I got the XP Security Tool Trojan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

xico

Thread Starter
Joined
Jun 29, 2002
Messages
29,787
I'm running XP, and it's doing the same thing to Google--and even to Techguy's website as Karl's XP trojan. It won't let me post to Techguy. I ran DDS, but couldn't open exeHelper. Should I try to post the DDS log?

Can I email the log to one of my other computers without infecting them? And then send it to Techguy?

Thanks,

xico
 

xico

Thread Starter
Joined
Jun 29, 2002
Messages
29,787
Well, I thought I'd post the DDS anyway.

DDS (Ver_10-03-17.01) - NTFSx86
Run by xico at 14:29:06.56 on Tue 04/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3549.1794 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Tenable\Nessus\nessus-service.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nsuvea.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Documents and Settings\xico\Local Settings\Application Data\ave.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Documents and Settings\xico\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\DOCUME~1\JOHNJO~1\LOCALS~1\Temp\Nbp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xico\Desktop\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - c:\program files\mininova\tbMin1.dll
uURLSearchHooks: greatbar23dec2009 Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe1.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Cleeki IEPlug: {6de552ae-4229-4ed9-b595-77305c8f1d0a} - c:\program files\cleeki\ieagent\CleekiIEAgent.dll
BHO: greatbar23dec2009 Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe1.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - c:\program files\mininova\tbMin1.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Zaazu: {3e7609ca-feae-4204-88ae-68eeb7b077a3} - blank
TB: {bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} - No File
TB: {2c804246-e103-4d8c-a512-1e6ffbdb2e7f} - No File
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - No File
TB: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - c:\program files\mininova\tbMin1.dll
TB: greatbar23dec2009 Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [TClockEx] c:\documents and settings\john joerg\desktop\progrms\tclockex\TCLOCKEX.EXE
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [cdloader] "c:\documents and settings\john joerg\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [YVIBBBHA8C] c:\docume~1\johnjo~1\locals~1\temp\Nbp.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf converter 5\RegistryController.exe
mRun: [Nuance PDF Converter 5-reminder] "c:\program files\nuance\pdf converter 5\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf converter 5\ereg\Ereg.ini"
mRun: [net] "c:\windows\system32\net.net"
mRun: [ewrgetuj] c:\docume~1\johnjo~1\locals~1\temp\geurge.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocket software\rockettime\RocketTime.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\trendnet tew-421pc_tew-423pi\WlanCU.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download All Links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Open with Nuance PDF Converter 5.0 - c:\program files\nuance\pdf converter 5\cnvres_eng.dll /100
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\idmmbc.dll
DPF: Microsoft XML Parser for Java
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178352440514
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
TCP: NameServer = 93.188.164.97,93.188.166.142
TCP: {03CF1EB5-EEB4-4E9C-9C20-F5780D2061B4} = 93.188.164.97,93.188.166.142
TCP: {662EF50C-179A-4EFA-828C-D5C69CC92D2E} = 93.188.164.97,93.188.166.142
TCP: {EA805DA4-EF99-4005-A492-14F0EB5B2FF0} = 93.188.164.97,93.188.166.142
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: AVG Anti-Spyware 7.5: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - CShellExecuteHookImpl Object
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\syste scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnjo~1\applic~1\mozilla\firefox\profiles\uj7z80ih.john\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\john joerg\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\john joerg\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\john joerg\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\john joerg\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\opera 10.50 pre-alpha\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10.50 pre-alpha\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-8-7 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-9 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-5-5 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-9 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 66632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-14 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 freenet;Freenet background service;c:\program files\freenet\bin\wrapper-windows-x86-32.exe [2009-9-5 241664]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2008-5-10 7424]
R2 sbbotdi;sbbotdi;c:\progra~1\speedb~1\sbbotdi.sys [2007-4-29 35712]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-8-11 46824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-5 109568]
R3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-12-18 38976]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-5 1684736]
S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2007-5-5 45568]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-15 50704]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-20 17:53:21 0 d-----w- C:\eae7b6e4db1d1e75e66252
2010-04-20 17:07:34 155136 ----a-w- c:\windows\Nsuvea.exe
2010-04-18 01:27:23 0 d-----w- c:\docume~1\johnjo~1\applic~1\Easy Duplicate Finder
2010-04-17 14:59:51 0 d-----w- c:\docume~1\johnjo~1\applic~1\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-04-17 14:59:49 0 d-----w- c:\program files\TweetDeck
2010-04-17 08:45:43 0 d-----w- C:\tools
2010-04-08 04:57:03 0 d-----w- c:\docume~1\johnjo~1\applic~1\eSobi
2010-04-08 04:56:41 0 d-----w- c:\docume~1\alluse~1\applic~1\eSobi
2010-04-08 04:56:34 0 d-----w- c:\program files\eSobi
2010-03-29 15:16:43 0 d-----w- c:\program files\MSECache
2010-03-26 22:52:55 0 d-----w- c:\program files\Atrinsic
2010-03-26 17:47:45 138 ---ha-w- C:\doc2pdf_win.ini
2010-03-26 17:47:01 1024 ----a-w- c:\windows\system32\pdftotext.dat
2010-03-26 17:46:44 0 d-----w- c:\program files\e-PDF To Text Converter v2.1
2010-03-26 17:44:17 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-03-26 17:44:17 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-03-26 17:44:12 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-03-26 17:44:11 0 d-----w- c:\program files\Softland
2010-03-26 17:35:05 0 d-----w- c:\docume~1\johnjo~1\applic~1\PrimoPDF
2010-03-26 17:33:03 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-03-26 17:33:01 0 d-----w- c:\program files\Nitro PDF

==================== Find3M ====================

2010-04-20 17:47:41 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-03-14 11:03:18 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 11:03:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 11:02:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2007-11-06 20:27:42 969 ----a-w- c:\program files\SPreg.cmd
2007-11-05 17:06:22 9728 ----a-w- c:\program files\SPBlockingTool.exe
2007-07-01 16:17:27 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-07-01 16:16:57 25990432 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2006-06-25 18:48:54 32768 ----a-w- c:\windows\inf\UpdateUSB.exe
2005-11-27 22:31:14 9760 ----a-w- c:\program files\metapad.txt
2005-11-27 20:50:08 95744 ----a-w- c:\program files\metapad.exe
2005-05-19 21:18:26 4576 ----a-w- c:\program files\NoSPupdate.adm
2002-05-13 02:55:06 93 ----a-w- c:\program files\faq.txt
2001-03-29 22:24:00 929 ----a-w- c:\program files\filters.zip
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2007-05-12 03:51:55 56 --sha-r- c:\windows\system32\FF01B64E97.sys
2007-05-12 03:51:55 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:32:02.31 ===============
 

xico

Thread Starter
Joined
Jun 29, 2002
Messages
29,787
I ran Spybot in SafeMode; which killed 4 of the XP Security Tool processes. Then I ran Malwarebytes Anti Malware, and it took out 11 Viruses and Trojans, including 4 more processes from XP Security Tool. So XP Security Tool seems to be sleeping or dead.
However, I'm still not able to get on line--my wireless connection isn't working. :( Any suggestions would be appreciated.

By the way Malwarebytes (I purchased it last night) says I'm under attack from 212.95.32.155 and thatit's protecting me from the attacker. :eek:
 

xico

Thread Starter
Joined
Jun 29, 2002
Messages
29,787
I called Comcast to report the IP number. They sent me to Norton that took down the info, said thank you, but that that wasn't their department. Ahh well! :D
 

xico

Thread Starter
Joined
Jun 29, 2002
Messages
29,787
I finally got exe.Helper to run. This is what I got.

exeHelper by Raktor
Build 20100414
Run at 12:23:54 on 04/23/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

The first time I ran it, when it got to bad files, the computer shut down. So, when it rebooted, I ran it again. So I'm going to run Gmer again.
 

xico

Thread Starter
Joined
Jun 29, 2002
Messages
29,787
Just ran Gmer. Since I can't get on line, I used my thumb drive to transfer Gmer to the computer, and left it in the USB socket, so that got scanned too. :D


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 21:18:58
Windows 5.1.2600 Service Pack 3
Running: iqje3i9u.exe; Driver: C:\DOCUME~1\JOHNJO~1\LOCALS~1\Temp\pgrdypog.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\usbhub \Device\00000089 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008a hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008b hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008c hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008d hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{3d0dff86-49a3-40f4-bc98-ca56ffc97172}@Model 79
Reg HKLM\SOFTWARE\Classes\CLSID\{3d0dff86-49a3-40f4-bc98-ca56ffc97172}@Therad 22
Reg HKLM\SOFTWARE\Classes\CLSID\{3d0dff86-49a3-40f4-bc98-ca56ffc97172}@MData 0x69 0x4D 0x48 0x08 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xFB 0x83 0xE5 0x29 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x79 0x6B 0x38 0x36 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{df5f5429-4a46-47e4-a84f-01a4ed3d0031}@Model 304
Reg HKLM\SOFTWARE\Classes\CLSID\{df5f5429-4a46-47e4-a84f-01a4ed3d0031}@Therad 37
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D6921B9-6595-F8F5-C6D0-6E3A7B590D6F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D6921B9-6595-F8F5-C6D0-6E3A7B590D6F}@abdllfgikkcgfnciphepdjdokldhpfhjen 0x64 0x62 0x6A 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D6921B9-6595-F8F5-C6D0-6E3A7B590D6F}@bbdllfgikkcgfnciphnocdmhncannlligimi 0x61 0x62 0x69 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C06DAF-5562-752C-7C65-98A54BFA2E58}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C06DAF-5562-752C-7C65-98A54BFA2E58}@nanhnnoihlhekhgdpkbgapfliihp 0x6B 0x61 0x61 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C06DAF-5562-752C-7C65-98A54BFA2E58}@malcagehbifhjdgnkelljmifkc 0x6B 0x61 0x61 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{98F38897-73DB-599C-496A-98A28F74B40A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{98F38897-73DB-599C-496A-98A28F74B40A}@abofeifanlafceejfafbfoofpblghjmjfk 0x64 0x62 0x65 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{98F38897-73DB-599C-496A-98A28F74B40A}@bbofeifanlafceejfaebibllfhmjbkgoecob 0x61 0x62 0x66 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0E7A852-0EA0-7333-9B50-8367F08A213D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0E7A852-0EA0-7333-9B50-8367F08A213D}@paeggkompdglbjlmenlonbegdhbgccdh 0x6B 0x61 0x62 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0E7A852-0EA0-7333-9B50-8367F08A213D}@oageiacjeoaobchibcdkkmhgdlikpg 0x6B 0x61 0x69 0x69 ...

---- EOF - GMER 1.0.15 ----
 

xico

Thread Starter
Joined
Jun 29, 2002
Messages
29,787
I downloaded Combo Fix, and started to run it, but it said that I don't have MS Recovery Console installed and that it couldn't fix some serious infections without it--and that I needed an internet connection that I don't have. :(
 

xico

Thread Starter
Joined
Jun 29, 2002
Messages
29,787
Okay, I put the MS Recovery Tool on the computer, but it's not in the start menu. But when I booted up this morning I had the choice to boot into the Recovery concole or to boot into XP. I booted into XP. But I'm in a quandry about what to do next.

Any suggestions would be greatly appreciated, Thanks,

xico
 

xico

Thread Starter
Joined
Jun 29, 2002
Messages
29,787
Well, I went ahead and ran combofix. Here's the log.



ComboFix 10-04-21.01 - xico 04/24/2010 16:12:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3549.2986 [GMT -4:00]
Running from: c:\documents and settings\xico\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\xico\Application Data\Desktopicon
c:\documents and settings\xico\Application Data\Desktopicon\config.ini
c:\documents and settings\xico\Application Data\inst.exe
c:\windows\eSellerateEngine.dll
c:\windows\Nsuvea.exe
c:\windows\system32\vmnat.exe
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWNETPKER


((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-24 18:53 . 2010-04-24 18:53 -------- d-----w- C:\237fd07f98afaf4d30cab087
2010-04-24 18:52 . 2010-04-24 18:52 -------- d-----w- C:\25ed3d132aa3772464e1699e895e
2010-04-23 05:59 . 2004-05-11 14:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2010-04-23 05:59 . 2003-11-19 18:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2010-04-23 05:59 . 2006-05-31 19:38 10752 ----a-w- c:\windows\system32\md5.dll
2010-04-23 05:59 . 2010-04-23 05:59 -------- d-----w- c:\program files\MalwareSweeper.com
2010-04-23 05:56 . 2010-04-24 18:51 -------- d-----w- c:\program files\SpywareBlaster
2010-04-23 02:13 . 2010-04-23 02:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-23 02:08 . 2008-04-14 09:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-04-21 22:02 . 2010-04-21 22:02 -------- d-----w- c:\program files\NETGEAR
2010-04-21 16:15 . 2010-04-21 16:17 -------- d-----w- c:\program files\XP TCPIP Repair
2010-04-21 05:38 . 2010-04-21 05:38 -------- d-----w- C:\99cebe99d5156c141ebd
2010-04-20 21:11 . 2010-04-20 21:11 -------- d-----w- c:\program files\Alwil Software
2010-04-20 21:11 . 2010-04-20 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-20 20:01 . 2010-04-20 20:01 -------- d-----w- c:\program files\EMCO
2010-04-20 17:53 . 2010-04-20 17:53 -------- d-----w- C:\eae7b6e4db1d1e75e66252
2010-04-18 01:27 . 2010-04-19 05:54 -------- d-----w- c:\documents and settings\John Joerg\Application Data\Easy Duplicate Finder
2010-04-17 14:59 . 2010-04-17 14:59 -------- d-----w- c:\documents and settings\John Joerg\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-04-17 14:59 . 2010-04-17 14:59 -------- d-----w- c:\program files\TweetDeck
2010-04-17 08:45 . 2010-04-17 08:45 -------- d-----w- C:\tools
2010-04-08 04:57 . 2010-04-08 04:57 -------- d-----w- c:\documents and settings\John Joerg\Application Data\eSobi
2010-04-08 04:56 . 2010-04-08 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\eSobi
2010-04-08 04:56 . 2010-04-08 04:56 -------- d-----w- c:\program files\eSobi
2010-03-29 20:04 . 2010-03-29 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-29 15:16 . 2010-03-29 15:16 -------- d-----w- c:\program files\MSECache
2010-03-26 22:52 . 2010-03-26 22:52 -------- d-----w- c:\program files\Atrinsic
2010-03-26 17:47 . 2010-03-26 22:39 1024 ----a-w- c:\windows\system32\pdftotext.dat
2010-03-26 17:46 . 2010-03-26 17:46 -------- d-----w- c:\program files\e-PDF To Text Converter v2.1
2010-03-26 17:44 . 2010-03-01 19:49 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-03-26 17:44 . 2010-03-01 19:49 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-03-26 17:44 . 2010-02-05 18:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-03-26 17:44 . 2010-03-26 17:44 -------- d-----w- c:\program files\Softland
2010-03-26 17:35 . 2010-03-26 22:39 -------- d-----w- c:\documents and settings\John Joerg\Application Data\PrimoPDF
2010-03-26 17:33 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-03-26 17:33 . 2010-03-26 22:37 -------- d-----w- c:\program files\Nitro PDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 20:22 . 2008-03-19 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-04-24 20:22 . 2009-11-02 20:32 -------- d-----w- c:\documents and settings\Freenet\Application Data\VMware
2010-04-24 20:22 . 2009-12-18 20:25 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-04-24 20:21 . 2008-06-09 05:03 -------- d-----w- c:\documents and settings\John Joerg\Application Data\mjusbsp
2010-04-24 19:14 . 2010-02-20 06:33 -------- d-----w- c:\program files\SeaMonkey
2010-04-24 18:53 . 2009-11-13 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-24 17:52 . 2007-06-11 18:41 -------- d-----w- c:\program files\V41
2010-04-22 02:55 . 2010-03-22 04:32 -------- d-----w- c:\documents and settings\John Joerg\Application Data\vlc
2010-04-21 22:06 . 2009-09-02 03:33 -------- d-----w- c:\program files\TRENDnet
2010-04-21 22:03 . 2007-04-28 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-21 19:10 . 2007-10-07 02:37 -------- d-----w- c:\documents and settings\John Joerg\Application Data\U3
2010-04-21 15:57 . 2008-02-22 18:44 -------- d-----w- c:\documents and settings\John Joerg\Application Data\BitTorrent
2010-04-21 05:16 . 2009-11-02 17:29 -------- d-----w- c:\program files\Freenet
2010-04-20 21:17 . 2007-09-26 22:24 -------- d-----w- c:\documents and settings\John Joerg\Application Data\DMCache
2010-04-20 19:57 . 2009-11-29 04:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-20 01:44 . 2009-12-15 16:01 0 ----a-w- c:\documents and settings\John Joerg\Local Settings\Application Data\prvlcl.dat
2010-04-19 05:20 . 2009-04-15 03:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-18 01:26 . 2007-07-01 16:14 -------- d-----w- c:\program files\FLV Player
2010-04-18 01:26 . 2007-05-03 22:38 -------- d-----w- c:\program files\Microsoft Works
2010-04-18 01:25 . 2007-11-11 03:26 -------- d-----w- c:\program files\Essentials Codec Pack
2010-04-18 01:25 . 2007-05-12 17:07 -------- d-----w- c:\program files\Realtek AC97
2010-04-18 01:19 . 2009-12-17 01:59 -------- d-----w- c:\program files\Auslogics
2010-04-14 22:31 . 2007-09-26 22:24 -------- d-----w- c:\documents and settings\John Joerg\Application Data\IDM
2010-04-14 00:21 . 2009-11-20 17:57 -------- d-----w- c:\documents and settings\John Joerg\Application Data\dvdcss
2010-04-14 00:02 . 2008-08-19 16:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DMCache
2010-04-08 04:57 . 2007-05-05 08:54 58920 ----a-w- c:\documents and settings\John Joerg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-29 20:04 . 2007-05-05 09:23 -------- d-----w- c:\program files\Yahoo!
2010-03-29 20:04 . 2007-05-05 09:23 -------- d-----w- c:\program files\CCleaner
2010-03-28 06:30 . 2008-04-22 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-03-28 06:30 . 2008-04-22 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-03-28 06:30 . 2008-04-22 23:34 -------- d-----w- c:\program files\Nuance
2010-03-28 06:30 . 2008-04-22 23:34 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-03-26 22:53 . 2009-02-15 00:01 -------- d-----r- c:\program files\Skype
2010-03-22 01:14 . 2007-04-29 22:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-13 09:10 . 2010-03-13 09:10 -------- d-----w- c:\program files\NeoSmart Technologies
2010-03-10 10:47 . 2009-10-30 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-10 10:46 . 2009-08-04 00:43 -------- d-----w- c:\program files\Flickr Uploadr
2010-03-10 10:29 . 2007-11-19 16:43 -------- d-----w- c:\program files\Flexigen
2010-03-10 10:25 . 2009-05-01 03:42 -------- d-----w- c:\program files\The Rosetta Stone
2010-03-10 10:18 . 2008-01-14 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-03-10 10:03 . 2007-05-05 21:44 -------- d-----w- c:\program files\Canon
2010-03-10 09:59 . 2009-06-08 02:23 -------- d-----w- c:\documents and settings\John Joerg\Application Data\Clipdiary
2010-03-10 09:57 . 2008-10-27 20:55 -------- d-----w- c:\program files\easetech
2010-03-10 09:50 . 2007-05-05 22:00 -------- d-----w- c:\program files\Executive Software
2010-03-07 08:43 . 2009-01-15 21:22 -------- d-----w- c:\program files\Opera
2010-02-28 23:56 . 2010-02-28 23:56 -------- d-----w- c:\documents and settings\John Joerg\Application Data\Lunascape
2010-02-28 23:55 . 2010-02-28 23:55 -------- d-----w- c:\program files\Lunascape
2010-02-28 07:14 . 2009-10-06 23:48 -------- d-----w- c:\documents and settings\John Joerg\Application Data\SlimBrowser
2010-02-25 04:07 . 2010-02-25 04:07 -------- d-----w- c:\program files\Bilingual -Greek English- New Testament
2010-02-25 04:04 . 2010-02-25 04:04 -------- d-----w- c:\program files\Bilingual -Greek Russian- New Testament
2010-02-20 07:40 . 2010-04-24 18:29 171056 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
2010-02-20 07:40 . 2007-04-28 13:11 87263 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2007-11-06 20:27 . 2007-11-06 20:27 969 ----a-w- c:\program files\SPreg.cmd
2007-11-05 17:06 . 2007-11-05 17:06 9728 ----a-w- c:\program files\SPBlockingTool.exe
2007-07-01 16:17 . 2007-07-01 16:17 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-07-01 16:16 . 2007-07-01 16:15 25990432 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2005-11-27 22:31 . 2005-11-27 22:31 9760 ----a-w- c:\program files\metapad.txt
2005-11-27 20:50 . 2005-11-27 20:50 95744 ----a-w- c:\program files\metapad.exe
2005-05-19 21:18 . 2005-05-19 21:18 4576 ----a-w- c:\program files\NoSPupdate.adm
2002-05-13 02:55 . 2002-05-13 02:55 93 ----a-w- c:\program files\faq.txt
2001-03-29 22:24 . 2001-03-29 22:24 929 ----a-w- c:\program files\filters.zip
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2007-05-12 03:51 . 2007-05-12 03:51 56 --sha-r- c:\windows\system32\FF01B64E97.sys
2007-05-12 03:51 . 2007-05-12 03:51 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin1.dll" [2010-02-20 2349080]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2010-02-20 2349080]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DE552AE-4229-4ED9-B595-77305C8F1D0A}]
2009-03-18 04:54 81920 ----a-w- c:\program files\Cleeki\ieagent\CleekiIEAgent.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2010-02-20 18:47 2349080 ----a-w- c:\program files\The_Pirate_Bay\tbThe1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2010-02-20 18:47 2349080 ----a-w- c:\program files\Mininova\tbMin1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin1.dll" [2010-02-20 2349080]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2010-02-20 2349080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMin1.dll" [2010-02-20 2349080]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2010-02-20 2349080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 1415824]
"cdloader"="c:\documents and settings\John Joerg\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-06-04 5777408]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-08 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\documents and settings\NetworkService\Start Menu\Programs\Startup\
YPOPs.lnk - c:\program files\YPOPs\YPOPs.exe [2008-11-12 532480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Wireless Assistant.lnk - c:\windows\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2010-4-21 2238]
Rocket.Time.lnk - c:\program files\Rocket Software\RocketTime\RocketTime.exe [2007-9-16 557129]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\clipdiary
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-08-20 01:26 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
2003-09-29 22:53 607232 ----a-w- c:\progra~1\SPEEDO~1\SPO.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 66632]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/29/2009 12:24 AM 269648]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [5/10/2008 12:15 AM 7424]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [8/11/2009 6:31 PM 46824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/5/2009 6:33 PM 109568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/29/2009 12:24 AM 19160]
R3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [12/18/2009 4:25 PM 38976]
S2 freenet;Freenet background service;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [9/5/2009 12:11 PM 241664]
S2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [4/29/2007 6:39 PM 35712]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2005 10:17 PM 450400]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/5/2009 6:20 AM 1684736]
S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [5/5/2007 3:48 AM 45568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1788223648-1801674531-1003.job
- c:\documents and settings\John Joerg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 02:17]

2010-04-24 c:\windows\Tasks\User_Feed_Synchronization-{D9CD07CB-B0B3-4E43-A588-344B713BEAD0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Open with Nuance PDF Converter 5.0 - c:\program files\Nuance\PDF Converter 5\cnvres_eng.dll /100
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\John Joerg\Application Data\Mozilla\Firefox\Profiles\uj7z80ih.John\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\John Joerg\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\John Joerg\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\John Joerg\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\John Joerg\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: c:\program files\Opera 10.50 pre-alpha\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10.50 pre-alpha\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera\program\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} - (no file)
URLSearchHooks-{2c804246-e103-4d8c-a512-1e6ffbdb2e7f} - (no file)
Toolbar-{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} - (no file)
Toolbar-{2c804246-e103-4d8c-a512-1e6ffbdb2e7f} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{BFCDCEBE-E1FB-40F9-B4E2-7BB1138EF76C} - (no file)
WebBrowser-{2C804246-E103-4D8C-A512-1E6FFBDB2E7F} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 16:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1788223648-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D6921B9-6595-F8F5-C6D0-6E3A7B590D6F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdllfgikkcgfnciphepdjdokldhpfhjen"=hex:64,62,6a,6b,6f,68,61,68,63,63,70,6e,
69,69,64,63,67,6c,65,6e,6e,6c,6f,66,6e,67,6a,68,63,6a,6f,6c,64,65,65,66,69,\
"bbdllfgikkcgfnciphnocdmhncannlligimi"=hex:61,62,69,6d,6f,66,69,70,65,67,6c,6a,
6b,6c,61,64,6b,62,61,66,67,6b,69,65,63,68,68,64,6a,67,6e,6a,6d,6d,00,66

[HKEY_USERS\S-1-5-21-1935655697-1788223648-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C06DAF-5562-752C-7C65-98A54BFA2E58}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nanhnnoihlhekhgdpkbgapfliihp"=hex:6b,61,61,62,66,6a,6d,68,6b,6d,6e,6e,64,65,
6f,61,67,65,6d,6a,68,70,00,00
"malcagehbifhjdgnkelljmifkc"=hex:6b,61,61,62,66,6a,6d,68,6b,6d,6e,6e,64,65,6f,
61,67,65,6d,6a,68,70,00,00

[HKEY_USERS\S-1-5-21-1935655697-1788223648-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{98F38897-73DB-599C-496A-98A28F74B40A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abofeifanlafceejfafbfoofpblghjmjfk"=hex:64,62,65,65,6e,6b,63,68,67,68,66,6f,
66,63,69,6c,61,6a,6f,70,61,64,6f,62,64,61,69,6f,6a,6e,62,69,6a,62,70,6e,6c,\
"bbofeifanlafceejfaebibllfhmjbkgoecob"=hex:61,62,66,67,6b,66,6f,70,65,6b,6d,6c,
69,70,6f,64,66,6b,68,66,69,66,6e,69,61,6b,6e,6b,69,69,67,6f,6a,68,00,6e

[HKEY_USERS\S-1-5-21-1935655697-1788223648-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0E7A852-0EA0-7333-9B50-8367F08A213D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paeggkompdglbjlmenlonbegdhbgccdh"=hex:6b,61,62,6a,65,6f,70,63,6b,61,69,64,6f,
65,6f,6a,67,65,62,6e,67,65,00,00
"oageiacjeoaobchibcdkkmhgdlikpg"=hex:6b,61,69,69,6c,6f,70,6d,69,69,65,6b,6a,6a,
65,6f,68,6a,62,61,63,6d,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3d0dff86-49a3-40f4-bc98-ca56ffc97172}]
@Denied: (Full) (Everyone)
"Model"=dword:0000004f
"Therad"=dword:00000016
"MData"=hex(0):69,4d,48,08,34,83,3e,f5,2a,a7,5a,87,4c,07,ab,35,49,08,31,46,11,
5f,30,09,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fb,83,e5,29,88,fb,01,69,48,99,83,74,ab,9c,49,19,bd,dc,da,46,d2,
6f,e4,b5,b6,38,55,c3,40,e7,5f,62,44,f3,d2,b3,9d,b1,b1,9c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):79,6b,38,36,5f,76,2f,03,d2,32,25,cc,52,45,6f,53,fd,64,c9,32,4b,
63,e1,ba,47,16,31,7f,72,b6,b0,7b,e3,2e,84,fa,bc,da,54,f7,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{df5f5429-4a46-47e4-a84f-01a4ed3d0031}]
@Denied: (Full) (Everyone)
"Model"=dword:00000130
"Therad"=dword:00000025
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3540)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\NETGEAR\WG311v3\wlancfg5.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Tenable\Nessus\nessus-service.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-24 16:32:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-24 20:32

Pre-Run: 72,452,341,760 bytes free
Post-Run: 72,741,531,648 bytes free

- - End Of File - - E295E9F049373B6E2F0394C688C8F08B

Weirdly, or maybe not so weirdly, my wireless adapter says that I'm connected. but I'm not on line.
I went to the Command Prompt and typed in ipconfig.

An internal error occurred. The request is not supported.
Please contact Microsoft Product Support Service for further help.
Additional information: Unable to query host name.

Any suggestions?

Thanks,

xico
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top