Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected in search engine

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirected in search engine

Unread postby barryndiane » March 9th, 2010, 10:37 am

Hello! I just did a lot of googling. It was good for about 3-4 links and then it started redirecting. It first went to tanzaniago.info and then switched to different ones. I clicked a few times with it doing this and then it started actually working and going to the right sites. Then after a few clicks it started redirecting again.

Sorry this is taking so long. I know you are busy. The computer is working faster then it has in a long time. I appreciate your help.
barryndiane
Regular Member
 
Posts: 33
Joined: February 24th, 2010, 6:04 pm
Advertisement
Register to Remove

Re: Redirected in search engine

Unread postby Cypher » March 9th, 2010, 12:26 pm

Hi Diane.
Please try this then let me know if your searches are still being redirected.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    FCopy::
    C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.



Logs/Information to Post in your Next Reply

  • ComboFix log
  • Are your searches still being redirected?.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected in search engine

Unread postby barryndiane » March 9th, 2010, 2:38 pm

ran combo fix screen is stuck on preparing log report
barryndiane
Regular Member
 
Posts: 33
Joined: February 24th, 2010, 6:04 pm

Re: Redirected in search engine

Unread postby Cypher » March 9th, 2010, 3:02 pm

Hi Diane.
Did it finish creating the log? go to C:\ComboFix.txt if it finished the log will be there.
If not stop Combofix and run it again with the previous instructions, Be sure to disable AVG first
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected in search engine

Unread postby barryndiane » March 9th, 2010, 5:33 pm

hi. the screen was just stuck. I had my husband message you from work because I was afraid to do anything. I ended up having to reboot the computer to be able to do anything. But I did find this log so I guess it completed it.

Yeah still being redirected.




ComboFix 10-03-08.02 - Owner 03/09/2010 11:41:31.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.607.330 [GMT -6:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Personal Firewall *disabled* {E641AC2D-955F-4A05-ABE7-F9C534ABDB46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

C:\WINDOWS\ServicePackFiles\i386\atapi.sys --> C:\Windows\System32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-09 13:50:04 . 2010-03-09 13:50:10 100908 ----a-w- C:\SystemLook.exe
2010-03-09 13:46:16 . 2010-03-09 13:46:16 -------- d-----w- C:\SysProt
2010-03-09 13:45:38 . 2010-03-09 13:45:39 354396 ----a-w- C:\SysProt.zip
2010-03-08 01:21:33 . 2010-03-09 17:32:55 3883629 ----a-r- C:\ComboFix.exe
2010-03-07 18:24:19 . 2010-03-07 18:24:19 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-03-07 18:24:15 . 2010-01-07 22:07:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-03-07 18:24:13 . 2010-03-07 18:24:18 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-07 18:24:13 . 2010-03-07 18:24:13 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-07 18:24:13 . 2010-01-07 22:07:04 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-03-07 18:23:20 . 2010-03-07 18:23:34 5115832 ----a-w- C:\mbam-setup.exe
2010-03-06 21:08:57 . 2010-03-06 21:08:59 -------- d-----w- C:\tdsskiller
2010-03-06 21:07:01 . 2010-03-06 21:07:02 154657 ----a-w- C:\tdsskiller.zip
2010-03-06 19:41:59 . 2010-03-06 19:43:17 -------- d-----w- C:\Program Files\ERUNT
2010-03-05 20:09:37 . 2010-03-05 20:10:18 1137360 ----a-w- C:\fsbl.exe
2010-03-02 21:38:48 . 2010-03-02 21:40:48 -------- d-----w- C:\rsit
2010-02-24 21:47:08 . 2010-02-24 21:47:08 -------- d-----w- C:\Program Files\Trend Micro
2010-02-23 22:48:27 . 2010-02-23 22:48:27 44784 ----a-w- C:\Documents and Settings\barryndiane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-23 22:44:20 . 2010-02-23 22:44:20 -------- d-sh--w- C:\Documents and Settings\barryndiane\IECompatCache
2010-02-23 22:43:58 . 2010-02-23 22:43:58 -------- d-sh--w- C:\Documents and Settings\barryndiane\PrivacIE
2010-02-15 22:46:31 . 2003-11-24 21:20:58 0 ---ha-w- C:\Documents and Settings\Guest\hpothb07.dat
2010-02-15 19:31:23 . 2009-11-25 19:01:54 1230080 ----a-w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-15 19:07:16 . 2010-02-15 19:11:41 -------- d-----w- C:\$AVG
2010-02-15 19:06:51 . 2010-02-15 19:06:51 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2010-02-15 19:06:48 . 2010-02-15 19:06:49 360584 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-02-15 19:06:36 . 2010-02-15 19:06:37 333192 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-02-15 19:06:33 . 2010-02-15 19:06:33 28424 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-02-15 19:06:07 . 2010-03-09 15:10:52 -------- d-----w- C:\WINDOWS\system32\drivers\Avg
2010-02-15 19:06:04 . 2010-02-15 19:31:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-02-15 19:05:34 . 2010-02-15 19:05:35 -------- d-----w- C:\Program Files\AVG
2010-02-15 19:05:26 . 2010-02-15 19:05:34 -------- d-----w- C:\Documents and Settings\All Users\Application Data\avg9
2010-02-14 02:40:41 . 2010-02-15 18:25:46 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-14 02:40:30 . 2010-02-14 02:40:30 -------- d-----w- C:\Program Files\Hard Disk Tune-Up
2010-02-14 00:44:51 . 2010-02-14 02:40:30 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Sammsoft
2010-02-14 00:44:41 . 2010-02-14 00:45:36 -------- d-----w- C:\Program Files\MemTurbo 4
2010-02-14 00:44:37 . 2010-02-14 01:46:46 -------- d-----w- C:\Program Files\Advanced Registry Optimizer
2010-02-13 23:57:13 . 2010-02-13 23:57:35 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-02-13 01:41:16 . 2010-02-13 01:41:16 -------- d-----w- C:\WINDOWS\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 17:52:59 . 2003-04-10 10:53:50 -------- d-----w- C:\Program Files\WildTangent
2010-02-23 23:33:51 . 2003-11-25 00:14:08 984 -c--a-w- C:\Documents and Settings\Owner\Application Data\Motive\Acme\plugin\maps\mmap.bat
2010-02-23 23:33:51 . 2003-11-25 00:14:08 413696 -c--a-w- C:\Documents and Settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motkt.dll
2010-02-23 23:33:50 . 2003-11-25 00:14:07 311296 -c--a-w- C:\Documents and Settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motivede.dll
2010-02-23 22:19:30 . 2009-11-19 02:27:23 -------- d-----w- C:\Program Files\McAfee Security Scan
2010-02-15 18:23:47 . 2003-08-25 15:01:46 44784 -c--a-w- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 18:23:18 . 2003-04-10 10:50:40 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-02-14 00:01:52 . 2003-04-10 10:50:48 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2010-01-08 18:08:44 . 2009-11-30 14:05:29 -------- d-----w- C:\Program Files\Microsoft Silverlight
2009-12-16 18:19:18 . 2009-12-16 18:19:18 21035 ----a-w- C:\WINDOWS\system32\drivers\AegisP.sys
2005-07-09 22:22:04 . 2005-07-09 22:22:15 774144 -c--a-w- C:\Program Files\RngInterstitial.dll
2003-09-08 13:47:55 . 2003-09-08 13:47:55 32 -csha-w- C:\WINDOWS\{A217E0A5-7FF5-46B6-914D-92B83D14BDDA}.dat
2005-01-08 09:00:42 . 2005-01-08 09:00:42 56 -csh--r- C:\WINDOWS\system32\C70B12D71A.sys
2005-01-08 09:00:42 . 2005-01-08 09:00:42 1682 -csha-w- C:\WINDOWS\system32\KGyGaAvL.sys
2003-09-08 13:47:55 . 2003-09-08 13:47:55 32 -csha-w- C:\WINDOWS\system32\{CD0490BD-D74F-4446-82D9-0E27308FDBD8}.dat
.
barryndiane
Regular Member
 
Posts: 33
Joined: February 24th, 2010, 6:04 pm

Re: Redirected in search engine

Unread postby Cypher » March 10th, 2010, 5:39 am

Hi Diane.
A couple of questions.
1. That ComboFix log is incomplete is that all there was of it?
2. Do you use a Router?


Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under the Custom Scan box paste this in, Do not include the word Code:.
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    disk.sys
    CLASSPNP.SYS
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of the OTL.txt and Extras.txt logs in your next reply.


Logs/Information to Post in your Next Reply

  • OTL.txt and Extras.txt logs
  • Please answer my two questions.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected in search engine

Unread postby barryndiane » March 10th, 2010, 8:55 am

Yes that was all of the log. It must not have finished it before it locked up. Should I run it again? Yes we are plugged into a wireless g router.

I just tried to run the otl. An error code came up: "Access Violation at address 00402903 in module 'OTL.exe' . Read of address 001EC000." It is now stuck on the screen it says Creating restore point do not interrupt. I have not closed it just switched back to this screen.
barryndiane
Regular Member
 
Posts: 33
Joined: February 24th, 2010, 6:04 pm

Re: Redirected in search engine

Unread postby Cypher » March 10th, 2010, 11:41 am

Hi Diane.
Just cancel the OTL scan then run it again with the same instructions.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected in search engine

Unread postby barryndiane » March 10th, 2010, 12:00 pm

here's the otl scan logs. Computer still redirecting.

OTL Extras logfile created on: 3/10/2010 9:45:59 AM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = C:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

607.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 35.00% Memory free
743.00 Mb Paging File | 308.00 Mb Available in Paging File | 41.00% Paging File free
Paging file location(s): C:\pagefile.sys 168 336 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.01 Gb Total Space | 25.22 Gb Free Space | 76.40% Space Free | Partition Type: NTFS
Drive D: | 4.24 Gb Total Space | 0.69 Gb Free Space | 16.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARRY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576 -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 2.0 - Photosmart Printer Series
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15BFECE8-A100-4861-B92B-1EFF76683C23}" = Norton Personal Firewall
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{47808F78-F178-49DC-B708-15FE538B16FF}" = iTunes
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
"{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro Trial
"{809987B2-F964-11D4-A1A5-00104BD190B1}" = QuickBooks Pro 2002
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}" = EPSON Photo Print
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B8BC806D-0703-11D4-BB23-006008676AF8}" = Sony Ericsson Communications Suite
"{BB9CC6C0-3D35-45BB-B69A-793D95A343F5}" = PromptCast
"{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = MemTurbo 4
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"9A8CE71F-71D5-4555-B355-85481DC99B80" = Excavation from Compaq (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"AIMToolbar" = AIM Toolbar
"AOL Instant Messenger" = AOL Instant Messenger
"AVG9Uninstall" = AVG Free 9.0
"BackWeb-1940576 Uninstaller" = Compaq Connections
"Belarc Advisor 2.0" = Belarc Advisor 6.0
"CCleaner" = CCleaner
"Cyber-Detective 9.0_is1" = Cyber-Detective 9.0
"Drempels" = Drempels (remove only)
"ERUNT_is1" = ERUNT 1.1j
"FMS" = FMS
"Hard Disk Tune-Up_is1" = Hard Disk Tune-Up 1.0
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up
"InstallShield_{47808F78-F178-49DC-B708-15FE538B16FF}" = iTunes
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Instant Support" = Instant Support
"KeynoteConnector" = Keynote Connector
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSN Music Assistant" = MSN Music Assistant
"MSNMS" = MSN Internet Software
"MWASPI" = MicroStaff WINASPI
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"QWhaleClockScreenSaver" = Clock Screen Saver
"RealPlayer 6.0" = RealPlayer
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Silent Package Run-Time Sample" = EPSON PERF 1670 Guide
"SpamSubtract" = SpamSubtract
"Tranquil - Waterfalls" = Tranquil - Waterfalls Screen Saver
"Uninstall Presto! BizCard 4.1 Eng" = Presto! BizCard 4.1 Eng
"Version 1.1" = Version 1.1
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Web Controls_is1" = Support.com Web Controls
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"Yahoo! Companion" = Yahoo! Companion

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TMPwpCli" = T-Mobile Secure Mail Connector

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2010 9:53:12 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (5432) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 3/4/2010 9:53:12 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (5432) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 3/4/2010 9:56:20 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (188) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 3/4/2010 9:56:20 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (188) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 3/4/2010 9:56:33 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (188) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 3/4/2010 9:56:33 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (188) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 3/4/2010 9:59:39 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (4768) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 3/4/2010 9:59:39 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (4768) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 3/4/2010 9:59:51 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (4768) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 3/4/2010 9:59:51 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (4768) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 3/7/2010 8:36:38 PM | Computer Name = BARRY | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/7/2010 8:39:42 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS2K Imapi

Error - 3/7/2010 9:24:23 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7034
Description = The Softex OmniPass Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/7/2010 9:27:43 PM | Computer Name = BARRY | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/7/2010 9:30:42 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS2K Imapi

Error - 3/7/2010 9:31:34 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7034
Description = The Softex OmniPass Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/9/2010 1:37:36 PM | Computer Name = BARRY | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/9/2010 1:40:26 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS2K Imapi

Error - 3/9/2010 1:41:22 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7034
Description = The Softex OmniPass Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/9/2010 5:20:21 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS2K Imapi


< End of report >


OTL logfile created on: 3/10/2010 9:45:57 AM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = C:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

607.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 35.00% Memory free
743.00 Mb Paging File | 308.00 Mb Available in Paging File | 41.00% Paging File free
Paging file location(s): C:\pagefile.sys 168 336 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.01 Gb Total Space | 25.22 Gb Free Space | 76.40% Space Free | Partition Type: NTFS
Drive D: | 4.24 Gb Total Space | 0.69 Gb Free Space | 16.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARRY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/10 09:45:26 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2010/02/15 13:05:53 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/15 13:05:50 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/15 13:05:48 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/15 13:05:48 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/15 13:05:38 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/15 13:05:36 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/25 15:01:30 | 000,441,344 | ---- | M] (Sammsoft) -- C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe
PRC - [2008/12/11 15:38:04 | 002,322,432 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 01:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/04 15:43:44 | 000,221,184 | ---- | M] (NOPWORLD) -- C:\Program Files\PromptCast\PromptCast.exe
PRC - [2003/10/06 15:19:10 | 000,081,920 | ---- | M] (TeamOn Systems, Inc. ) -- C:\Program Files\TMobile\PwpUpdtr.exe
PRC - [2003/04/10 05:08:25 | 000,016,384 | ---- | M] () -- C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
PRC - [2003/03/21 17:52:06 | 000,552,960 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
PRC - [2003/03/03 14:06:36 | 000,140,536 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\NISUM.EXE
PRC - [2003/03/03 14:05:18 | 000,034,040 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\CCPXYSVC.EXE
PRC - [2003/02/21 05:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 04:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2002/11/14 00:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2002/10/16 21:20:20 | 000,073,728 | ---- | M] () -- C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
PRC - [2002/06/20 11:21:32 | 000,024,651 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2010/03/10 09:45:26 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2004/08/04 01:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/04/10 05:08:25 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\temp\IadHide4.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 13:05:38 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/15 13:05:36 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/25 15:01:30 | 000,441,344 | ---- | M] (Sammsoft) [Auto | Running] -- C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe -- (Hard Disk Tune-Up)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2003/12/02 16:11:14 | 000,099,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003/03/03 14:06:36 | 000,140,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\NISUM.EXE -- (NISUM)
SRV - [2003/03/03 14:05:18 | 000,034,040 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe -- (ccPxySvc)
SRV - [2003/02/21 05:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
SRV - [2002/11/22 13:49:22 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2002/11/14 00:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost


[2010/03/06 14:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/06 14:17:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O4 - HKCU..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe (NOPWORLD)
O4 - HKCU..\Run: [TeamOnPwpUpdater-TMPwpCli] C:\Program Files\TMobile\PwpUpdtr.exe (TeamOn Systems, Inc. )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Drempels Desktop.lnk = C:\WINDOWS\drempels.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe (SammSoft (www.sammsoft.com))
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://usercenter.cox.net/rsuite/sdccom ... gctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {50D05FAC-D462-4795-8818-738FCF776FBC} https://myemail.t-mobile.com/html/web/c ... Client.cab (TMobile PwpClient DwnLdr Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 3950072293 (MUWebControl Class)
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} http://xms.keynote.com/applications/con ... uncher.cab (Keynote Connector Launcher)
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} http://www.surveys.com/promptcast/Insta ... 0SETUP.cab (Reg Error: Key error.)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Me ... b31267.cab (MessengerStatsClient Class)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB (BinAg1 Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 5300231481 (Reg Error: Key error.)
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} http://www.pulse3d.com/players/english/ ... 2AxWin.cab (Pulse V5 ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/binFramework/v10/ZI ... b34246.cab (ZoneIntro Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/04/25 19:54:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/10 06:41:29 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010/03/09 11:47:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/09 11:33:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/09 07:46:16 | 000,000,000 | ---D | C] -- C:\SysProt
[2010/03/07 12:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/03/07 12:24:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/07 12:24:13 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/07 12:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/07 12:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/07 12:23:20 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/03/06 15:18:34 | 000,177,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/03/06 15:08:57 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2010/03/06 13:55:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/06 13:55:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/06 13:55:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/06 13:55:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/06 13:54:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 13:43:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/06 13:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/05 14:09:37 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\fsbl.exe
[2010/03/02 15:38:48 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/02 14:01:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/02/24 15:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/15 12:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/15 12:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/15 12:52:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/15 12:52:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/07/09 16:22:15 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/02/20 15:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2005/02/20 15:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/10 09:45:26 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/03/10 09:05:04 | 056,963,630 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/10 08:04:12 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/03/09 16:46:10 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\barryndiane ebay (2).url
[2010/03/09 15:21:25 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/03/09 15:20:33 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2010/03/09 15:19:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 15:19:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 15:19:33 | 637,063,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/09 11:47:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/09 11:35:35 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/09 11:35:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/09 11:32:55 | 003,883,629 | R--- | M] () -- C:\ComboFix.exe
[2010/03/09 07:50:10 | 000,100,908 | ---- | M] () -- C:\SystemLook.exe
[2010/03/09 07:45:39 | 000,354,396 | ---- | M] () -- C:\SysProt.zip
[2010/03/08 17:41:00 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google.url
[2010/03/08 07:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/03/07 12:24:17 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/07 12:23:34 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/03/06 15:10:38 | 000,177,928 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/03/06 15:07:02 | 000,154,657 | ---- | M] () -- C:\tdsskiller.zip
[2010/03/06 14:17:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/06 13:43:09 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/03/06 13:43:07 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/03/06 12:28:11 | 000,000,562 | ---- | M] () -- C:\hpfr5550.xml
[2010/03/06 11:18:30 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\barryndiane ebay.url
[2010/03/05 14:31:19 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MalWare Removal • View topic - Redirected in search engine.url
[2010/03/05 14:10:18 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\fsbl.exe
[2010/03/02 16:09:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\gmer.exe
[2010/03/02 15:38:30 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\RSIT.exe
[2010/02/26 12:23:42 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/26 11:43:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/24 15:47:12 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/09 07:50:04 | 000,100,908 | ---- | C] () -- C:\SystemLook.exe
[2010/03/09 07:45:38 | 000,354,396 | ---- | C] () -- C:\SysProt.zip
[2010/03/07 19:21:33 | 003,883,629 | R--- | C] () -- C:\ComboFix.exe
[2010/03/07 12:24:17 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/06 15:07:01 | 000,154,657 | ---- | C] () -- C:\tdsskiller.zip
[2010/03/06 13:55:02 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/06 13:55:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/06 13:55:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/06 13:55:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/06 13:55:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 13:43:07 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/03/06 13:43:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/03/05 14:31:19 | 000,000,333 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MalWare Removal • View topic - Redirected in search engine.url
[2010/03/02 16:09:43 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\gmer.exe
[2010/03/02 15:38:14 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\RSIT.exe
[2010/02/24 15:47:12 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2005/04/18 15:42:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2005/04/18 15:42:34 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2005/02/12 15:59:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/01/08 03:00:42 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/08 03:00:42 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C70B12D71A.sys
[2004/10/26 16:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/02 17:52:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\KBPiano.ini
[2004/06/04 00:38:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\piclock.INI
[2003/11/26 08:27:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/11/25 08:08:57 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2003/11/24 04:28:26 | 000,000,242 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/11/17 20:32:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\hpothb07.tif
[2003/11/17 20:32:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\hpothb07.dat
[2003/11/17 20:21:26 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hpothb07.tif
[2003/11/17 20:21:26 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hpothb07.dat
[2003/11/17 19:33:24 | 000,000,423 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hpothb07.dat
[2003/11/17 19:33:23 | 000,000,539 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hpothb07.tif
[2003/11/07 13:21:39 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/10/24 19:52:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2003/10/09 17:52:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2003/08/27 20:38:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/08/27 20:18:16 | 000,098,304 | R--- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2003/08/27 20:09:00 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2003/08/27 20:09:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2003/08/27 20:06:38 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2003/08/27 20:06:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2003/08/27 20:04:11 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670.ini
[2003/08/23 23:29:46 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2003/08/23 22:52:54 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/08/23 22:52:54 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/08/19 11:01:32 | 000,001,648 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/04/25 19:11:33 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/10 05:33:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/10 05:33:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 05:10:20 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 05:08:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 05:08:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 05:07:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 05:00:09 | 000,000,535 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/10 04:59:52 | 000,000,808 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 04:53:45 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 04:36:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/10 04:16:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/10 04:06:11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 04:06:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 04:05:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 03:53:32 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 03:37:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 01:08:18 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 01:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/03/19 17:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/22 13:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/05/24 09:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 09:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

========== LOP Check ==========

[2010/02/15 13:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/15 13:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2004/12/31 22:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.0.0602
[2005/07/23 12:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/04/12 15:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/02/15 12:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/18 17:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/03/04 21:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2004/08/31 14:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2003/04/10 04:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2003/04/10 04:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2005/04/22 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Keynote Systems
[2003/08/27 20:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/02/13 20:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sammsoft
[2003/04/10 05:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2003/10/15 19:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smart Panel
[2006/02/28 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2003/11/26 13:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/03/08 07:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/03/09 11:32:55 | 003,883,629 | R--- | M] () -- C:\ComboFix.exe
[2010/03/05 14:10:18 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\fsbl.exe
[2010/03/07 12:23:34 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/03/10 09:45:26 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/03/09 07:50:10 | 000,100,908 | ---- | M] () -- C:\SystemLook.exe


< MD5 for: AGP440.SYS >
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 21:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 06:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/10/24 16:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CLASSPNP.SYS >
[2002/08/29 06:00:00 | 000,046,336 | ---- | M] (Microsoft Corporation) MD5=4E86B33AFF1A6AF46889CBCF90F0C8F0 -- C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
[2004/08/04 00:14:26 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
[2004/08/04 00:14:26 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\system32\dllcache\classpnp.sys
[2004/08/04 00:14:26 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\system32\drivers\classpnp.sys

< MD5 for: DISK.SYS >
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:disk.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:disk.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 23:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/03 23:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\dllcache\disk.sys
[2004/08/03 23:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2002/08/29 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/29 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2002/08/29 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002/08/29 06:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/04/09 20:40:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/09 15:18:13 | 016,777,216 | -HS- | M] () -- C:\WINDOWS\system32\config\ru8knnrb.sav
[2003/04/09 20:40:23 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/04/09 20:40:23 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A26DAA
< End of report >
barryndiane
Regular Member
 
Posts: 33
Joined: February 24th, 2010, 6:04 pm

Re: Redirected in search engine

Unread postby Cypher » March 10th, 2010, 1:07 pm

Hi Diane.
Thanks for sticking in here your doing great, lets try this.

Download HAMeb_check.exe and save it to your desktop.
Double-click on HAMeb_check.exe to run it.
Please Post the contents of the resulting log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected in search engine

Unread postby barryndiane » March 10th, 2010, 2:39 pm

C:\HAMeb_check.exe
Wed 03/10/2010 at 12:38:43.76

Full Name Remote Desktop Help Assistant Account
Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in List

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF8AD9C51]<<
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~
barryndiane
Regular Member
 
Posts: 33
Joined: February 24th, 2010, 6:04 pm

Re: Redirected in search engine

Unread postby Cypher » March 11th, 2010, 7:06 am

Hi Diane.
You didn't answer my question about the router do you use one?

Download HostsXpert and unzip it to your computer, somewhere where you can find it.

Next.

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    
    :Files
    C:\WINDOWS\system32\config\ru8knnrb.sav
    C:\WINDOWS\system32\drivers\etc\hosts
    
    [EmptyTemp]
    [Start Explorer]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • Double click on HostsXpert.exe to launch the programme.
  • When prompted with:
    HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
  • Select OK.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

Next.

Re-run OTL
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, Please post the contents of
    • OTL.txt <-- Will be opened

Logs/Information to Post in your Next Reply

  • OTL report.
  • OTL.Txt log.
  • Let me know if you use a router.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected in search engine

Unread postby barryndiane » March 11th, 2010, 8:49 am

Morning

I answered you a few post back. We are plugged into a wireless g Router.

I just ran the otl fix, but now the computer won't reboot. I am on the laptop.

It says lsass.exe- system error The endpoint format is invalid
barryndiane
Regular Member
 
Posts: 33
Joined: February 24th, 2010, 6:04 pm

Re: Redirected in search engine

Unread postby Cypher » March 11th, 2010, 12:15 pm

Hi Diane.
I suspect that the malware that is on-board may have caused this.

Please try this and let me know if your PC boots up.
If your PC is still on turn it off by holding down the power button.

Next.

Last Known Good Configuration

  • Turn the computer on, and begin tapping the F8 key (if this doesn't work try the F5 key).
  • When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected in search engine

Unread postby barryndiane » March 11th, 2010, 12:50 pm

ok i did that and then it asked to go to windows xp or recovery. I picked xp and the error came up again. Do i try something with recovery?
barryndiane
Regular Member
 
Posts: 33
Joined: February 24th, 2010, 6:04 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware