Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirecting, Pop-ups, Anti-virus will not update

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirecting, Pop-ups, Anti-virus will not update

Unread postby BRushie » September 21st, 2009, 7:17 pm

Looking for some help :o

Lately every time i use a Google search and try to click on a link i am redirected to some random site . My Trend Micro Anti-Virus will not update, and i receive the occasional pop-up regardless if a blocker is active or not . I just downloaded HijackThis and this is what i got . This is my first time doing this so bear with me if i come off slightly slow :? lol .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:47 PM, on 9/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\AOL\1236704552\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AOL 9.5\waol.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (file missing)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ExecAfterFirstBoot] C:\WINDOWS\SONYSYS\EFlyer\ExecAfterFirstBoot.exe /fC:\WINDOWS\SONYSYS\Docs\Latest Information.pdf /d4
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236704552\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/Act ... Client.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{865658B2-803F-418A-8B2C-BBDAA51CC5CE}: NameServer = 85.255.112.165,85.255.112.216
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.165,85.255.112.216
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.165,85.255.112.216
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.165,85.255.112.216
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14877 bytes
BRushie
Active Member
 
Posts: 3
Joined: August 31st, 2009, 11:01 pm
Advertisement
Register to Remove

Re: Google Redirecting, Pop-ups, Anti-virus will not update

Unread postby jpshortstuff » September 22nd, 2009, 5:58 pm

Hi,

Please download GooredFix from the locations below and save it to your Desktop
Download Mirror #1
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done two logs should open:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scrolling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from one of the following locations and save it to your desktop.
  2. Open Image on your desktop.
  3. Click the Image tab.
  4. Click the Image button.
  5. In the Select Scan dialog, check
    Image
    1. Push Ok
    2. Check the box for your main system drive (Usually C:), and press Ok.
    3. Allow RootRepeal to run a scan of your system. This may take some time.
    4. Once the scan completes, push the Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Please post this log in your next reply.

    Let me know of any changes to your computer's behaviour.
    User avatar
    jpshortstuff
    WTT Malware Team
    WTT Malware Team
     
    Posts: 973
    Joined: May 1st, 2007, 12:56 pm

    Re: Google Redirecting, Pop-ups, Anti-virus will not update

    Unread postby BRushie » September 24th, 2009, 2:56 pm

    Thank you for the reply . GooredFix Log as requested .

    GooredFix by jpshortstuff (23.09.09.5)
    Log created at 14:38 on 24/09/2009 (owner)
    Firefox version 3.5.3 (en-US)

    ========== GooredScan ==========

    Removing HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{865658B2-803F-418A-8B2C-BBDAA51CC5CE}\\NameServer -> Success!
    Removing HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\\NameServer -> Success!

    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [17:19 23/07/2009]
    {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [22:56 05/09/2009]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}"="C:\Program Files\Media Access Startup\1.5.0.850\FF" [17:01 16/07/2009]
    "{2224E955-00E9-4613-A844-CE69FCCAAE91}"="C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF" [16:37 23/07/2009]
    "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [02:38 08/08/2009]
    "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [22:56 05/09/2009]

    -=E.O.F=-





    DDS as requested .



    DDS (Ver_09-07-30.01) - NTFSx86
    Run by owner at 14:41:11.53 on Thu 09/24/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.421 [GMT -4:00]

    AV: Trend Micro AntiVirus *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\Program Files\Common Files\AOL\1236704552\ee\AOLSoftware.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\ooVoo\oovoo.exe
    C:\WINDOWS\ehome\RMSysTry.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\AIM6\aolsoftware.exe
    svchost.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\owner\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.theprizeday.com/today.php
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = localhost;*.local
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
    uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
    mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.5.0.850\HPIEAddOn.dll
    BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.4.0.4340\NPIEAddOn.dll
    BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
    BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.2.0.750\ssd.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [oovoo.exe] c:\program files\oovoo\oovoo.exe /minimized
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [ExecAfterFirstBoot] c:\windows\sonysys\eflyer\execafterfirstboot.exe /fc:\windows\sonysys\docs\Latest Information.pdf /d4
    mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
    mRun: [<NO NAME>]
    mRun: [HostManager] c:\program files\common files\aol\1236704552\ee\AOLSoftware.exe
    mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
    mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
    mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
    mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
    IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/Act ... Client.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\nlbgqkgd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox ... S:official
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

    ============= SERVICES / DRIVERS ===============

    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-10 50192]
    R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-8-14 36368]
    R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-10 677128]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-28 24652]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

    =============== Created Last 30 ================

    2009-09-21 21:25 <DIR> --d----- c:\program files\ooVoo
    2009-09-21 18:00 <DIR> --d----- c:\docume~1\owner\applic~1\ooVoo Details
    2009-09-10 22:22 <DIR> --d----- c:\program files\iPhone Configuration Utility
    2009-09-10 22:05 <DIR> --d----- c:\program files\iPod
    2009-09-10 22:05 <DIR> --d----- c:\program files\iTunes
    2009-09-10 22:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-10 21:23 351,616 ac------ c:\windows\system32\dllcache\ovcodek2.sys
    2009-09-05 18:56 411,368 a------- c:\windows\system32\deploytk.dll
    2009-09-05 18:56 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
    2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts

    ==================== Find3M ====================

    2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
    2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
    2009-08-12 14:46 717,296 a------- c:\windows\system32\drivers\sptd.sys
    2009-08-09 23:24 30,308 a---h--- c:\windows\system32\mlfcache.dat
    2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
    2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
    2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
    2009-05-19 23:35 614 a------- c:\docume~1\owner\applic~1\wklnhst.dat

    ============= FINISH: 14:41:43.96 ===============


    And RootRepeal Log .


    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2009/09/24 14:50
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP Media Center Edition SP3
    ==================================================

    Drivers
    -------------------
    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xA6B75000 Size: 98304 File Visible: No Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF7AEE000 Size: 8192 File Visible: No Signed: -
    Status: -

    Name: PCI_PNP8042
    Image Path: \Driver\PCI_PNP8042
    Address: 0x00000000 Size: 0 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xA4A5F000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: sptd
    Image Path: \Driver\sptd
    Address: 0x00000000 Size: 0 File Visible: No Signed: -
    Status: -

    Name: spxx.sys
    Image Path: spxx.sys
    Address: 0xF733B000 Size: 1048576 File Visible: No Signed: -
    Status: -

    SSDT
    -------------------
    #: 041 Function Name: NtCreateKey
    Status: Hooked by "<unknown>" at address 0x85f2bcc0

    #: 047 Function Name: NtCreateProcess
    Status: Hooked by "<unknown>" at address 0x85f2b1c0

    #: 048 Function Name: NtCreateProcessEx
    Status: Hooked by "<unknown>" at address 0x85f2b480

    #: 053 Function Name: NtCreateThread
    Status: Hooked by "<unknown>" at address 0x85f2cb20

    #: 063 Function Name: NtDeleteKey
    Status: Hooked by "<unknown>" at address 0x85f2c240

    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "<unknown>" at address 0x85f2c500

    #: 071 Function Name: NtEnumerateKey
    Status: Hooked by "spxx.sys" at address 0xf735aca2

    #: 073 Function Name: NtEnumerateValueKey
    Status: Hooked by "spxx.sys" at address 0xf735b030

    #: 097 Function Name: NtLoadDriver
    Status: Hooked by "<unknown>" at address 0x85f2ccc0

    #: 119 Function Name: NtOpenKey
    Status: Hooked by "spxx.sys" at address 0xf733c0c0

    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "<unknown>" at address 0x85f2b740

    #: 160 Function Name: NtQueryKey
    Status: Hooked by "spxx.sys" at address 0xf735b108

    #: 177 Function Name: NtQueryValueKey
    Status: Hooked by "spxx.sys" at address 0xf735af88

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "<unknown>" at address 0x85f2bf80

    #: 257 Function Name: NtTerminateProcess
    Status: Hooked by "<unknown>" at address 0x85f2ba00

    #: 277 Function Name: NtWriteVirtualMemory
    Status: Hooked by "<unknown>" at address 0x85f2c980

    Hidden Services
    -------------------
    Service Name: ESQULserv.sys
    Image Path: C:\WINDOWS\system32\drivers\ESQULetyabumpbpifxmpfmuiqaordqjntjagk.sys

    ==EOF==


    As for the changes, the Google redirecting issue seems to have stopped, as well as the random pop-ups . However my Trend Micro Anti-virus still cannot update . I await your instructions .

    *EDIT*
    Although it doesn't happen nearly as much, a few times I was still redirected on Google, although they were few and far in-between .
    You do not have the required permissions to view the files attached to this post.
    BRushie
    Active Member
     
    Posts: 3
    Joined: August 31st, 2009, 11:01 pm

    Re: Google Redirecting, Pop-ups, Anti-virus will not update

    Unread postby jpshortstuff » September 24th, 2009, 5:19 pm

    Hi,

    Looks like there is a Rootkit involved. First, click Start >> Control Panel >> Add/Remove Programs and Remove this outdated version of Java (you already have a recent version as well):
    J2SE Runtime Environment 5.0 Update 5

    Next, let's take care of that Rootkit.

    Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.
    Link 1
    Link 2
    Link 3

    Image

    Image

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on Combo-Fix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Image

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Image
    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
    4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please advise.
    5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    User avatar
    jpshortstuff
    WTT Malware Team
    WTT Malware Team
     
    Posts: 973
    Joined: May 1st, 2007, 12:56 pm

    Re: Google Redirecting, Pop-ups, Anti-virus will not update

    Unread postby BRushie » September 27th, 2009, 2:20 pm

    Here is the log .


    ComboFix 09-09-25.01 - owner 09/27/2009 13:08.1.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.565 [GMT -4:00]
    Running from: c:\documents and settings\owner\Desktop\Combo-Fix.exe
    AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\owner\Local Settings\Application Data\DoubleD
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\2154df11395ea0249c4c54961007ff8a.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\362f27667f6d7af7e9d2a6856d6560f6.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\4b6752554c03dd13115a0078de71aa4d.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\default1.dat
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\fb0a3aaf0df9fc6e0a7bc656b80c3973.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading.dat
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading_bg.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading_logo.jpg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Cursor.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_DailyVideo.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Game.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Glitter.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Logo.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Option.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Recipe.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Ringtone.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Screensaver.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Search.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Smiley.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Smiley_Config.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Smiley_TellAFriend.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Wallpaper.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Web.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\nsm.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\pixel.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\ProductInfo.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\profile.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\SearchEngineList.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\tbcore.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\ToolbarLayout.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\UpdateCentre.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\UpdateCentreBk.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\URLDynamic.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\URLStatic.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\About.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Component_ComboBox.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Cursor.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_DailyVideo.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Game.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Glitter.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Logo.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Option.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Recipe.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Ringtone.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Screensaver.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Search.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Smiley.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Wallpaper.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Web.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDefault.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins\myskin1.skf
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins\myskin2.skf
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins\myskin3.skf
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Cache\2154df11395ea0249c4c54961007ff8a.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Cache\362f27667f6d7af7e9d2a6856d6560f6.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Cache\4b6752554c03dd13115a0078de71aa4d.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Cache\default1.dat
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Cache\fb0a3aaf0df9fc6e0a7bc656b80c3973.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Cache\loading.dat
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Cache\loading.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Cache\loading_bg.gif
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Cache\loading_logo.jpg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Cursor.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_DailyVideo.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Game.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Glitter.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Logo.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Option.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Recipe.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Ringtone.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Screensaver.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Search.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Smiley.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Smiley_Config.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Smiley_TellAFriend.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Wallpaper.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\Module_Web.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\nsm.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\pixel.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\ProductInfo.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\profile.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\SearchEngineList.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\tbcore.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\ToolbarLayout.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\UpdateCentre.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\UpdateCentreBk.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\URLDynamic.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Data\URLStatic.mx
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\About.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Component_ComboBox.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Cursor.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_DailyVideo.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Game.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Glitter.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Logo.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Option.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Recipe.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Ringtone.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Screensaver.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Search.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Smiley.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Wallpaper.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\Module_Web.mg
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnDefault.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnDisplay.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnDisplay.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnDisplay18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnDisplay20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnGlitters.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnGlitters.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnGlitters18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnGlitters20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnSmiley.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnSmiley.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnSmiley18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnSmiley20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnTellFd.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnTellFd.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnTellFd18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnTellFd20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnWink.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnWink.png
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnWink18.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Icons\TBBtnWink20.bmp
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Skins\myskin1.skf
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Skins\myskin2.skf
    c:\documents and settings\owner\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\Skins\myskin3.skf
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm100.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm102.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm10D.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm113.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm11B.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm11E.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm124.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm13.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm136.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm150.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm162.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm165.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm1A6.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm1C0.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm23.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm3A.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm3F.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm4F.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm5B.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm6A.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm76.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm77.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm83.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm87.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm89.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm8F.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm99.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm9A.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm9B.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm9D.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tm9E.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tmA0.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tmB0.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tmB1.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tmB7.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tmE.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tmE2.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\_tmF.tmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2154df11395ea0249c4c54961007ff8a.gif
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\362f27667f6d7af7e9d2a6856d6560f6.gif
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\4b6752554c03dd13115a0078de71aa4d.gif
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\fb0a3aaf0df9fc6e0a7bc656b80c3973.gif
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading_bg.gif
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading_logo.jpg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\ISOSetup.exe
    c:\documents and settings\owner\Local Settings\Temporary Internet Files\stb06759.tmp
    c:\program files\Internet Saving Optimizer
    c:\program files\Internet Saving Optimizer\2.2.0.2880\adwpx.exe
    c:\program files\Internet Saving Optimizer\2.2.0.2880\Data\config.md
    c:\program files\Internet Saving Optimizer\2.2.0.2880\NPCommon.dll
    c:\program files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll
    c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.dat
    c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.exe
    c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
    c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
    c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
    c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
    c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
    c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
    c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
    c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
    c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
    c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
    c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
    c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEaddon.dll
    c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
    c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
    c:\program files\Media Access Startup
    c:\program files\Media Access Startup\1.3.0.790\Data\config.md
    c:\program files\Media Access Startup\1.3.0.790\FF\chrome.manifest
    c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js
    c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul
    c:\program files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar
    c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll
    c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt
    c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js
    c:\program files\Media Access Startup\1.3.0.790\FF\install.rdf
    c:\program files\Media Access Startup\1.3.0.790\HPCommon.dll
    c:\program files\Media Access Startup\1.3.0.790\HPIEAddOn.dll
    c:\program files\Media Access Startup\1.3.0.790\hppx.exe
    c:\program files\Media Access Startup\1.3.0.790\MAHelper.exe
    c:\program files\Media Access Startup\1.3.0.790\unins000.dat
    c:\program files\Media Access Startup\1.3.0.790\unins000.exe
    c:\program files\Media Access Startup\1.5.0.850\Data\config.md
    c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
    c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
    c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
    c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
    c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
    c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
    c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
    c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
    c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
    c:\program files\Media Access Startup\1.5.0.850\hppx.exe
    c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
    c:\program files\Media Access Startup\1.5.0.850\unins000.dat
    c:\program files\Media Access Startup\1.5.0.850\unins000.exe
    c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
    c:\recycler\S-1-5-21-101775000-1921279437-1250746718-500
    c:\recycler\S-1-5-21-2479869782-2774869949-588352338-500
    c:\recycler\S-1-5-21-408668197-359428221-1528176614-500
    c:\recycler\S-1-5-21-515967899-1177238915-725345543-500
    c:\windows\Installer\WinRMSrv.msi
    c:\windows\system32\drivers\ESQULetyabumpbpifxmpfmuiqaordqjntjagk.sys
    c:\windows\system32\ESQULrrswruacqvdyibodynmlfdtdgooeoqtw.dll
    c:\windows\system32\ESQULyvtqowuptmovtyuqrkkufqjuypefqftl.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ESQULserv.sys
    -------\Legacy_ESQULserv.sys
    -------\Service_ESQULserv.sys


    ((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
    .

    2009-09-25 12:44 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2009-09-24 19:02 . 2009-09-24 19:02 -------- d-----w- c:\program files\ooVoo
    2009-09-24 18:59 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-09-24 18:49 . 2009-09-24 18:50 15 ----a-w- c:\documents and settings\owner\settings.dat
    2009-09-24 18:47 . 2009-09-24 18:47 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\WinZip
    2009-09-24 18:47 . 2009-09-24 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2009-09-21 22:00 . 2009-09-21 22:00 -------- d-----w- c:\documents and settings\owner\Application Data\ooVoo Details
    2009-09-21 21:47 . 2009-09-21 21:47 -------- d-----w- c:\windows\CtDrvInstall
    2009-09-21 21:47 . 2004-07-29 17:14 91577 ----a-w- c:\windows\system32\drivers\P0620Vid.sys
    2009-09-21 21:47 . 2004-07-13 05:01 20480 ----a-w- c:\windows\P0620Cfg.exe
    2009-09-21 21:47 . 2004-07-13 05:01 126976 ----a-w- c:\windows\system32\P0620Vfw.dll
    2009-09-21 21:47 . 2004-04-06 05:00 40960 ----a-w- c:\windows\system32\P0620Hwx.dll
    2009-09-21 21:47 . 2004-03-23 05:00 32768 ----a-w- c:\windows\system32\P0620Pin.dll
    2009-09-21 21:47 . 2004-03-22 06:09 81920 ----a-w- c:\windows\CtDrvIns.exe
    2009-09-21 21:47 . 2004-03-08 05:00 20480 ----a-w- c:\windows\system32\P0620Srv.exe
    2009-09-21 21:47 . 2004-01-18 22:03 69632 ----a-w- c:\windows\system32\p0620sti.dll
    2009-09-21 21:47 . 2003-10-03 05:05 65536 ----a-w- c:\windows\system32\CtCamMgr.dll
    2009-09-21 21:47 . 2009-09-21 21:47 -------- d-----w- C:\WCamInst
    2009-09-11 02:22 . 2009-09-11 02:22 -------- d-----w- c:\program files\iPhone Configuration Utility
    2009-09-11 02:05 . 2009-09-11 02:05 -------- d-----w- c:\program files\iPod
    2009-09-11 02:05 . 2009-09-11 02:06 -------- d-----w- c:\program files\iTunes
    2009-09-11 02:05 . 2009-09-11 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-10 23:12 . 2009-09-10 23:12 -------- d-----w- c:\documents and settings\owner\Application Data\dvdcss
    2009-09-05 22:56 . 2009-09-05 22:56 411368 ----a-w- c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-27 16:27 . 2005-11-16 22:24 -------- d-----w- c:\program files\Java
    2009-09-24 19:02 . 2005-11-16 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-09-21 22:54 . 2009-03-10 16:47 -------- d-----w- c:\program files\Trend Micro
    2009-09-20 20:24 . 2009-05-28 22:33 -------- d-----w- c:\documents and settings\owner\Application Data\U3
    2009-09-13 21:50 . 2009-03-11 03:03 -------- d-----w- c:\documents and settings\owner\Application Data\Apple Computer
    2009-09-11 02:20 . 2009-03-17 18:36 -------- d-----w- c:\program files\Safari
    2009-09-11 02:05 . 2009-03-11 03:00 -------- d-----w- c:\program files\Common Files\Apple
    2009-09-11 02:03 . 2009-03-11 03:01 -------- d-----w- c:\program files\QuickTime
    2009-09-05 18:06 . 2005-11-19 03:02 -------- d-----w- c:\program files\Google
    2009-08-28 23:42 . 2009-03-17 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-08-28 23:42 . 2009-03-11 03:01 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-08-25 20:57 . 2009-07-19 20:39 -------- d-----w- c:\program files\PeerGuardian2
    2009-08-14 16:04 . 2009-03-29 01:23 -------- d-----w- c:\program files\AIM6
    2009-08-14 16:03 . 2009-03-11 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
    2009-08-12 18:46 . 2009-08-12 18:46 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-08-10 03:24 . 2009-03-19 02:02 30308 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-08-08 16:09 . 2005-11-16 23:31 36472 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-08 02:37 . 2009-08-08 02:37 -------- d-----w- c:\program files\MSBuild
    2009-08-08 02:37 . 2009-08-08 02:37 -------- d-----w- c:\program files\Reference Assemblies
    2009-08-05 09:01 . 2005-11-16 02:06 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-02 22:48 . 2009-05-02 03:48 -------- d-----w- c:\documents and settings\owner\Application Data\Canon
    2009-07-17 19:01 . 2005-11-16 02:06 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 03:43 . 2005-11-16 02:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 6856704]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-09-02 17385144]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "ExecAfterFirstBoot"="c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe" [2005-03-16 204800]
    "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
    "HostManager"="c:\program files\Common Files\AOL\1236704552\ee\AOLSoftware.exe" [2008-11-06 41264]
    "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
    "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-05 149280]
    "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]

    c:\documents and settings\owner\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-4-9 598150]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2002-3-13 16384]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-19 525640]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1236704552\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\AOL 9.5\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1236704552\\ee\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\ooVoo\\ooVoo.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3776:UDP"= 3776:UDP:Media Center Extender Service
    "3390:TCP"= 3390:TCP:Remote Media Center Experience
    "443:TCP"= 443:TCP:ooVoo TCP port 443
    "443:UDP"= 443:UDP:ooVoo UDP port 443
    "37674:TCP"= 37674:TCP:ooVoo TCP port 37674
    "37674:UDP"= 37674:UDP:ooVoo UDP port 37674
    "37675:UDP"= 37675:UDP:ooVoo UDP port 37675

    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/10/2009 10:52 PM 50192]
    R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/14/2008 10:23 AM 36368]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2009 9:29 PM 24652]
    S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/10/2009 10:53 PM 677128]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    QWAVE REG_MULTI_SZ QWAVE
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{FBC52612-5327-4383-BDFB-F1BE46185D57}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.theprizeday.com/today.php
    uInternet Settings,ProxyOverride = localhost;*.local
    IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\nlbgqkgd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox ... S:official
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
    AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-27 13:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(4512)
    c:\windows\system32\WININET.dll
    c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Bonjour\mdnsNSP.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\AOL\acs\AOLacsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    c:\windows\ehome\RMSvc.exe
    c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
    c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    c:\program files\AIM6\aolsoftware.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\McrdSvc.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
    c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\msiexec.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE
    c:\program files\Trend Micro\BM\TMBMSRV.exe
    c:\windows\system32\notepad.exe
    .
    **************************************************************************
    .
    Completion time: 2009-09-27 13:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-09-27 17:44

    Pre-Run: 105,893,715,968 bytes free
    Post-Run: 111,793,213,440 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    570 --- E O F --- 2009-09-27 16:23
    BRushie
    Active Member
     
    Posts: 3
    Joined: August 31st, 2009, 11:01 pm

    Re: Google Redirecting, Pop-ups, Anti-virus will not update

    Unread postby jpshortstuff » September 28th, 2009, 6:34 am

    That looks pretty good, how's it running now?

    OK, let's get a second opinion on the machine by running a thorough general scan of your system. The following tool is an excellent Anti-Malware program, that would be well worth keeping after we've finished here.

    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Post that log back here.
    User avatar
    jpshortstuff
    WTT Malware Team
    WTT Malware Team
     
    Posts: 973
    Joined: May 1st, 2007, 12:56 pm

    Re: Google Redirecting, Pop-ups, Anti-virus will not update

    Unread postby NonSuch » October 3rd, 2009, 12:49 am

    Due to a lack of response, this topic is now closed.

    If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
    User avatar
    NonSuch
    Administrator
    Administrator
     
    Posts: 27302
    Joined: February 23rd, 2005, 7:08 am
    Location: California
    Advertisement
    Register to Remove


    • Similar Topics
      Replies
      Views
      Last post

    Return to Infected? Virus, malware, adware, ransomware, oh my!



    Who is online

    Users browsing this forum: No registered users and 31 guests

    Contact us:

    Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

    Member site: UNITE Against Malware