Google redirect help

Try this

1. Run MBRCheck.exe
2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
3. Please push the 'Y' key and then press Enter
4. When program ask you Enter your choice: enter 2 and press the Enter key
5. Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
6. Enter 0 and press the Enter key.
7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
8. The program will prompt for confirmation. Type 'YES' and hit Enter.
9. Left click on the title bar (where program name and path is written).
10. From menu chose Edit -> Select All
11. Hit the Enter key on your keyboard to copy selected text.
12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
13. Restart your PC.
14. Post the text in "MBRCheck results.txt" here, please.
 
You have the patients of a saint....


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9E6A000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E4A000 fltmgr.sys
0xB9E38000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9E21000 KSecDD.sys
0xB9D94000 Ntfs.sys
0xB9D67000 NDIS.sys
0xB9D4D000 Mup.sys
0xBA108000 avgrkx86.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8BD1000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8BBD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8B7C000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8B58000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8B30000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8AFC000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB8AD9000 \SystemRoot\system32\DRIVERS\ks.sys
0xB89DA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB8933000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA480000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA7D3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA138000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D11000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB891C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA158000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB890B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA498000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB88AD000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8E7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA554000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA204000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA1E0000 \SystemRoot\system32\drivers\portcls.sys
0xAC187000 \SystemRoot\system32\drivers\drmk.sys
0xAC490000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA759000 \SystemRoot\System32\Drivers\Null.SYS
0xAB161000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA864B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA8F9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA8F97000 \SystemRoot\System32\drivers\vga.sys
0xBA66A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA66C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAB05F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAB057000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAB159000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA85F8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA859F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8565000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA853F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAB7B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAB165000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8517000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAB171000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA84D4000 \SystemRoot\System32\drivers\afd.sys
0xAAE28000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA84B2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xAB899000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8487000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8417000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAADD8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA450000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA83E3000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA8A9B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xAB869000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAB861000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8EBB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA83CB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC4A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xAB047000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0D1000 \SystemRoot\System32\atikvmag.dll
0xBF13D000 \SystemRoot\System32\atiok3x2.dll
0xBF16B000 \SystemRoot\System32\ati3duag.dll
0xBF468000 \SystemRoot\System32\ativvaxx.dll
0xBF5ED000 \SystemRoot\System32\ATMFD.DLL
0xA6162000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA60DC000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xAADF8000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA614E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA57C6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA57F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA867B000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA56CE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA5452000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA5235000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9837000 \SystemRoot\system32\drivers\sysaudio.sys
0xA52AE000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xA5147000 \SystemRoot\system32\drivers\kmixer.sys
0xA4225000 \SystemRoot\System32\Drivers\HTTP.sys
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
652 C:\WINDOWS\system32\smss.exe
700 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
940 C:\WINDOWS\system32\ati2evxx.exe
968 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1344 svchost.exe
1420 svchost.exe
1564 C:\Program Files\AVG\AVG9\avgchsvx.exe
1688 C:\WINDOWS\system32\spoolsv.exe
1768 C:\WINDOWS\3238208952:1205533758.exe
284 svchost.exe
320 C:\Program Files\SUPERAntiSpyware\SASCore.exe
416 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
440 C:\Program Files\AVG\AVG9\avgwdsvc.exe
456 C:\Program Files\Bonjour\mDNSResponder.exe
516 C:\WINDOWS\system32\dlcxcoms.exe
1328 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1464 C:\WINDOWS\system32\svchost.exe
188 wdfmgr.exe
1352 C:\Program Files\Linksys\WUSB54GSC\WLService.exe
1860 C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
244 C:\Program Files\AVG\AVG9\avgam.exe
1652 C:\Program Files\AVG\AVG9\avgnsx.exe
2812 alg.exe
4032 C:\WINDOWS\explorer.exe
4044 C:\WINDOWS\system32\wscntfy.exe
1872 C:\WINDOWS\RTHDCPL.EXE
1880 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1908 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
1744 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2088 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2176 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
2368 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2892 C:\Program Files\QuickTime\QTTask.exe
696 C:\Program Files\iTunes\iTunesHelper.exe
3224 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
180 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3360 C:\WINDOWS\system32\ctfmon.exe
3476 C:\Program Files\Internet Explorer\iexplore.exe
524 C:\WINDOWS\system32\svchost.exe
468 C:\Program Files\iPod\bin\iPodService.exe
1620 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1844 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
4496 csrss.exe
3912 C:\WINDOWS\system32\winlogon.exe
6120 explorer.exe
4660 RTHDCPL.EXE
2632 CLI.exe
6096 PDVDDXSrv.exe
3020 dlcxmon.exe
1200 MediaDetect.exe
5220 sprtcmd.exe
1340 avgtray.exe
3424 QTTask.exe
632 iTunesHelper.exe
3972 issch.exe
5704 ctfmon.exe
3980 msmsgs.exe
560 ONENOTEM.EXE
2400 CLI.exe
2448 C:\WINDOWS\system32\svchost.exe
5288 C:\Documents and Settings\Greg\Desktop\MBRCheck.exe

WARNING: Unsupported Windows version! Results may not be accurate!
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.ADG

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (UNKNOWN)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Out of memory!Could not read disk!


Done!
 
When I rebooted I've gotten a blue screen, A problem has been detected and windows was shut down to prevent damage. PAGE_FAULT_IN_NONPAGED_AREA appears. Also

Technical information:

***STOP:0x00000050 (0xf000c358, 0x00000001, 0x80637AF1, 0x00000002)

Ken, i'm in way over my head...Thanks Greg
 
You should be able to run aswMBR now, give it a shot and post the log and then also run DDS and post a new log
 
Have you tried aswMBR in Safemode ?


Download DDS from one of the links below to your desktop

Link 1
Link 2

  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
  • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Greg at 16:55:29 on 2011-10-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2217 [GMT -4:00]
.
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\3238208952:1205533758.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: adfabonppr Object: {26d02f99-ae5b-4533-ad67-e23b4b20d60d} - c:\windows\$blstun$\qgnnv.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: brumabonpgrm Object: {795f4311-02c9-4b7b-a9bb-78d4fe68a98d} - c:\windows\$blstun$\lmatn.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] c:\program files\dell photo aio printer 926\memcard.exe
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QNyxA1uvDoFpHs8234A] c:\windows\system32\FsWKfRL9gXjCkBz.exe
mRun: [volmgr] %APPDATA%\volmgr.exe
mRun: [DibD3pnG5Q6W8R8234A] c:\windows\system32\S4pmH5sQJdLgZhC.exe
dRun: [tgtYlbINMYG.exe] c:\documents and settings\all users\application data\tgtYlbINMYG.exe
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{477A5AC8-5CBC-4C60-BA9C-A2AF7719E1D3} : DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg\application data\mozilla\firefox\profiles\8zvej24t.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101182100&s=
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-4-3 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-4-3 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-3 29712]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-4-3 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-25 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gsc\WLService.exe [2008-11-26 53307]
S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-25 921952]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\r169419\atidgllk.sys [2008-4-2 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-30 27064]
.
=============== Created Last 30 ================
.
2011-10-07 20:50:36 -------- d-----w- c:\documents and settings\greg\application data\VK8gRZqhYwUrOtP
2011-10-07 20:50:10 -------- d-----w- c:\documents and settings\greg\application data\wvD2obF4pHsJd
2011-10-07 20:50:10 -------- d-----w- c:\documents and settings\greg\application data\H3pnG5aQHdK
2011-10-07 20:43:27 -------- d-----w- c:\windows\system32\NnG4aQH6dKfLhX
2011-10-07 20:43:27 -------- d-----w- C:\EwkUVrlOBx0c1b3
2011-10-07 20:43:16 3001856 ----a-w- c:\windows\system32\S4pmH5sQJdLgZhC.exe
2011-10-07 20:43:15 -------- d-----w- C:\urzPNyxA1v2b
2011-10-07 20:31:55 -------- d-----w- c:\documents and settings\greg\application data\XycA1ivD3n4m6W7
2011-10-07 20:31:54 -------- d-----w- c:\documents and settings\greg\application data\XIVrlONtx0c2b3n
2011-10-06 21:11:23 -------- d-----w- c:\documents and settings\greg\application data\hJ7dEK8gRqYwUrO
2011-10-06 21:11:22 -------- d-----w- c:\documents and settings\greg\application data\gonG4amH6W7E9Tq
2011-10-06 01:07:37 -------- d-----w- c:\documents and settings\greg\application data\tVrlOBtxPuSiD
2011-10-06 01:07:37 -------- d-----w- c:\documents and settings\greg\application data\hpnG4aQH6
2011-10-05 23:02:49 -------- d-----w- c:\documents and settings\greg\application data\XF4amH6sW7
2011-10-05 23:02:49 -------- d-----w- c:\documents and settings\greg\application data\HdWK8fRZ9TwUeIt
2011-10-05 20:02:10 -------- d-----w- c:\documents and settings\greg\application data\ZVrlONtxPuSiDpG
2011-10-05 20:02:09 -------- d-----w- c:\documents and settings\greg\application data\bmH5sQJ7dLgZhCk
2011-10-05 19:49:06 120832 ---ha-w- c:\windows\system32\beep.sys
2011-10-05 19:48:50 468480 ----a-w- c:\documents and settings\all users\application data\tgtYlbINMYG.exe
2011-10-05 19:48:35 -------- d--h--w- c:\windows\$BLSTUN$
2011-10-05 19:48:27 -------- d-----w- c:\documents and settings\all users\application data\WSTB
2011-10-05 19:23:34 -------- d-----w- c:\documents and settings\greg\application data\hmH5sQJ7dLgZhCk
2011-10-05 19:23:33 -------- d-----w- c:\documents and settings\greg\application data\VjUCekIBrPyAuDo
2011-10-04 21:46:55 -------- d-----w- c:\documents and settings\greg\application data\sEL8gTZqhCk
2011-10-04 21:46:55 -------- d-----w- c:\documents and settings\greg\application data\nNycA1uvDoFp
2011-10-03 23:37:31 -------- d-----w- c:\documents and settings\greg\application data\k7fRL9gTXjCkBzN
2011-10-03 23:37:31 -------- d-----w- c:\documents and settings\greg\application data\BonG4aQH6W
2011-10-03 23:30:18 -------- d-----w- c:\documents and settings\greg\application data\dD3onF4am6W7E9T
2011-10-03 23:30:17 -------- d-----w- c:\documents and settings\greg\application data\DcS2ibF3pGaJdKf
2011-10-03 19:04:23 2398208 ---ha-w- c:\windows\system32\FsWKfRL9gXjCkBz.exe
2011-10-01 14:45:53 -------- d--h--w- C:\ComboFix
2011-10-01 00:04:30 -------- d-sh--w- c:\documents and settings\greg\PrivacIE
2011-10-01 00:03:28 -------- d-sh--w- c:\documents and settings\greg\IETldCache
2011-10-01 00:00:28 -------- d--h--w- c:\windows\ie8updates
2011-09-30 23:58:20 -------- dc-h--w- c:\windows\ie8
2011-09-30 23:56:28 7680 ---h--w- c:\windows\system32\dllcache\iecompat.dll
2011-09-30 23:56:26 602112 ---h--w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-30 23:56:26 55296 ---h--w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-30 23:56:25 743424 ---h--w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-30 23:56:25 247808 ---h--w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-30 23:56:25 12800 ---h--w- c:\windows\system32\dllcache\xpshims.dll
2011-09-30 23:56:24 1991680 ---h--w- c:\windows\system32\dllcache\iertutil.dll
2011-09-30 23:56:23 11081728 ---h--w- c:\windows\system32\dllcache\ieframe.dll
2011-09-30 23:31:32 -------- d-----w- c:\documents and settings\greg\local settings\application data\VS Revo Group
2011-09-30 23:31:23 27064 ---ha-w- c:\windows\system32\drivers\revoflt.sys
2011-09-30 23:31:22 -------- d--h--w- c:\program files\VS Revo Group
2011-09-24 02:52:51 -------- d--h--w- C:\_OTL
2011-09-21 18:22:41 -------- d-----w- c:\documents and settings\greg\local settings\application data\ApplicationHistory
2011-09-21 17:38:27 -------- d--h--w- C:\COMBO-FIX4520C
2011-09-21 17:35:22 -------- d--h--w- C:\COMBO-FIX17960C
2011-09-14 23:27:11 -------- d-----w- c:\documents and settings\greg\application data\SUPERAntiSpyware.com
2011-09-14 23:26:42 -------- d--h--w- c:\program files\SUPERAntiSpyware
2011-09-14 23:26:42 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-13 20:39:51 -------- d--h--w- c:\program files\iPod
2011-09-13 20:39:42 -------- d--h--w- c:\program files\iTunes
2011-09-12 23:46:31 -------- d--h--w- c:\program files\ESET
2011-09-10 01:07:09 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2011-10-05 19:51:57 120832 ---ha-w- c:\windows\system32\drivers\beep.sys
2011-09-09 09:12:13 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-06 17:21:58 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-09-06 17:21:57 104 --sh--r- c:\windows\system32\5018098FE8.sys
2011-08-30 18:17:11 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 83816 ---ha-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ---ha-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 178536 ---ha-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 17:02:24.75 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2008 3:44:58 PM
System Uptime: 10/7/2011 4:48:36 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 462 GiB total, 438.578 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP566: 9/17/2011 9:47:37 PM - AEROSMITH
RP567: 9/21/2011 1:40:32 PM - ComboFix created restore point
RP568: 9/27/2011 1:17:13 PM - System Checkpoint
RP569: 9/28/2011 12:35:23 PM - Software Distribution Service 3.0
RP570: 9/30/2011 7:32:18 PM - Revo Uninstaller Pro's restore point - Mozilla Firefox 7.0.1 (x86 en-US)
RP571: 9/30/2011 7:42:53 PM - Revo Uninstaller Pro's restore point - IKEA Home Planner
RP572: 9/30/2011 7:43:12 PM - Removed IKEA Home Planner
RP573: 9/30/2011 7:58:56 PM - Installed Windows Internet Explorer 8.
RP574: 9/30/2011 7:59:35 PM - Software Distribution Service 3.0
RP575: 10/1/2011 10:42:24 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
AVG 9.0
Bonjour
Browser Address Error Redirector
Compact Wireless-G USB Network Adapter with SpeedBooster
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Dell DataSafe Online
Dell Driver Reset Tool
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support Center (Support Software)
Dell System Restore
Digital Line Detect
Documentation & Support Launcher
ERUNT 1.1j
ESET Online Scanner v3
Games, Music, & Photos Launcher
Google Earth
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NetWaiting
PowerDVD
QuickTime
REA's TESTware for the NYSTCE Multi-Subject CST
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.5
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
SearchAssist
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
SUPERAntiSpyware
Talul-Ads Browser Enhancer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
10/5/2011 4:01:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
10/5/2011 4:01:41 PM, error: SRService [104] - The System Restore initialization process failed.
10/5/2011 4:01:41 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
10/5/2011 3:38:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL
10/5/2011 3:23:11 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/1/2011 9:28:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/1/2011 9:26:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 9:26:01 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================


Ken, my computer would not let me attach a file..it would bog down, so I cut and pasted both. Thanks Greg
 
Your DDS log still shows your infected with Zero Access Rootkit, after running MBRCheck fix, have the adds through the speaker stopped ?????

If you still have Combofix on your desktop, drag it to the trash and lets grab a new copy and run it and post the log


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Ken,

I can no longer connect to the internet with my desktop. Ive checked all connections to no avail. I was able to download fresh Combo fix's however when I run it 2 specific things happen 1. A prompt says "system cannot find file specified. 2. "scan shut down due to Rootkit activity.

Greg
 
How are you coming along Greg ?

Gregg, this rootkit your infected with will disable the internet, your mouse and keyboard, possibly even your lan card , this is new info that has been posted
 
Last edited:
Hi Ken,

life has gotten in the way of working on my desktop. Correct, I can no longer connect to the internet., Im trying to download combofix to a flash drive so I can run it on safe mode on my desktop. for what ever reason I can get combofix to down load to my flash drive. Maybe its time to bring my desktop to a pro. Thanks, Ken

Greg
 
Hello Greg,

This is what I have been telling you all along, you need to format and reinstall the operating system. Even if this computer was cleaned, it would be what we call Compromised, what that means is that it could never be trusted , you would be taking a chance doing any online transactions like banking or credit card purchases. Doing a format and clean install of windows will eliminate that.

Do you have your windows CD or the Recovery CD that came with this computer, if so I can link you to a good forum that can help you with the reinstall saving you the cost of a repair shop.

Let me know,

Ken
 
Hi Ken,

Yes, I have the original Windows CD. I cannot access the internet, can you direct me to a site on how to uninstall and reinstall Windows, I can use my laptop to access internet. Thanks again Ken!!

Greg
 
You must log in or register to reply here.
Back
Top