity.
Greg
Greg,
Run CF in Safemode, your infected with the Zero Access Rootkit and CF can clean it
How are you coming along Greg ?
Gregg, this rootkit your infected with will disable the internet, your mouse and keyboard, possibly even your lan card , this is new info that has been posted
Hi Ken,
life has gotten in the way of working on my desktop. Correct, I can no longer connect to the internet., Im trying to download combofix to a flash drive so I can run it on safe mode on my desktop. for what ever reason I can get combofix to down load to my flash drive. Maybe its time to bring my desktop to a pro. Thanks, Ken
Greg
Hello Greg,
This is what I have been telling you all along, you need to format and reinstall the operating system. Even if this computer was cleaned, it would be what we call Compromised, what that means is that it could never be trusted , you would be taking a chance doing any online transactions like banking or credit card purchases. Doing a format and clean install of windows will eliminate that.
Do you have your windows CD or the Recovery CD that came with this computer, if so I can link you to a good forum that can help you with the reinstall saving you the cost of a repair shop.
Let me know,
Ken
Hi Ken,
Yes, I have the original Windows CD. I cannot access the internet, can you direct me to a site on how to uninstall and reinstall Windows, I can use my laptop to access internet. Thanks again Ken!!
Greg
Greg,
Post here and let them know whats going on, all us forums work together so you can link them to this thread so they can see what we have done, be sure to let them know you have no internet access so they can offer a work around.
http://forums.whatthetech.com/index.php?showforum=119
Good luck,
Ken
Hi Ken,
I havent gotten any replys on the other site. should I just uninstall and reinstall using microsoft tutorial. If I save files to a flash driven wont they be infected as well?
Thanks, Greg
Greg,
I sent the other forum a heads up, sometimes it takes a few days to get a reply depending on how busy they are.
If you want to attempt it yourself and feel confident than go for it. As far as a Flash drive, I would not use one, this stuff can sometimes infect flash drives. I would burn them to a CD and then after the reinstall , before you put them back, have the CD checked with your virus scanner.
Ken,
Thanks so much for all your help, I really appreciate it!
Greg