serach redirect and new window popup ads.

[buddycraigg]

About 2 weeks ago I was watching a news video on yahoo. And out of nowhere i got like 7 spybot "access denied" or something like that above the clock. in the lower right corner.

An advertisement came up saying that my computer was infected and I needed to purchase Internet Security 2010.

I knew it was a scam and just shut down the computer to deal with it the next night.

I followed the instructions here
http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010
and everything seemed fine.

About last week, I noticed google redirects and small pop up windows.

I have a 17yo stepson that knows everything and may have ran other programs. I found these setup files in the recycle bin.
super anti spyware
ad aware
avira
So these may or may not have been tried.
I asked him, but as a parent, do you know when a teenager is lying???
When their mouth is moving.

I ran the maulwarebytes thing from the instructions in the other link.
spybot was already installed and running.
AVG was installed and running.

anyway, here's my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:36 PM, on 2/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondemand5.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
O23 - Service: Google Update Service (gupdate1c97e9c79feed18) (gupdate1c97e9c79feed18) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5786 bytes

 

[ken545]

Hello buddycraigg

Welcome to Safer Networking.

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.


First open Malwarebytes and go to the Logs tab, open it and copy and paste the log into this thread.



Please download RootRepeal from one of these locations and save it to your desktop
Here
Here
Here

• Open
  
  on your desktop.
• Click the
  
  tab.
• Click the
  
  button.
• Check just these boxes:
• 
• Push Ok
• Check the box for your main system drive (Usually C:, and press Ok.
• Allow RootRepeal to run a scan of your system. This may take some time.
• Once the scan completes, push the
  
  button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[buddycraigg]

hello ken545.
Thank you for trying to help me.

I had already followed the steps listed in Before you post

 

[buddycraigg]

DAMN
I assumed that I would be able to edit my post to add this log file.
But I have to make a new post to my thread.

Malwarebytes' Anti-Malware 1.44
Database version: 3649
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

1/28/2010 12:01:54 AM
mbam-log-2010-01-28 (00-01-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 163771
Time elapsed: 1 hour(s), 5 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{149966B9-0AD4-4C3A-9CC2-D96281C9EA09}\RP759\A0105439.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{149966B9-0AD4-4C3A-9CC2-D96281C9EA09}\RP759\A0106444.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{149966B9-0AD4-4C3A-9CC2-D96281C9EA09}\RP759\A0106445.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

[ken545]

What Malwarebytes found where bad entries in your System Restore Program and those entries are nasty.

Lets see what RootRepeal and OTL finds

 

[buddycraigg]

Lets see what RootRepeal and OTL finds

I feel like an idiot
I didn't include the second half of my last message the other night.

so I'm going to start over.
SOME members of the house don't care if there is a problem with the computer and keep using it.

So I put a bios password on it so I will be the only person messing with it until it's fixed.

here is tonight's Malwarebytes log...

Malwarebytes' Anti-Malware 1.44
Database version: 3691
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

2/7/2010 7:56:40 PM
mbam-log-2010-02-07 (19-56-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 168844
Time elapsed: 44 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{149966B9-0AD4-4C3A-9CC2-D96281C9EA09}\RP773\A0107755.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{149966B9-0AD4-4C3A-9CC2-D96281C9EA09}\RP773\A0107756.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

.
.
RootRepeal hangs every time I try it.
I let it sit for 2 hours tonight before I did a hard reboot by holding in the power button.

It will scan
Drivers
Processes
SSDT

but hangs on Hidden Services
The clock in the lower right corner stops
I can not move the pointer
and the hard drive light on the front of the tower stays on solid.
CTRL+ALT+DELETE does nothing.

for what it's worth, here are the logs for Drivers, Processes, SSDT
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/07 20:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0xF793F000 Size: 16384 File Visible: No Signed: -
Status: -

Name: dump_nvidesm.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_nvidesm.sys
Address: 0xB374C000 Size: 20480 File Visible: No Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xB6FCC000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==
.
.
.
.
.
.
.
.
OTL seemed to run.

OTL logfile created on: 2/7/2010 8:56:30 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\buddy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.10 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive D: | 111.76 Gb Total Space | 75.52 Gb Free Space | 67.58% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADDY-TP53Z8UEU
Current User Name: buddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\buddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\buddy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (gupdate1c97e9c79feed18) Google Update Service (gupdate1c97e9c79feed18) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (nvidesm) -- C:\WINDOWS\system32\drivers\nvidesm.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PSC60x) Philips PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\pscaudio.sys (Philips Components (PSS))
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (HCW848NT) -- C:\WINDOWS\system32\drivers\HCW848NT.sys (Hauppauge Computer Works)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ondemand5.com/
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s

FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/10/28 22:32:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 18:11:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 06:46:17 | 000,000,000 | ---D | M]

[2008/12/04 19:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\buddy\Application Data\Mozilla\Extensions
[2010/02/03 21:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\buddy\Application Data\Mozilla\Firefox\Profiles\zxic7n1h.default\extensions
[2008/07/08 17:31:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\buddy\Application Data\Mozilla\Firefox\Profiles\zxic7n1h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/02 20:12:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/12 15:36:00 | 000,073,789 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npjwp.dll

O1 HOSTS File: ([2007/10/20 00:21:32 | 000,192,954 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 6834 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/19 20:25:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/07 05:19:46 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\buddy\Desktop\OTL.exe
[2010/02/07 05:19:17 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\buddy\Desktop\RootRepeal(2).exe
[2010/02/07 05:09:21 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\buddy\Desktop\RootRepeal.exe
[2010/02/04 20:00:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/04 20:00:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/03 22:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\buddy\Local Settings\Application Data\wbktgf
[2010/02/03 22:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\buddy\Local Settings\Application Data\ilxfsd
[2010/02/02 21:48:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/02 21:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/02 21:38:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\buddy\Desktop\erunt-setup.exe
[2010/02/02 21:24:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/02 21:24:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/02 21:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/02 21:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/02 21:22:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/02/02 21:22:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/02 18:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/02 18:58:18 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\buddy\Desktop\HJTInstall.exe
[2010/02/02 18:51:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/01 21:37:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/01/31 20:49:23 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/30 20:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/30 20:21:50 | 091,338,304 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\buddy\Desktop\Ad-AwareInstallation.exe
[2010/01/30 00:54:57 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\buddy\Desktop\avg_free_stb_all_9_40_cnet(2).exe
[2010/01/28 00:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/28 00:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\buddy\Application Data\SUPERAntiSpyware.com
[2010/01/28 00:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/27 22:43:59 | 005,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\buddy\Desktop\mbam-setup.exe
[2010/01/27 20:54:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/01/27 20:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\buddy\Application Data\Malwarebytes
[2010/01/27 20:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/27 20:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/27 02:22:17 | 000,000,000 | ---D | C] -- C:\ComputerRequirementsTemp
[2010/01/26 23:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\buddy\Desktop\oh death01_data
[2010/01/24 03:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\buddy\Desktop\ms2fb
[2010/01/24 03:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\buddy\Local Settings\Application Data\bhxcdy
[2010/01/23 00:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\buddy\Desktop\CD
[2010/01/13 07:13:40 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/02/11 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/01/24 21:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/07 20:51:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/07 20:51:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 20:51:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/07 20:37:53 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\buddy\NTUSER.DAT
[2010/02/07 20:04:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\settings.dat
[2010/02/07 19:57:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\buddy\ntuser.ini
[2010/02/07 19:36:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/07 05:19:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\buddy\Desktop\OTL.exe
[2010/02/07 05:19:14 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\buddy\Desktop\RootRepeal(2).exe
[2010/02/07 05:09:18 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\buddy\Desktop\RootRepeal.exe
[2010/02/07 02:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/07 00:35:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/06 01:30:55 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\buddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 20:00:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 03:27:24 | 000,000,565 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2010/02/04 03:27:24 | 000,000,032 | ---- | M] () -- C:\WINDOWS\HCWBTDLG.INI
[2010/02/02 21:48:09 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\ERUNT.lnk
[2010/02/02 21:38:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\buddy\Desktop\erunt-setup.exe
[2010/02/02 20:51:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\buddy\Local Settings\Application Data\prvlcl.dat
[2010/02/02 20:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/02 20:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/02 18:58:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\HijackThis.lnk
[2010/02/02 18:58:20 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\buddy\Desktop\HJTInstall.exe
[2010/02/02 18:45:32 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/02 18:45:32 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/02 00:42:03 | 000,000,517 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/02 00:42:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/02 00:42:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/01 21:35:16 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/01 03:03:38 | 003,841,968 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\ComboFix.exe
[2010/01/31 20:33:28 | 030,909,992 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\avira_antivir_personal_en.exe
[2010/01/30 20:38:35 | 091,338,304 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\buddy\Desktop\Ad-AwareInstallation.exe
[2010/01/30 00:54:55 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\buddy\Desktop\avg_free_stb_all_9_40_cnet(2).exe
[2010/01/28 00:37:18 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\SUPERAntiSpyware.exe
[2010/01/27 22:44:14 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\buddy\Desktop\mbam-setup.exe
[2010/01/27 10:23:46 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\rkill.com
[2010/01/27 01:29:25 | 000,000,001 | ---- | M] () -- C:\s
[2010/01/27 00:17:52 | 000,004,512 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\oh death01.aup
[2010/01/27 00:13:01 | 000,004,666 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\oh death01.aup.bak
[2010/01/23 02:16:57 | 012,620,844 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\oh death.wav
[2010/01/17 06:16:46 | 001,938,996 | ---- | M] () -- C:\Documents and Settings\buddy\Desktop\Don Ho...Tiny Bubbles!.wmv
[2010/01/14 02:18:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/07 20:04:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\settings.dat
[2010/02/04 20:00:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/02 21:48:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\ERUNT.lnk
[2010/02/02 18:58:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\HijackThis.lnk
[2010/02/01 03:03:37 | 003,841,968 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\ComboFix.exe
[2010/01/31 20:29:16 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\avira_antivir_personal_en.exe
[2010/01/30 20:45:18 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/30 20:45:18 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/30 20:45:18 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/30 20:45:18 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/30 20:45:18 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/30 08:18:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\buddy\Local Settings\Application Data\prvlcl.dat
[2010/01/28 00:37:01 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\SUPERAntiSpyware.exe
[2010/01/27 20:18:54 | 000,263,168 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\rkill.com
[2010/01/27 01:29:25 | 000,000,001 | ---- | C] () -- C:\s
[2010/01/26 23:55:24 | 000,004,666 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\oh death01.aup.bak
[2010/01/26 23:55:24 | 000,004,512 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\oh death01.aup
[2010/01/26 23:42:50 | 012,620,844 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\oh death.wav
[2010/01/17 06:16:33 | 001,938,996 | ---- | C] () -- C:\Documents and Settings\buddy\Desktop\Don Ho...Tiny Bubbles!.wmv
[2009/11/15 02:22:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/11/15 02:19:24 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2009/03/23 20:38:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/03/10 22:45:05 | 000,007,298 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/21 18:40:36 | 000,003,630 | ---- | C] () -- C:\WINDOWS\jw9p.ini
[2008/09/28 18:20:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/09/28 18:19:40 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/09/28 18:19:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/11/28 01:17:16 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\buddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/27 22:07:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/10/21 01:28:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SetOutput60x.dll
[2007/10/19 23:06:39 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HCWBTDLG.INI
[2007/10/19 23:04:48 | 000,000,565 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/10/19 21:42:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/28 10:07:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/09/28 10:05:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/09/28 10:05:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/09/28 10:05:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/17 00:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/17 00:07:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/17 00:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 00:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/17 00:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2008/05/01 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
[2007/12/18 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/10/20 00:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/03/02 00:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/10/20 00:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/05/01 21:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\buddy\Application Data\Future Systems Solutions
[2007/12/18 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\buddy\Application Data\iolo
[2008/09/28 18:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\buddy\Application Data\pdf995
[2007/10/22 19:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\buddy\Application Data\Ulead Systems
[2009/10/04 15:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\buddy\Application Data\XNote Stopwatch
[2010/02/02 20:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/07 02:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/02 18:45:32 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/02/02 18:45:32 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/02/02 20:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========


< End of report >
.
.
.
.
.
.
.
.
.
OTL Extras logfile created on: 2/7/2010 8:56:30 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\buddy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.10 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive D: | 111.76 Gb Total Space | 75.52 Gb Free Space | 67.58% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADDY-TP53Z8UEU
Current User Name: buddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{7602015C-88CB-4301-934D-C285B5BAA700}" = Philips Sound Agent 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DD77FBEB-7821-4065-A83B-BA03DA94B930}" = Casper 4.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Audacity_is1" = Audacity 1.2.6
"Bink and Smacker" = Bink and Smacker
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"CANONBJ_Deinstall_CNMCP49.DLL" = Canon i550
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ERUNT_is1" = ERUNT 1.1j
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge WinTV NT4/Win2000 Drivers" = Hauppauge WinTV NT4/Win2000 Drivers
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Lexmark 510 Series" = Lexmark 510 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAnForce" = NVIDIA Windows 2000/XP nForce Drivers
"Pdf995" = Pdf995
"Pennock's Image Poster_is1" = Pennock's Image Poster v1.07
"Pennock's Photo Renamer_is1" = Pennock's Photo Renamer v1.0
"PhotoRecord" = Canon PhotoRecord
"PSC Audio Driver" = PSC Audio Driver
"RealPlayer 6.0" = RealPlayer
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XNote Stopwatch" = XNote Stopwatch
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2009 2:34:34 AM | Computer Name = DADDY-TP53Z8UEU | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2009 2:57:26 AM | Computer Name = DADDY-TP53Z8UEU | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00036dfa.

Error - 4/26/2009 1:11:02 AM | Computer Name = DADDY-TP53Z8UEU | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00036dfa.

Error - 4/26/2009 1:43:14 AM | Computer Name = DADDY-TP53Z8UEU | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module agcore.dll, version 2.0.40115.0, fault address 0x0001255b.

Error - 4/26/2009 2:59:41 AM | Computer Name = DADDY-TP53Z8UEU | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00036dfa.

Error - 4/26/2009 3:01:05 AM | Computer Name = DADDY-TP53Z8UEU | Source = Application Error | ID = 1001
Description = Fault bucket 1232240568.

Error - 4/26/2009 3:22:43 AM | Computer Name = DADDY-TP53Z8UEU | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00036dfa.

Error - 4/26/2009 3:24:42 AM | Computer Name = DADDY-TP53Z8UEU | Source = Application Error | ID = 1001
Description = Fault bucket 1232240568.

Error - 5/13/2009 8:08:14 PM | Computer Name = DADDY-TP53Z8UEU | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2009 2:19:37 AM | Computer Name = DADDY-TP53Z8UEU | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ System Events ]
Error - 2/7/2010 10:51:57 PM | Computer Name = DADDY-TP53Z8UEU | Source = nvidesm | ID = 262153
Description = The device, \Device\Scsi\nvidesm1, did not respond within the timeout
period.

Error - 2/7/2010 10:51:57 PM | Computer Name = DADDY-TP53Z8UEU | Source = nvidesm | ID = 262153
Description = The device, \Device\Scsi\nvidesm1, did not respond within the timeout
period.


< End of report >

 

[buddycraigg]

and thank you for your time.

 

[ken545]

Hi,

Combofix has been run on this computer before, if its run on your own without supervision , this forum, myself and sUbs will not be responsible to any damage that it may do. Its a very powerful tool and what it can fix on one system it may damage another.



Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :dir
  C:\Documents and Settings\buddy\Local Settings\Application Data\wbktgf
  C:\Documents and Settings\buddy\Local Settings\Application Data\ilxfsd

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt



You have Combofix on your desktop, drag it to the trash and download a new copy.


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[buddycraigg]

I dont think combofix had actually be run before, because I had to install the microsoft recovery console.
Here's tonights exciting log files....

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:06 on 08/02/2010 by buddy (Administrator - Elevation successful)

========== dir ==========

C:\Documents and Settings\buddy\Local Settings\Application Data\wbktgf - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\Documents and Settings\buddy\Local Settings\Application Data\ilxfsd - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-=End Of File=-

ComboFix 10-02-08.04 - buddy 02/08/2010 19:14:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1717 [GMT -6:00]
Running from: c:\documents and settings\buddy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\s
C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-03 03:48 . 2010-02-03 03:48 -------- d-----w- c:\program files\ERUNT
2010-02-03 00:58 . 2010-02-03 00:58 -------- d-----w- c:\program files\Trend Micro
2010-02-01 02:49 . 2010-02-02 03:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-31 02:40 . 2010-01-31 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-30 14:18 . 2010-02-03 02:51 0 ----a-w- c:\documents and settings\buddy\Local Settings\Application Data\prvlcl.dat
2010-01-28 06:41 . 2010-01-28 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-28 06:40 . 2010-02-03 03:22 -------- d-----w- c:\documents and settings\buddy\Application Data\SUPERAntiSpyware.com
2010-01-28 06:40 . 2010-02-03 03:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-28 02:58 . 2010-01-28 02:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-28 02:25 . 2010-01-28 02:25 -------- d-----w- c:\documents and settings\buddy\Application Data\Malwarebytes
2010-01-28 02:25 . 2010-02-05 02:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 02:25 . 2010-01-28 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-27 08:22 . 2010-01-27 08:22 -------- d-----w- C:\ComputerRequirementsTemp
2010-01-24 09:18 . 2010-01-26 18:09 -------- d-----w- c:\documents and settings\buddy\Local Settings\Application Data\bhxcdy
2010-01-13 13:13 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 08:35 . 2008-04-17 23:37 -------- d-----w- c:\documents and settings\buddy\Application Data\Move Networks
2010-02-03 08:32 . 2010-02-03 08:32 144160 ----a-w- c:\documents and settings\buddy\Application Data\Move Networks\uninstall.exe
2010-02-03 08:32 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\buddy\Application Data\Move Networks\plugins\npqmp071505000011.dll
2010-02-03 08:32 . 2010-02-03 08:32 1436320 ----a-w- c:\documents and settings\buddy\Application Data\Move Networks\MoveMediaPlayerWinSilent_071505000011.exe
2010-02-03 08:19 . 2010-02-03 08:19 1956072 ----a-w- c:\documents and settings\buddy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-02-03 03:22 . 2007-10-20 06:14 -------- d-----w- c:\program files\SpywareGuard
2010-02-01 00:59 . 2007-10-20 06:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-30 07:01 . 2009-04-18 01:00 -------- d-----w- c:\program files\AVG
2010-01-27 08:11 . 2007-10-20 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-22 07:14 . 2009-03-14 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-07 22:07 . 2010-02-05 02:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-02-05 02:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2002-09-03 20:03 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2007-10-20 02:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2002-09-03 19:35 17408 ------w- c:\windows\system32\corpol.dll
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\buddy\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-11-21 16:36 . 2002-09-03 19:32 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"nwiz"="nwiz.exe" [2007-09-17 1626112]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-11 198160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\HCW848NT.sys [10/19/2007 10:25 PM 140440]
R3 PSC60x;Philips PCI Audio Driver (WDM);c:\windows\system32\drivers\pscaudio.sys [10/21/2007 1:28 AM 365460]
S2 gupdate1c97e9c79feed18;Google Update Service (gupdate1c97e9c79feed18);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2009 9:24 PM 133104]
S3 rootrepeal2;rootrepeal2;\??\c:\windows\system32\drivers\rootrepeal2.sys --> c:\windows\system32\drivers\rootrepeal2.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-25 03:24]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-25 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ondemand5.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\buddy\Application Data\Mozilla\Firefox\Profiles\zxic7n1h.default\
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\documents and settings\buddy\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npjwp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 19:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvidesm.sys >>UNKNOWN [0x89B348C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a07b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7421ba0
PacketIndicateHandler -> NDIS.sys @ 0xf742eb21
SendHandler -> NDIS.sys @ 0xf740c87b
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-02-08 19:25:41
ComboFix-quarantined-files.txt 2010-02-09 01:25

Pre-Run: 4,095,668,224 bytes free
Post-Run: 4,273,262,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 594B88266DB604E3FD013128D785E9D5


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:23 PM, on 2/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondemand5.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
O23 - Service: Google Update Service (gupdate1c97e9c79feed18) (gupdate1c97e9c79feed18) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5386 bytes

 

[ken545]

Hi,

You can go ahead and delete these
C:\Documents and Settings\buddy\Local Settings\Application Data\wbktgf
C:\Documents and Settings\buddy\Local Settings\Application Data\ilxfsd
c:\documents and settings\buddy\Local Settings\Application Data\bhxcdy

How are things running now ?

 

[buddycraigg]

Something is still going on.
using Firefox 3.0.17

a google search for "obama"
the first link was
www.obamadeception.net
redirected to
www.healthline.com

a google search for "ABC"
the first link was
http://abcnews.go.com/US/story?id=7736489&page=1
redirected to
http://hotjobs.yahoo.com/

a google search for "amazing grace"
the first link was
http://www.amazinggracemovie.com/
redirected to
http://www.addresses.com/yellow-pages/category:Amazing+Grace/location:Kansas+City,MO/listings.html

if I click on the link a second time, it goes to the correct page.

 

[buddycraigg]

and I just went to a car forum that I answer questions on.
and a small firefox window popped with this in the address bar
http://pop.doubleclick.net/popup2.php?r=Vb]ix%23D-~xQRgPqx]T%27%23%23}eg}U}%60Pn%27]Gx%40%23%60gE%60~%23Je~P6E]Pi%23

 

[ken545]

Doubleclick are tracking cookies.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

 

[buddycraigg]

small problem...

I deleted those 3 folders.
Did a bit of surfing on the net.
and there was a bunch of security updates that microsoft forced on me.

and when it restarted, BAM!
BSOD.

pressed the power button.
BSOD again.

 

[ken545]

I am not aware of any windows updates that have caused any issues

Try this

• With computer off press the power button
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Last Known Good
• Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

 

[buddycraigg]

I chose Last Known Good
that got me to the screen to pick recovery console or XP pro.
I chose xp pro.

when I pressed enter, the screen goes blank
and about 3 seconds later, i get the BSOD

 

[ken545]

Your going to have to choose the Recovery Console, don't know what the updates have done to cause this

 

[buddycraigg]

ok,
i'm in a DOS screen at the C:\WINDOWS prompt.

 

[ken545]

Hi,

Do you have your windows CD or recovery CD that came with your computer ?

http://support.microsoft.com/kb/307654

 

[buddycraigg]

yes.
If I'm going to need it i'll have to unplug the D drive and plug in the CDROM