1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I got the XP Security Tool Trojan

Discussion in 'Virus & Other Malware Removal' started by xico, Apr 20, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    I'm running XP, and it's doing the same thing to Google--and even to Techguy's website as Karl's XP trojan. It won't let me post to Techguy. I ran DDS, but couldn't open exeHelper. Should I try to post the DDS log?

    Can I email the log to one of my other computers without infecting them? And then send it to Techguy?

    Thanks,

    xico
     
  2. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    Well, I thought I'd post the DDS anyway.

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by xico at 14:29:06.56 on Tue 04/20/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3549.1794 [GMT -4:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Tenable\Nessus\nessus-service.exe
    C:\Program Files\Tenable\Nessus\nessusd.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\Xobni\XobniService.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Nsuvea.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
    C:\Documents and Settings\xico\Local Settings\Application Data\ave.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
    C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
    C:\Documents and Settings\xico\Application Data\mjusbsp\magicJack.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\DOCUME~1\JOHNJO~1\LOCALS~1\Temp\Nbp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\xico\Desktop\dds.EXE

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - c:\program files\mininova\tbMin1.dll
    uURLSearchHooks: greatbar23dec2009 Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe1.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Cleeki IEPlug: {6de552ae-4229-4ed9-b595-77305c8f1d0a} - c:\program files\cleeki\ieagent\CleekiIEAgent.dll
    BHO: greatbar23dec2009 Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe1.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - c:\program files\mininova\tbMin1.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Zaazu: {3e7609ca-feae-4204-88ae-68eeb7b077a3} - blank
    TB: {bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} - No File
    TB: {2c804246-e103-4d8c-a512-1e6ffbdb2e7f} - No File
    TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - No File
    TB: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - c:\program files\mininova\tbMin1.dll
    TB: greatbar23dec2009 Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe1.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
    uRun: [TClockEx] c:\documents and settings\john joerg\desktop\progrms\tclockex\TCLOCKEX.EXE
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [cdloader] "c:\documents and settings\john joerg\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
    uRun: [YVIBBBHA8C] c:\docume~1\johnjo~1\locals~1\temp\Nbp.exe
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf converter 5\RegistryController.exe
    mRun: [Nuance PDF Converter 5-reminder] "c:\program files\nuance\pdf converter 5\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf converter 5\ereg\Ereg.ini"
    mRun: [net] "c:\windows\system32\net.net"
    mRun: [ewrgetuj] c:\docume~1\johnjo~1\locals~1\temp\geurge.exe
    dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocket software\rockettime\RocketTime.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\trendnet tew-421pc_tew-423pi\WlanCU.exe
    IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: Download All Links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
    IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: Open with Nuance PDF Converter 5.0 - c:\program files\nuance\pdf converter 5\cnvres_eng.dll /100
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    LSP: c:\windows\system32\idmmbc.dll
    DPF: Microsoft XML Parser for Java
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178352440514
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    TCP: NameServer = 93.188.164.97,93.188.166.142
    TCP: {03CF1EB5-EEB4-4E9C-9C20-F5780D2061B4} = 93.188.164.97,93.188.166.142
    TCP: {662EF50C-179A-4EFA-828C-D5C69CC92D2E} = 93.188.164.97,93.188.166.142
    TCP: {EA805DA4-EF99-4005-A492-14F0EB5B2FF0} = 93.188.164.97,93.188.166.142
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: AVG Anti-Spyware 7.5: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - CShellExecuteHookImpl Object
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = :\windows\syste scecli

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\johnjo~1\applic~1\mozilla\firefox\profiles\uj7z80ih.john\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\documents and settings\john joerg\application data\idm\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\john joerg\application data\move networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\documents and settings\john joerg\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\john joerg\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
    FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
    FF - plugin: c:\program files\opera 10.50 pre-alpha\program\plugins\npdsplay.dll
    FF - plugin: c:\program files\opera 10.50 pre-alpha\program\plugins\npwmsdrm.dll
    FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
    FF - plugin: c:\program files\opera\program\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-8-7 3968]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-9 216200]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-5-5 29512]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-9 242696]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 66632]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-14 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
    R2 freenet;Freenet background service;c:\program files\freenet\bin\wrapper-windows-x86-32.exe [2009-9-5 241664]
    R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2008-5-10 7424]
    R2 sbbotdi;sbbotdi;c:\progra~1\speedb~1\sbbotdi.sys [2007-4-29 35712]
    R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-8-11 46824]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-5 109568]
    R3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-12-18 38976]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
    S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-5 1684736]
    S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2007-5-5 45568]
    S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-15 50704]

    ============== File Associations ===============

    .exe=secfile

    =============== Created Last 30 ================

    2010-04-20 17:53:21 0 d-----w- C:\eae7b6e4db1d1e75e66252
    2010-04-20 17:07:34 155136 ----a-w- c:\windows\Nsuvea.exe
    2010-04-18 01:27:23 0 d-----w- c:\docume~1\johnjo~1\applic~1\Easy Duplicate Finder
    2010-04-17 14:59:51 0 d-----w- c:\docume~1\johnjo~1\applic~1\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    2010-04-17 14:59:49 0 d-----w- c:\program files\TweetDeck
    2010-04-17 08:45:43 0 d-----w- C:\tools
    2010-04-08 04:57:03 0 d-----w- c:\docume~1\johnjo~1\applic~1\eSobi
    2010-04-08 04:56:41 0 d-----w- c:\docume~1\alluse~1\applic~1\eSobi
    2010-04-08 04:56:34 0 d-----w- c:\program files\eSobi
    2010-03-29 15:16:43 0 d-----w- c:\program files\MSECache
    2010-03-26 22:52:55 0 d-----w- c:\program files\Atrinsic
    2010-03-26 17:47:45 138 ---ha-w- C:\doc2pdf_win.ini
    2010-03-26 17:47:01 1024 ----a-w- c:\windows\system32\pdftotext.dat
    2010-03-26 17:46:44 0 d-----w- c:\program files\e-PDF To Text Converter v2.1
    2010-03-26 17:44:17 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
    2010-03-26 17:44:17 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
    2010-03-26 17:44:12 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
    2010-03-26 17:44:11 0 d-----w- c:\program files\Softland
    2010-03-26 17:35:05 0 d-----w- c:\docume~1\johnjo~1\applic~1\PrimoPDF
    2010-03-26 17:33:03 176235 ----a-w- c:\windows\system32\Primomonnt.dll
    2010-03-26 17:33:01 0 d-----w- c:\program files\Nitro PDF

    ==================== Find3M ====================

    2010-04-20 17:47:41 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
    2010-03-14 11:03:18 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-14 11:03:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-14 11:02:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2007-11-06 20:27:42 969 ----a-w- c:\program files\SPreg.cmd
    2007-11-05 17:06:22 9728 ----a-w- c:\program files\SPBlockingTool.exe
    2007-07-01 16:17:27 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
    2007-07-01 16:16:57 25990432 ----a-w- c:\program files\FLV PlayerRCSetup.exe
    2006-06-25 18:48:54 32768 ----a-w- c:\windows\inf\UpdateUSB.exe
    2005-11-27 22:31:14 9760 ----a-w- c:\program files\metapad.txt
    2005-11-27 20:50:08 95744 ----a-w- c:\program files\metapad.exe
    2005-05-19 21:18:26 4576 ----a-w- c:\program files\NoSPupdate.adm
    2002-05-13 02:55:06 93 ----a-w- c:\program files\faq.txt
    2001-03-29 22:24:00 929 ----a-w- c:\program files\filters.zip
    2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    2007-05-12 03:51:55 56 --sha-r- c:\windows\system32\FF01B64E97.sys
    2007-05-12 03:51:55 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys

    ============= FINISH: 14:32:02.31 ===============
     
  3. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    I ran Spybot in SafeMode; which killed 4 of the XP Security Tool processes. Then I ran Malwarebytes Anti Malware, and it took out 11 Viruses and Trojans, including 4 more processes from XP Security Tool. So XP Security Tool seems to be sleeping or dead.
    However, I'm still not able to get on line--my wireless connection isn't working. :( Any suggestions would be appreciated.

    By the way Malwarebytes (I purchased it last night) says I'm under attack from 212.95.32.155 and thatit's protecting me from the attacker. :eek:
     
  4. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    I called Comcast to report the IP number. They sent me to Norton that took down the info, said thank you, but that that wasn't their department. Ahh well! :D
     
  5. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    I finally got exe.Helper to run. This is what I got.

    exeHelper by Raktor
    Build 20100414
    Run at 12:23:54 on 04/23/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Removing HKCR\secfile
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    The first time I ran it, when it got to bad files, the computer shut down. So, when it rebooted, I ran it again. So I'm going to run Gmer again.
     
  6. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    Just ran Gmer. Since I can't get on line, I used my thumb drive to transfer Gmer to the computer, and left it in the USB socket, so that got scanned too. :D


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-23 21:18:58
    Windows 5.1.2600 Service Pack 3
    Running: iqje3i9u.exe; Driver: C:\DOCUME~1\JOHNJO~1\LOCALS~1\Temp\pgrdypog.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\usbhub \Device\00000089 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000008a hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000008b hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000008c hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000008d hcmon.sys (VMware USB monitor/VMware, Inc.)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{3d0dff86-49a3-40f4-bc98-ca56ffc97172}@Model 79
    Reg HKLM\SOFTWARE\Classes\CLSID\{3d0dff86-49a3-40f4-bc98-ca56ffc97172}@Therad 22
    Reg HKLM\SOFTWARE\Classes\CLSID\{3d0dff86-49a3-40f4-bc98-ca56ffc97172}@MData 0x69 0x4D 0x48 0x08 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xFB 0x83 0xE5 0x29 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x79 0x6B 0x38 0x36 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{df5f5429-4a46-47e4-a84f-01a4ed3d0031}@Model 304
    Reg HKLM\SOFTWARE\Classes\CLSID\{df5f5429-4a46-47e4-a84f-01a4ed3d0031}@Therad 37
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D6921B9-6595-F8F5-C6D0-6E3A7B590D6F}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D6921B9-6595-F8F5-C6D0-6E3A7B590D6F}@abdllfgikkcgfnciphepdjdokldhpfhjen 0x64 0x62 0x6A 0x6B ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D6921B9-6595-F8F5-C6D0-6E3A7B590D6F}@bbdllfgikkcgfnciphnocdmhncannlligimi 0x61 0x62 0x69 0x6D ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C06DAF-5562-752C-7C65-98A54BFA2E58}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C06DAF-5562-752C-7C65-98A54BFA2E58}@nanhnnoihlhekhgdpkbgapfliihp 0x6B 0x61 0x61 0x62 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C06DAF-5562-752C-7C65-98A54BFA2E58}@malcagehbifhjdgnkelljmifkc 0x6B 0x61 0x61 0x62 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{98F38897-73DB-599C-496A-98A28F74B40A}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{98F38897-73DB-599C-496A-98A28F74B40A}@abofeifanlafceejfafbfoofpblghjmjfk 0x64 0x62 0x65 0x65 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{98F38897-73DB-599C-496A-98A28F74B40A}@bbofeifanlafceejfaebibllfhmjbkgoecob 0x61 0x62 0x66 0x67 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0E7A852-0EA0-7333-9B50-8367F08A213D}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0E7A852-0EA0-7333-9B50-8367F08A213D}@paeggkompdglbjlmenlonbegdhbgccdh 0x6B 0x61 0x62 0x6A ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0E7A852-0EA0-7333-9B50-8367F08A213D}@oageiacjeoaobchibcdkkmhgdlikpg 0x6B 0x61 0x69 0x69 ...

    ---- EOF - GMER 1.0.15 ----
     
  7. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    I downloaded Combo Fix, and started to run it, but it said that I don't have MS Recovery Console installed and that it couldn't fix some serious infections without it--and that I needed an internet connection that I don't have. :(
     
  8. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    Okay, I put the MS Recovery Tool on the computer, but it's not in the start menu. But when I booted up this morning I had the choice to boot into the Recovery concole or to boot into XP. I booted into XP. But I'm in a quandry about what to do next.

    Any suggestions would be greatly appreciated, Thanks,

    xico
     
  9. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    Well, I went ahead and ran combofix. Here's the log.



    ComboFix 10-04-21.01 - xico 04/24/2010 16:12:43.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3549.2986 [GMT -4:00]
    Running from: c:\documents and settings\xico\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\xico\Application Data\Desktopicon
    c:\documents and settings\xico\Application Data\Desktopicon\config.ini
    c:\documents and settings\xico\Application Data\inst.exe
    c:\windows\eSellerateEngine.dll
    c:\windows\Nsuvea.exe
    c:\windows\system32\vmnat.exe
    c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    c:\windows\Temp\tmp3.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_WINDOWNETPKER


    ((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
    .

    2010-04-24 18:53 . 2010-04-24 18:53 -------- d-----w- C:\237fd07f98afaf4d30cab087
    2010-04-24 18:52 . 2010-04-24 18:52 -------- d-----w- C:\25ed3d132aa3772464e1699e895e
    2010-04-23 05:59 . 2004-05-11 14:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
    2010-04-23 05:59 . 2003-11-19 18:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
    2010-04-23 05:59 . 2006-05-31 19:38 10752 ----a-w- c:\windows\system32\md5.dll
    2010-04-23 05:59 . 2010-04-23 05:59 -------- d-----w- c:\program files\MalwareSweeper.com
    2010-04-23 05:56 . 2010-04-24 18:51 -------- d-----w- c:\program files\SpywareBlaster
    2010-04-23 02:13 . 2010-04-23 02:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-04-23 02:08 . 2008-04-14 09:41 81920 ------w- c:\windows\system32\ieencode.dll
    2010-04-21 22:02 . 2010-04-21 22:02 -------- d-----w- c:\program files\NETGEAR
    2010-04-21 16:15 . 2010-04-21 16:17 -------- d-----w- c:\program files\XP TCPIP Repair
    2010-04-21 05:38 . 2010-04-21 05:38 -------- d-----w- C:\99cebe99d5156c141ebd
    2010-04-20 21:11 . 2010-04-20 21:11 -------- d-----w- c:\program files\Alwil Software
    2010-04-20 21:11 . 2010-04-20 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-04-20 20:01 . 2010-04-20 20:01 -------- d-----w- c:\program files\EMCO
    2010-04-20 17:53 . 2010-04-20 17:53 -------- d-----w- C:\eae7b6e4db1d1e75e66252
    2010-04-18 01:27 . 2010-04-19 05:54 -------- d-----w- c:\documents and settings\John Joerg\Application Data\Easy Duplicate Finder
    2010-04-17 14:59 . 2010-04-17 14:59 -------- d-----w- c:\documents and settings\John Joerg\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    2010-04-17 14:59 . 2010-04-17 14:59 -------- d-----w- c:\program files\TweetDeck
    2010-04-17 08:45 . 2010-04-17 08:45 -------- d-----w- C:\tools
    2010-04-08 04:57 . 2010-04-08 04:57 -------- d-----w- c:\documents and settings\John Joerg\Application Data\eSobi
    2010-04-08 04:56 . 2010-04-08 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\eSobi
    2010-04-08 04:56 . 2010-04-08 04:56 -------- d-----w- c:\program files\eSobi
    2010-03-29 20:04 . 2010-03-29 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-03-29 15:16 . 2010-03-29 15:16 -------- d-----w- c:\program files\MSECache
    2010-03-26 22:52 . 2010-03-26 22:52 -------- d-----w- c:\program files\Atrinsic
    2010-03-26 17:47 . 2010-03-26 22:39 1024 ----a-w- c:\windows\system32\pdftotext.dat
    2010-03-26 17:46 . 2010-03-26 17:46 -------- d-----w- c:\program files\e-PDF To Text Converter v2.1
    2010-03-26 17:44 . 2010-03-01 19:49 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
    2010-03-26 17:44 . 2010-03-01 19:49 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
    2010-03-26 17:44 . 2010-02-05 18:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
    2010-03-26 17:44 . 2010-03-26 17:44 -------- d-----w- c:\program files\Softland
    2010-03-26 17:35 . 2010-03-26 22:39 -------- d-----w- c:\documents and settings\John Joerg\Application Data\PrimoPDF
    2010-03-26 17:33 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
    2010-03-26 17:33 . 2010-03-26 22:37 -------- d-----w- c:\program files\Nitro PDF

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-24 20:22 . 2008-03-19 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
    2010-04-24 20:22 . 2009-11-02 20:32 -------- d-----w- c:\documents and settings\Freenet\Application Data\VMware
    2010-04-24 20:22 . 2009-12-18 20:25 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
    2010-04-24 20:21 . 2008-06-09 05:03 -------- d-----w- c:\documents and settings\John Joerg\Application Data\mjusbsp
    2010-04-24 19:14 . 2010-02-20 06:33 -------- d-----w- c:\program files\SeaMonkey
    2010-04-24 18:53 . 2009-11-13 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-24 17:52 . 2007-06-11 18:41 -------- d-----w- c:\program files\V41
    2010-04-22 02:55 . 2010-03-22 04:32 -------- d-----w- c:\documents and settings\John Joerg\Application Data\vlc
    2010-04-21 22:06 . 2009-09-02 03:33 -------- d-----w- c:\program files\TRENDnet
    2010-04-21 22:03 . 2007-04-28 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-21 19:10 . 2007-10-07 02:37 -------- d-----w- c:\documents and settings\John Joerg\Application Data\U3
    2010-04-21 15:57 . 2008-02-22 18:44 -------- d-----w- c:\documents and settings\John Joerg\Application Data\BitTorrent
    2010-04-21 05:16 . 2009-11-02 17:29 -------- d-----w- c:\program files\Freenet
    2010-04-20 21:17 . 2007-09-26 22:24 -------- d-----w- c:\documents and settings\John Joerg\Application Data\DMCache
    2010-04-20 19:57 . 2009-11-29 04:27 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-20 01:44 . 2009-12-15 16:01 0 ----a-w- c:\documents and settings\John Joerg\Local Settings\Application Data\prvlcl.dat
    2010-04-19 05:20 . 2009-04-15 03:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-04-18 01:26 . 2007-07-01 16:14 -------- d-----w- c:\program files\FLV Player
    2010-04-18 01:26 . 2007-05-03 22:38 -------- d-----w- c:\program files\Microsoft Works
    2010-04-18 01:25 . 2007-11-11 03:26 -------- d-----w- c:\program files\Essentials Codec Pack
    2010-04-18 01:25 . 2007-05-12 17:07 -------- d-----w- c:\program files\Realtek AC97
    2010-04-18 01:19 . 2009-12-17 01:59 -------- d-----w- c:\program files\Auslogics
    2010-04-14 22:31 . 2007-09-26 22:24 -------- d-----w- c:\documents and settings\John Joerg\Application Data\IDM
    2010-04-14 00:21 . 2009-11-20 17:57 -------- d-----w- c:\documents and settings\John Joerg\Application Data\dvdcss
    2010-04-14 00:02 . 2008-08-19 16:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DMCache
    2010-04-08 04:57 . 2007-05-05 08:54 58920 ----a-w- c:\documents and settings\John Joerg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-29 20:04 . 2007-05-05 09:23 -------- d-----w- c:\program files\Yahoo!
    2010-03-29 20:04 . 2007-05-05 09:23 -------- d-----w- c:\program files\CCleaner
    2010-03-28 06:30 . 2008-04-22 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
    2010-03-28 06:30 . 2008-04-22 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2010-03-28 06:30 . 2008-04-22 23:34 -------- d-----w- c:\program files\Nuance
    2010-03-28 06:30 . 2008-04-22 23:34 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
    2010-03-26 22:53 . 2009-02-15 00:01 -------- d-----r- c:\program files\Skype
    2010-03-22 01:14 . 2007-04-29 22:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-03-13 09:10 . 2010-03-13 09:10 -------- d-----w- c:\program files\NeoSmart Technologies
    2010-03-10 10:47 . 2009-10-30 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-03-10 10:46 . 2009-08-04 00:43 -------- d-----w- c:\program files\Flickr Uploadr
    2010-03-10 10:29 . 2007-11-19 16:43 -------- d-----w- c:\program files\Flexigen
    2010-03-10 10:25 . 2009-05-01 03:42 -------- d-----w- c:\program files\The Rosetta Stone
    2010-03-10 10:18 . 2008-01-14 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
    2010-03-10 10:03 . 2007-05-05 21:44 -------- d-----w- c:\program files\Canon
    2010-03-10 09:59 . 2009-06-08 02:23 -------- d-----w- c:\documents and settings\John Joerg\Application Data\Clipdiary
    2010-03-10 09:57 . 2008-10-27 20:55 -------- d-----w- c:\program files\easetech
    2010-03-10 09:50 . 2007-05-05 22:00 -------- d-----w- c:\program files\Executive Software
    2010-03-07 08:43 . 2009-01-15 21:22 -------- d-----w- c:\program files\Opera
    2010-02-28 23:56 . 2010-02-28 23:56 -------- d-----w- c:\documents and settings\John Joerg\Application Data\Lunascape
    2010-02-28 23:55 . 2010-02-28 23:55 -------- d-----w- c:\program files\Lunascape
    2010-02-28 07:14 . 2009-10-06 23:48 -------- d-----w- c:\documents and settings\John Joerg\Application Data\SlimBrowser
    2010-02-25 04:07 . 2010-02-25 04:07 -------- d-----w- c:\program files\Bilingual -Greek English- New Testament
    2010-02-25 04:04 . 2010-02-25 04:04 -------- d-----w- c:\program files\Bilingual -Greek Russian- New Testament
    2010-02-20 07:40 . 2010-04-24 18:29 171056 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
    2010-02-20 07:40 . 2007-04-28 13:11 87263 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
    2007-11-06 20:27 . 2007-11-06 20:27 969 ----a-w- c:\program files\SPreg.cmd
    2007-11-05 17:06 . 2007-11-05 17:06 9728 ----a-w- c:\program files\SPBlockingTool.exe
    2007-07-01 16:17 . 2007-07-01 16:17 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
    2007-07-01 16:16 . 2007-07-01 16:15 25990432 ----a-w- c:\program files\FLV PlayerRCSetup.exe
    2005-11-27 22:31 . 2005-11-27 22:31 9760 ----a-w- c:\program files\metapad.txt
    2005-11-27 20:50 . 2005-11-27 20:50 95744 ----a-w- c:\program files\metapad.exe
    2005-05-19 21:18 . 2005-05-19 21:18 4576 ----a-w- c:\program files\NoSPupdate.adm
    2002-05-13 02:55 . 2002-05-13 02:55 93 ----a-w- c:\program files\faq.txt
    2001-03-29 22:24 . 2001-03-29 22:24 929 ----a-w- c:\program files\filters.zip
    2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    2007-05-12 03:51 . 2007-05-12 03:51 56 --sha-r- c:\windows\system32\FF01B64E97.sys
    2007-05-12 03:51 . 2007-05-12 03:51 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin1.dll" [2010-02-20 2349080]
    "{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2010-02-20 2349080]

    [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

    [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DE552AE-4229-4ED9-B595-77305C8F1D0A}]
    2009-03-18 04:54 81920 ----a-w- c:\program files\Cleeki\ieagent\CleekiIEAgent.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
    2010-02-20 18:47 2349080 ----a-w- c:\program files\The_Pirate_Bay\tbThe1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
    2010-02-20 18:47 2349080 ----a-w- c:\program files\Mininova\tbMin1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    "{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin1.dll" [2010-02-20 2349080]
    "{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2010-02-20 2349080]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

    [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMin1.dll" [2010-02-20 2349080]
    "{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2010-02-20 2349080]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

    [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

    [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 1415824]
    "cdloader"="c:\documents and settings\John Joerg\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-06-04 5777408]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-08 198160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

    c:\documents and settings\NetworkService\Start Menu\Programs\Startup\
    YPOPs.lnk - c:\program files\YPOPs\YPOPs.exe [2008-11-12 532480]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WG311v3 Wireless Assistant.lnk - c:\windows\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2010-4-21 2238]
    Rocket.Time.lnk - c:\program files\Rocket Software\RocketTime\RocketTime.exe [2007-9-16 557129]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\clipdiary
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2008-08-20 01:26 77824 ----a-w- c:\windows\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
    2003-09-29 22:53 607232 ----a-w- c:\progra~1\SPEEDO~1\SPO.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 66632]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/29/2009 12:24 AM 269648]
    R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [5/10/2008 12:15 AM 7424]
    R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [8/11/2009 6:31 PM 46824]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/5/2009 6:33 PM 109568]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/29/2009 12:24 AM 19160]
    R3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [12/18/2009 4:25 PM 38976]
    S2 freenet;Freenet background service;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [9/5/2009 12:11 PM 241664]
    S2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [4/29/2007 6:39 PM 35712]
    S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2005 10:17 PM 450400]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/5/2009 6:20 AM 1684736]
    S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [5/5/2007 3:48 AM 45568]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1788223648-1801674531-1003.job
    - c:\documents and settings\John Joerg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 02:17]

    2010-04-24 c:\windows\Tasks\User_Feed_Synchronization-{D9CD07CB-B0B3-4E43-A588-344B713BEAD0}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    IE: Open with Nuance PDF Converter 5.0 - c:\program files\Nuance\PDF Converter 5\cnvres_eng.dll /100
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\John Joerg\Application Data\Mozilla\Firefox\Profiles\uj7z80ih.John\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\documents and settings\John Joerg\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\John Joerg\Application Data\Move Networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\documents and settings\John Joerg\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\John Joerg\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
    FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: c:\program files\Opera 10.50 pre-alpha\program\plugins\npdsplay.dll
    FF - plugin: c:\program files\Opera 10.50 pre-alpha\program\plugins\npwmsdrm.dll
    FF - plugin: c:\program files\Opera\program\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Picasa2\npPicasa2.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} - (no file)
    URLSearchHooks-{2c804246-e103-4d8c-a512-1e6ffbdb2e7f} - (no file)
    Toolbar-{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} - (no file)
    Toolbar-{2c804246-e103-4d8c-a512-1e6ffbdb2e7f} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{BFCDCEBE-E1FB-40F9-B4E2-7BB1138EF76C} - (no file)
    WebBrowser-{2C804246-E103-4D8C-A512-1E6FFBDB2E7F} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-24 16:24
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1935655697-1788223648-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D6921B9-6595-F8F5-C6D0-6E3A7B590D6F}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abdllfgikkcgfnciphepdjdokldhpfhjen"=hex:64,62,6a,6b,6f,68,61,68,63,63,70,6e,
    69,69,64,63,67,6c,65,6e,6e,6c,6f,66,6e,67,6a,68,63,6a,6f,6c,64,65,65,66,69,\
    "bbdllfgikkcgfnciphnocdmhncannlligimi"=hex:61,62,69,6d,6f,66,69,70,65,67,6c,6a,
    6b,6c,61,64,6b,62,61,66,67,6b,69,65,63,68,68,64,6a,67,6e,6a,6d,6d,00,66

    [HKEY_USERS\S-1-5-21-1935655697-1788223648-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C06DAF-5562-752C-7C65-98A54BFA2E58}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "nanhnnoihlhekhgdpkbgapfliihp"=hex:6b,61,61,62,66,6a,6d,68,6b,6d,6e,6e,64,65,
    6f,61,67,65,6d,6a,68,70,00,00
    "malcagehbifhjdgnkelljmifkc"=hex:6b,61,61,62,66,6a,6d,68,6b,6d,6e,6e,64,65,6f,
    61,67,65,6d,6a,68,70,00,00

    [HKEY_USERS\S-1-5-21-1935655697-1788223648-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{98F38897-73DB-599C-496A-98A28F74B40A}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abofeifanlafceejfafbfoofpblghjmjfk"=hex:64,62,65,65,6e,6b,63,68,67,68,66,6f,
    66,63,69,6c,61,6a,6f,70,61,64,6f,62,64,61,69,6f,6a,6e,62,69,6a,62,70,6e,6c,\
    "bbofeifanlafceejfaebibllfhmjbkgoecob"=hex:61,62,66,67,6b,66,6f,70,65,6b,6d,6c,
    69,70,6f,64,66,6b,68,66,69,66,6e,69,61,6b,6e,6b,69,69,67,6f,6a,68,00,6e

    [HKEY_USERS\S-1-5-21-1935655697-1788223648-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0E7A852-0EA0-7333-9B50-8367F08A213D}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "paeggkompdglbjlmenlonbegdhbgccdh"=hex:6b,61,62,6a,65,6f,70,63,6b,61,69,64,6f,
    65,6f,6a,67,65,62,6e,67,65,00,00
    "oageiacjeoaobchibcdkkmhgdlikpg"=hex:6b,61,69,69,6c,6f,70,6d,69,69,65,6b,6a,6a,
    65,6f,68,6a,62,61,63,6d,00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3d0dff86-49a3-40f4-bc98-ca56ffc97172}]
    @Denied: (Full) (Everyone)
    "Model"=dword:0000004f
    "Therad"=dword:00000016
    "MData"=hex(0):69,4d,48,08,34,83,3e,f5,2a,a7,5a,87,4c,07,ab,35,49,08,31,46,11,
    5f,30,09,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):fb,83,e5,29,88,fb,01,69,48,99,83,74,ab,9c,49,19,bd,dc,da,46,d2,
    6f,e4,b5,b6,38,55,c3,40,e7,5f,62,44,f3,d2,b3,9d,b1,b1,9c,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):79,6b,38,36,5f,76,2f,03,d2,32,25,cc,52,45,6f,53,fd,64,c9,32,4b,
    63,e1,ba,47,16,31,7f,72,b6,b0,7b,e3,2e,84,fa,bc,da,54,f7,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{df5f5429-4a46-47e4-a84f-01a4ed3d0031}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000130
    "Therad"=dword:00000025
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(688)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(3540)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\NETGEAR\WG311v3\wlancfg5.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Tenable\Nessus\nessus-service.exe
    c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
    c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
    c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    c:\windows\system32\vmnetdhcp.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-24 16:32:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-24 20:32

    Pre-Run: 72,452,341,760 bytes free
    Post-Run: 72,741,531,648 bytes free

    - - End Of File - - E295E9F049373B6E2F0394C688C8F08B

    Weirdly, or maybe not so weirdly, my wireless adapter says that I'm connected. but I'm not on line.
    I went to the Command Prompt and typed in ipconfig.

    An internal error occurred. The request is not supported.
    Please contact Microsoft Product Support Service for further help.
    Additional information: Unable to query host name.

    Any suggestions?

    Thanks,

    xico
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918104

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice