Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and Pop-ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 speedy0587

speedy0587

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 09 December 2009 - 10:22 PM

I have been getting pop-ups and google is redirecting certain results. I figure I might as well post all the results here.

HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:33 PM, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesLogitechGaming SoftwareLWEMon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesBUFFALOClient Manager3bwsvcbwsvc.exe
C:Program FilesCisco SystemsVPN Clientcvpnd.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsOwnerDesktopHiJackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 - HKLM..Run: [Start WingMan Profiler] C:Program FilesLogitechGaming SoftwareLWEMon.exe /noui
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Google Update] "C:Documents and SettingsOwnerLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [Aim] "C:Program FilesAIMaim.exe" /d locale=en-US
O4 - HKCU..RunOnce: [Shockwave Updater] C:WINDOWSsystem32AdobeSHOCKW~1SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTB5.3)" -"http://www.brodiegames.com/beggar/"
O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://connect.tjuh.org/dom02/,DanaInfo=je...t,SSL+dwa7W.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.tjuh.org/dana-cached/setup/...perSetupSP1.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:Program FilesBUFFALOClient Manager3bwsvcbwsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:Program FilesCisco SystemsVPN Clientcvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec AntiVirusSavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec AntiVirusRtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 8964 bytes



OTL logfile created on: 12/9/2009 9:13:42 PM - Run 1
OTL by OldTimer - Version 3.1.12.0 Folder = C:Documents and SettingsOwnerDesktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.77% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.92% Paging File free
Paging file location(s): C:pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 74.50 Gb Total Space | 42.33 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESK
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/09 21:08:07 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsOwnerDesktopOTL.exe
PRC - [2009/05/30 13:11:58 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:Program FilesJavajre6binjqs.exe
PRC - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:Program FilesCommon FilesLightScribeLSSrvc.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:Program FilesInternet Exploreriexplore.exe
PRC - [2008/08/29 13:58:16 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:Program FilesCisco SystemsVPN Clientcvpnd.exe
PRC - [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe
PRC - [2008/04/04 13:37:59 | 00,088,584 | ---- | M] (Logitech Inc.) -- C:Program FilesLogitechGaming SoftwareLWEMon.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:Program FilesViewpointCommonViewpointService.exe
PRC - [2006/06/07 17:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:WINDOWSsystem32ati2evxx.exe
PRC - [2006/05/01 10:07:44 | 00,843,776 | ---- | M] (Analog Devices, Inc.) -- C:Program FilesAnalog DevicesCoresmax4pnp.exe
PRC - [2006/03/17 06:34:30 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:Program FilesSymantec AntiVirusVPTray.exe
PRC - [2006/03/17 06:34:20 | 01,799,408 | ---- | M] (Symantec Corporation) -- C:Program FilesSymantec AntiVirusRtvscan.exe
PRC - [2006/03/17 06:34:12 | 00,030,448 | ---- | M] (Symantec Corporation) -- C:Program FilesSymantec AntiVirusDefWatch.exe
PRC - [2006/03/07 13:03:02 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
PRC - [2006/03/07 13:02:34 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
PRC - [2006/03/07 13:02:14 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:Program FilesCommon FilesSymantec SharedccApp.exe
PRC - [2006/02/24 14:10:44 | 00,397,312 | ---- | M] (BUFFALO INC.) -- C:Program FilesBUFFALOClient Manager3bwsvcBwsvc.exe
PRC - [2006/02/06 12:50:24 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
PRC - [2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:Program FilesATI TechnologiesATI.ACECLI.exe


========== Modules (SafeList) ==========

MOD - [2009/12/09 21:08:07 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsOwnerDesktopOTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/05/30 13:11:58 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:Program FilesJavajre6binjqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:Program FilesCommon FilesLightScribeLSSrvc.exe -- (LightScribeService)
SRV - [2009/02/21 18:09:10 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/29 13:58:16 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:Program FilesCisco SystemsVPN Clientcvpnd.exe -- (CVPND)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:Program FilesViewpointCommonViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/07/28 17:47:00 | 00,520,192 | ---- | M] () -- C:WINDOWSsystem32ati2sgag.exe -- (ATI Smart)
SRV - [2006/06/07 17:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:WINDOWSsystem32ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/03/17 06:34:24 | 00,115,952 | ---- | M] (symantec) -- C:Program FilesSymantec AntiVirusSavRoam.exe -- (SavRoam)
SRV - [2006/03/17 06:34:20 | 01,799,408 | ---- | M] (Symantec Corporation) -- C:Program FilesSymantec AntiVirusRtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/03/17 06:34:12 | 00,030,448 | ---- | M] (Symantec Corporation) -- C:Program FilesSymantec AntiVirusDefWatch.exe -- (DefWatch)
SRV - [2006/03/07 13:03:02 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:Program FilesCommon FilesSymantec SharedccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/07 13:02:34 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/24 14:10:44 | 00,397,312 | ---- | M] (BUFFALO INC.) -- C:Program FilesBUFFALOClient Manager3bwsvcbwsvc.exe -- (Bwsvc)
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:Program FilesSymantecLiveUpdateLuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/06 12:50:24 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/01/24 20:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe -- (SNDSrvc)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU.DEFAULT.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKUS-1-5-18S-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0



IE - HKUS-1-5-21-1659004503-616249376-1801674531-1003SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/
IE - HKUS-1-5-21-1659004503-616249376-1801674531-1003S-1-5-21-1659004503-616249376-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.9
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.1.2
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220


FF - HKLMsoftwaremozillaMozilla Firefox 3.0.7extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2009/07/31 16:45:08 | 00,000,000 | ---D | M]
FF - HKLMsoftwaremozillaMozilla Firefox 3.0.7extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2009/10/04 19:23:12 | 00,000,000 | ---D | M]

[2009/02/22 19:09:43 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataMozillaExtensions
[2009/11/10 20:17:32 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilesen5hvdi4.defaultextensions
[2009/04/30 16:48:55 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilesen5hvdi4.defaultextensions{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/06/24 14:37:23 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilesen5hvdi4.defaultextensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/14 13:24:59 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilesen5hvdi4.defaultextensions{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/02/22 19:16:51 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilesen5hvdi4.defaultextensions{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/02/22 19:16:55 | 00,002,273 | ---- | M] () -- C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilesen5hvdi4.defaultsearchpluginsask.xml
[2009/03/14 13:25:01 | 00,000,567 | ---- | M] () -- C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilesen5hvdi4.defaultsearchpluginsyahoo.xml
[2009/11/10 20:17:32 | 00,000,000 | ---D | M] -- C:Program FilesMozilla Firefoxextensions
[2008/02/07 20:46:12 | 00,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:Program FilesMozilla FirefoxpluginsCgpCore.dll
[2008/02/07 20:46:20 | 00,091,448 | ---- | M] () -- C:Program FilesMozilla Firefoxpluginsconfmgr.dll
[2008/02/07 20:46:16 | 00,021,824 | ---- | M] () -- C:Program FilesMozilla Firefoxpluginsctxlogging.dll
[2007/03/16 16:27:00 | 00,479,232 | ---- | M] (Microsoft Corporation) -- C:Program FilesMozilla Firefoxpluginsmsvcm80.dll
[2007/03/16 16:27:00 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:Program FilesMozilla Firefoxpluginsmsvcp80.dll
[2007/03/16 16:27:00 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:Program FilesMozilla Firefoxpluginsmsvcr80.dll
[2008/02/07 20:48:26 | 00,419,136 | ---- | M] () -- C:Program FilesMozilla FirefoxpluginsnpicaN.dll
[2008/02/07 20:46:12 | 00,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:Program FilesMozilla FirefoxpluginsTcpPServ.dll

O1 HOSTS File: (156 bytes) - C:WINDOWSsystem32driversetchosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM..Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKUS-1-5-21-1659004503-616249376-1801674531-1003..ToolbarWebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..Run: [] File not found
O4 - HKLM..Run: [ATICCC] C:Program FilesATI TechnologiesATI.ACEcli.exe (ATI Technologies Inc.)
O4 - HKLM..Run: [ccApp] C:Program FilesCommon FilesSymantec SharedccApp.exe (Symantec Corporation)
O4 - HKLM..Run: [QuickTime Task] C:Program FilesQuickTimeqttask.exe (Apple Inc.)
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..Run: [Start WingMan Profiler] C:Program FilesLogitechGaming SoftwareLWEMon.exe (Logitech Inc.)
O4 - HKLM..Run: [vptray] C:Program FilesSymantec AntiVirusVPTray.exe (Symantec Corporation)
O4 - HKUS-1-5-21-1659004503-616249376-1801674531-1003..Run: [Aim] C:Program FilesAIMaim.exe (AOL LLC)
O4 - HKUS-1-5-21-1659004503-616249376-1801674531-1003..Run: [Google Update] C:Documents and SettingsOwnerLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe (Google Inc.)
O4 - HKUS-1-5-21-1659004503-616249376-1801674531-1003..RunOnce: [Shockwave Updater] C:WINDOWSSystem32AdobeSHOCKW~1SWHELP~1.EXE -Update -1103472 -Mozilla4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident4.0; File not found
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O7 - HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-21-1659004503-616249376-1801674531-1003SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5Catalog_Entries000000000002 [] - C:Program FilesJuniper NetworksSecure Application Managersamnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5Catalog_Entries000000000005 [] - C:Program FilesJuniper NetworksSecure Application Managersamnsp.dll (Juniper Networks)
O15 - HKLM..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://connect.tjuh.org/dom02/,DanaInfo=je...t,SSL+dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://connect.tjuh.org/dana-cached/setup/...perSetupSP1.cab (JuniperSetupSP1 Control)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.11.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)
O20 - WinlogonNotifyNavLogon: DllName - C:WINDOWSsystem32NavLogon.dll - C:WINDOWSsystem32NavLogon.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/21 15:37:37 | 00,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:WINDOWSsystem32ias [2009/02/21 10:17:24 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53202219457052672)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/09 21:08:04 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsOwnerDesktopOTL.exe
[2009/12/09 20:59:01 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:Documents and SettingsOwnerDesktopHiJackThis.exe
[2009/12/09 20:57:59 | 00,000,000 | ---D | C] -- C:WINDOWSLastGood
[2009/12/07 17:11:32 | 00,000,000 | ---D | C] -- C:Documents and SettingsOwnerDesktopPhil Vassar Christmas
[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/09 21:08:52 | 00,292,864 | ---- | M] () -- C:Documents and SettingsOwnerDesktopypp9orel.exe
[2009/12/09 21:08:07 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsOwnerDesktopOTL.exe
[2009/12/09 21:00:01 | 00,000,978 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-1659004503-616249376-1801674531-1003UA.job
[2009/12/09 20:59:02 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:Documents and SettingsOwnerDesktopHiJackThis.exe
[2009/12/09 20:56:24 | 00,002,206 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl
[2009/12/09 20:56:01 | 00,000,006 | -H-- | M] () -- C:WINDOWStasksSA.DAT
[2009/12/09 20:55:56 | 00,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat
[2009/12/09 20:55:50 | 21,449,76896 | -HS- | M] () -- C:hiberfil.sys
[2009/12/09 18:25:28 | 04,456,448 | -H-- | M] () -- C:Documents and SettingsOwnerNTUSER.DAT
[2009/12/09 18:25:28 | 00,000,178 | -HS- | M] () -- C:Documents and SettingsOwnerntuser.ini
[2009/12/09 18:00:00 | 00,000,926 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-1659004503-616249376-1801674531-1003Core.job
[2009/12/09 17:41:00 | 00,000,472 | ---- | M] () -- C:WINDOWStasksAd-Aware Update (Weekly).job
[2009/12/08 17:06:19 | 00,000,529 | ---- | M] () -- C:hpfr5550.xml
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbam.sys
[2009/11/28 20:17:17 | 00,052,224 | ---- | M] () -- C:Documents and SettingsOwnerMy DocumentsDSL Settings.doc
[2009/11/26 23:09:13 | 00,000,116 | ---- | M] () -- C:WINDOWSNeroDigital.ini
[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/09 21:08:48 | 00,292,864 | ---- | C] () -- C:Documents and SettingsOwnerDesktopypp9orel.exe
[2009/06/14 17:29:31 | 00,000,324 | ---- | C] () -- C:WINDOWSlgfwup.ini
[2009/05/23 10:05:57 | 00,000,116 | ---- | C] () -- C:WINDOWSNeroDigital.ini
[2009/05/23 10:05:56 | 00,009,216 | ---- | C] () -- C:Documents and SettingsOwnerLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 18:29:53 | 00,001,536 | ---- | C] () -- C:WINDOWSSystem32bwsvc_event.dll
[2009/02/21 19:20:56 | 02,844,102 | ---- | C] () -- C:Documents and SettingsOwnerApplication DataCleanUp!.log
[2009/02/21 18:05:46 | 00,000,128 | ---- | C] () -- C:Documents and SettingsOwnerLocal SettingsApplication Datafusioncache.dat
[2009/02/21 17:16:55 | 00,000,000 | ---- | C] () -- C:WINDOWSVPC32.INI
[2009/02/21 17:16:50 | 00,000,376 | ---- | C] () -- C:WINDOWSODBC.INI
[2008/08/29 13:58:26 | 00,197,408 | ---- | C] () -- C:WINDOWSSystem32vpnapi.dll
[2008/08/29 13:58:16 | 00,193,312 | ---- | C] () -- C:WINDOWSSystem32CSGina.dll
[2006/03/15 14:24:32 | 00,023,286 | ---- | C] () -- C:WINDOWSUN800114.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:WINDOWSSystem32OUTLPERF.INI

========== LOP Check ==========

[2009/02/21 18:17:39 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Dataacccore
[2009/10/04 19:23:25 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAIM
[2009/08/10 16:58:14 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataLightScribe
[2009/02/21 18:17:40 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataViewpoint
[2009/05/18 00:43:56 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWinZip
[2009/05/12 13:12:18 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication Data2K Sports
[2009/03/01 00:47:24 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication Dataacccore
[2009/05/28 21:07:27 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataICAClient
[2009/12/09 13:36:05 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataJuniper Networks
[2009/07/29 00:41:33 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataManyCam
[2009/06/24 09:57:36 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataMSNInstaller
[2009/07/27 15:54:58 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataNavNet Solutions
[2009/05/19 11:27:05 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataViewpoint
[2009/05/14 20:43:28 | 00,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataWindows Search
[2009/12/09 17:41:00 | 00,000,472 | ---- | M] () -- C:WINDOWSTasksAd-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%*.exe >


< MD5 for: ATAPI.SYS >
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSsystem32dllcacheatapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSsystem32driversatapi.sys
[2008/04/14 07:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSsystem32ReinstallBackups0008DriverFilesi386atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSsystem32ReinstallBackups0009DriverFilesi386atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:WINDOWSsystem32dllcacheeventlog.dll
[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:WINDOWSsystem32eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:WINDOWSsystem32dllcachenetlogon.dll
[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:WINDOWSsystem32netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:WINDOWSsystem32dllcachescecli.dll
[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:WINDOWSsystem32scecli.dll

< %systemroot%*. /mp /s >

< >
< End of report >

OTL Extras logfile created on: 12/9/2009 9:13:42 PM - Run 1
OTL by OldTimer - Version 3.1.12.0 Folder = C:Documents and SettingsOwnerDesktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.77% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.92% Paging File free
Paging file location(s): C:pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 74.50 Gb Total Space | 42.33 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESK
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.html [@ = htmlfile] -- C:Program FilesInternet ExplorerIEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:Program FilesMicrosoft OfficeOFFICE11msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:Program FilesMicrosoft OfficeOFFICE11msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Applicationsiexplore.exe [open] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:Program FilesInternet Exploreriexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileGloballyOpenPortsList]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"C:Program FilesCommon FilesAOLLoaderaolload.exe" = C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:Program FilesAIM6aim6.exe" = C:Program FilesAIM6aim6.exe:*:Enabled:AIM -- File not found
"C:WINDOWSexplorer.exe" = C:WINDOWSexplorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:Program FilesBUFFALOClient Manager3BWSVCbwsvc.exe" = C:Program FilesBUFFALOClient Manager3BWSVCbwsvc.exe:*:Enabled:ClientMgr3 -- (BUFFALO INC.)
"C:Program FilesBUFFALOClient Manager3AOSSaoss.exe" = C:Program FilesBUFFALOClient Manager3AOSSaoss.exe:*:Enabled:Aoss -- ()
"C:Program FilesJuniper NetworksSecure Application ManagerdsSamProxy.exe" = C:Program FilesJuniper NetworksSecure Application ManagerdsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:Documents and SettingsOwnerApplication DataJuniper NetworksJuniper Citrix Services ClientdsCitrixProxy.exe" = C:Documents and SettingsOwnerApplication DataJuniper NetworksJuniper Citrix Services ClientdsCitrixProxy.exe:*:Enabled:Juniper Citrix Services Client -- (Juniper Networks)
"C:Program FilesYahoo!MessengerYahooMessenger.exe" = C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:Documents and SettingsOwnerLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.dll" = C:Documents and SettingsOwnerLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:Documents and SettingsOwnerLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe" = C:Documents and SettingsOwnerLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:WINDOWSsystem32dpvsetup.exe" = C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:Program FilesAIMaim.exe" = C:Program FilesAIMaim.exe:*:Enabled:AIM -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}" = ATI Catalyst Control Center
"{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}" = Symantec AntiVirus
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{EC59BF9E-39D5-3108-A34B-12FB60ECAF8B}" = Google Talk Plugin
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8DEF1A3-B91E-4935-914A-2AF55C3FC971}" = MLB 2K9
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CleanUp!" = CleanUp!
"FLV Player" = FLV Player 2.0 (build 25)
"HijackThis" = HijackThis 2.0.2
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"UN800114" = BUFFALO Client Manager 3
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERSS-1-5-21-1659004503-616249376-1801674531-1003SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"Juniper_Citrix_Services" = Juniper Citrix Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesSymantec
AntiVirusDefWatch.exe Event Info: Allocation Memory Action Taken: Blocked Actor
Process: C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December
09, 2009 8:07:19 AM

Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesSymantec
AntiVirusRtvscan.exe Event Info: Allocation Memory Action Taken: Blocked Actor
Process: C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December 09,
2009 8:07:19 AM

Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesCommon FilesSymantec
SharedSPBBCSPBBCSvc.exe Event Info: Allocation Memory Action Taken: Blocked Actor
Process: C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December
09, 2009 8:07:19 AM

Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesCommon FilesSymantec
SharedccEvtMgr.exe Event Info: Allocation Memory Action Taken: Blocked Actor Process:
C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December 09, 2009
8:07:19 AM

Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesCommon FilesSymantec
SharedSPBBCSPBBCSvc.exe Event Info: Allocation Memory Action Taken: Blocked Actor
Process: C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December
09, 2009 8:07:19 AM

Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesCommon FilesSymantec
SharedccApp.exe Event Info: Allocation Memory Action Taken: Blocked Actor Process:
C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December 09, 2009
8:07:19 AM

Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesSymantec
AntiVirusVPTray.exe Event Info: Allocation Memory Action Taken: Blocked Actor Process:
C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December 09, 2009
8:07:19 AM

Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesSymantec
AntiVirusDefWatch.exe Event Info: Allocation Memory Action Taken: Blocked Actor
Process: C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December
09, 2009 8:07:19 AM

Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesSymantec
AntiVirusRtvscan.exe Event Info: Allocation Memory Action Taken: Blocked Actor
Process: C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December 09,
2009 8:07:19 AM

Error - 12/9/2009 9:07:19 AM | Computer Name = DESK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:Program FilesCommon FilesSymantec
SharedccSetMgr.exe Event Info: Allocation Memory Action Taken: Blocked Actor Process:
C:WINDOWSsystem32svchost.exe (PID 1228) Time: Wednesday, December 09, 2009
8:07:19 AM

[ System Events ]
Error - 12/9/2009 8:57:23 AM | Computer Name = DESK | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/9/2009 9:16:25 AM | Computer Name = DESK | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 12/9/2009 9:16:25 AM | Computer Name = DESK | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/9/2009 9:16:25 AM | Computer Name = DESK | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/9/2009 2:14:16 PM | Computer Name = DESK | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/9/2009 2:14:16 PM | Computer Name = DESK | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical

I DONT KNOW if the results below are even results at all


GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-09 22:20:35
Windows 5.1.2600 Service Pack 3
Running: ypp9orel.exe; Driver: C:DOCUME~1OwnerLOCALS~1Temppxtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT 8970F488 ZwAlertResumeThread
SSDT 896AF4E0 ZwAlertThread
SSDT 89DD3160 ZwAllocateVirtualMemory
SSDT 89ABAD08 ZwConnectPort
SSDT 89701518 ZwCreateMutant
SSDT 8986CA78 ZwCreateThread
SSDT ??C:Program FilesSymantecSYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA16B4CB0]
SSDT 8990DB20 ZwFreeVirtualMemory
SSDT 896C5770 ZwImpersonateAnonymousToken
SSDT 896DDE50 ZwImpersonateThread
SSDT 89DD95A0 ZwMapViewOfSection
SSDT 896A5D40 ZwOpenEvent
SSDT 898CAEF8 ZwOpenProcessToken
SSDT 896A9CB8 ZwOpenThreadToken
SSDT 89C6F070 ZwQueryValueKey
SSDT 89917AB8 ZwResumeThread
SSDT 896D94E0 ZwSetContextThread
SSDT 89742E50 ZwSetInformationProcess
SSDT 8971DBC0 ZwSetInformationThread
SSDT ??C:Program FilesSymantecSYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA16B4F10]
SSDT 89755C90 ZwSuspendProcess
SSDT 8971CE50 ZwSuspendThread
SSDT 89B66E50 ZwTerminateProcess
SSDT 8971D320 ZwTerminateThread
SSDT 894115D0 ZwUnmapViewOfSection
SSDT 8943E250 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:WINDOWSsystem32driversatapi.sys entry point in ".rsrc" section [0xBA7217A4]
init C:WINDOWSsystem32driversSenfilt.sys entry point in "init" section [0xA179BA00]

---- User code sections - GMER 1.0.15 ----

.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[488] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[616] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:WINDOWSsystem32svchost.exe[1232] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0262000A
.text C:Program FilesInternet Exploreriexplore.exe[2672] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2672] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2672] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2672] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2672] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2672] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2672] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2672] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2672] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3040] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[3556] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:Program FilesInternet Exploreriexplore.exe[488] @ C:WINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:Program FilesInternet Explorerxpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:Program FilesInternet Exploreriexplore.exe[616] @ C:WINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:Program FilesInternet Explorerxpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:Program FilesCisco SystemsVPN Clientcvpnd.exe[624] @ C:WINDOWSsystem32msvcrt.dll [KERNEL32.dll!GetProcAddress] [00D62BC8] C:WINDOWSsystem32VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:Program FilesCisco SystemsVPN Clientcvpnd.exe[624] @ C:WINDOWSsystem32msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00D62CE9] C:WINDOWSsystem32VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:Program FilesCisco SystemsVPN Clientcvpnd.exe[624] @ C:WINDOWSsystem32msvcrt.dll [KERNEL32.dll!TerminateProcess] [00D62CB8] C:WINDOWSsystem32VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:Program FilesInternet Exploreriexplore.exe[3040] @ C:WINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:Program FilesInternet Explorerxpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:Program FilesInternet Exploreriexplore.exe[3556] @ C:WINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:Program FilesInternet Explorerxpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice FileSystemNtfs Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice DriverTcpip DeviceIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice DriverTcpip DeviceIp NEOFLTR_600_12875.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice DriverTcpip DeviceTcp NEOFLTR_600_12875.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice DriverTcpip DeviceTcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice DriverTcpip DeviceUdp NEOFLTR_600_12875.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice DriverTcpip DeviceUdp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice DriverTcpip DeviceRawIp NEOFLTR_600_12875.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice DriverTcpip DeviceRawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device -> Driveratapi DeviceHarddisk0DR0 89D7B618

---- Files - GMER 1.0.15 ----

File C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE5ESBW96P9getAds[1].htm 0 bytes
File C:WINDOWSsystem32driversatapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Dont know if this helps or not, but there is no specific type of redirected website. I mean there is not just one site. It will be a variety of sites that are quite normal or quite bizzare.

Merged posts. ~ OB

Edited by Orange Blossom, 09 December 2009 - 11:50 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 21 December 2009 - 10:33 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 26 December 2009 - 09:37 AM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users