Inactive Google results are redirecting

Status
Not open for further replies.

poorskull

Posts: 6   +0
Hi there, looks like I've got one of these... Firefox is my primary browser, and after months of non-use I checked IE and it's also exhibiting the same behavior. Hoping you guys can work your magic. (Apologies in advance if I manage to prove incompetent)

===============================

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6062

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/15/2011 7:10:35 AM
mbam-log-2011-03-15 (07-10-35).txt

Scan type: Quick scan
Objects scanned: 156257
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

===========================================

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-15 10:53:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BB-00FJA0 rev.13.03G13
Running: nrp7jync.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\uwtdakow.sys


---- System - GMER 1.0.15 ----

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF629549E]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
.text C:\WINDOWS\System32\svchost.exe[984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\System32\svchost.exe[984] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C
.text C:\WINDOWS\System32\svchost.exe[984] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00ED000A
.text C:\WINDOWS\Explorer.EXE[1068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\Explorer.EXE[1068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[1068] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
? C:\WINDOWS\System32\svchost.exe[2316] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: oleaut32.dllunknown module: oleaut32.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [00401004] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 7453060A
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 676E6972
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [00401010] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 69570A0B
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 74536564
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 676E6972
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [00401020] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 6156070C
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 6E616972
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [00408D74] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [00401030] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 6C4F0A0C
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 72615665
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00401088] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [00403600] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [00403604] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [00403608] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [004035FC] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [0040338C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [004033A8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [004033E4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 624F5407
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 7463656A
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [00401094] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 4F540707
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 63656A62
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 40108874
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 06000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 74737953
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 00006D65
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [004010B4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 49490A0F
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 7265746E
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 65636166
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000001
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 79530646
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 6D657473
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] FFFF0003
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [004010E4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 4449090F
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 61707369
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] B0686374
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 01004010
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00020400
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 000000C0
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 46000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 73795306
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 046D6574
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 90FFFF00
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 244483CC
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] BDE9F804
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 83000048
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] F8042444
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 24448300
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] E5E9F804
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] CC000048
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 401111CC
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 40111B00
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 40112500
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 00000100
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00000000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 59: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
 
---- Files - GMER 1.0.15 ----

File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\01\11-{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}-v1-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v11-Downloaded.frx 112 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\12\12-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v12-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v12-Downloaded.frx 5149291 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\13\13-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v13-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v13-Downloaded.frx 112 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\14\14-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v14-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v14-Downloaded.frx 125646 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\15\15-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v15-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v15-Downloaded.frx 129788 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\16\16-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v16-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v16-Downloaded.frx 130524 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\16\16-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v16-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v16-Downloaded.frx 371650 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\17\17-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v17-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v17-Downloaded.frx 127879 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\17\17-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v17-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v17-Downloaded.frx 513808 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\18\18-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v18-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v18-Downloaded.frx 124237 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\18\18-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v18-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v18-Downloaded.frx 748481 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\19\19-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v19-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v19-Downloaded.frx 122015 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\19\19-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v19-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v19-Downloaded.frx 675874 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\20\20-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v20-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v20-Downloaded.frx 131776 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\20\20-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v20-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v20-Downloaded.frx 696085 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\21\21-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v21-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v21-Downloaded.frx 132250 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\22\22-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v22-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v22-Downloaded.frx 132089 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\22\22-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v22-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v22-Downloaded.frx 206465 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\23\23-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v23-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v23-Downloaded.frx 112717 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\24\24-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v24-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v24-Downloaded.frx 114085 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\24\24-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v24-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v24-Downloaded.frx 118530 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\25\25-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v25-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v25-Downloaded.frx 119586 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\25\34-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v25-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v34-Downloaded.frx 117552 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\26\26-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v26-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v26-Downloaded.frx 125604 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\26\35-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v26-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v35-Downloaded.frx 121626 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\27\27-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v27-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v27-Downloaded.frx 130179 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\27\36-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v27-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v36-Downloaded.frx 135353 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\28\37-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v28-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v37-Downloaded.frx 136499 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\29\32-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v29-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v32-Downloaded.frx 142338 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\30\31-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v30-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v31-Downloaded.frx 112 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\39\44-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v39-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v44-Downloaded.frx 127012 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\40\45-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v40-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v45-Downloaded.frx 127503 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\41\46-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v41-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v46-Downloaded.frx 120075 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\42\47-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v42-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v47-Downloaded.frx 121794 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\43\48-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v43-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v48-Downloaded.frx 123561 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\49\49-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v49-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v49-Downloaded.frx 115044 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\52\52-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v52-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v52-Downloaded.frx 119006 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\53\53-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v53-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v53-Downloaded.frx 283656 bytes
File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\54\54-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v54-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v54-Downloaded.frx 287303 bytes

---- EOF - GMER 1.0.15 ----

====================================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/20/2009 7:10:58 PM
System Uptime: 3/15/2011 7:53:40 AM (4 hours ago)
.
Motherboard: First International Computer, Inc. | | AU31
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2088/166mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 7.014 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP412: 12/15/2010 5:15:56 PM - System Checkpoint
RP413: 12/16/2010 1:33:49 AM - Software Distribution Service 3.0
RP414: 12/17/2010 2:10:47 PM - System Checkpoint
RP415: 12/20/2010 2:02:12 PM - System Checkpoint
RP416: 12/21/2010 3:34:40 PM - System Checkpoint
RP417: 12/22/2010 11:07:50 PM - System Checkpoint
RP418: 12/24/2010 10:29:39 AM - System Checkpoint
RP419: 12/25/2010 6:31:45 PM - System Checkpoint
RP420: 12/26/2010 7:25:42 PM - System Checkpoint
RP421: 12/27/2010 10:36:58 PM - System Checkpoint
RP422: 12/30/2010 2:08:18 AM - Software Distribution Service 3.0
RP423: 1/1/2011 11:19:30 PM - System Checkpoint
RP424: 1/4/2011 12:03:29 PM - System Checkpoint
RP425: 1/10/2011 11:56:34 AM - System Checkpoint
RP426: 1/12/2011 3:00:40 AM - Software Distribution Service 3.0
RP427: 1/21/2011 8:53:39 AM - System Checkpoint
RP428: 1/22/2011 10:30:12 AM - System Checkpoint
RP429: 1/23/2011 11:28:44 AM - System Checkpoint
RP430: 1/25/2011 7:01:07 PM - System Checkpoint
RP431: 1/27/2011 12:12:08 AM - System Checkpoint
RP432: 1/31/2011 10:09:01 PM - System Checkpoint
RP433: 2/3/2011 2:55:02 PM - System Checkpoint
RP434: 2/4/2011 8:55:21 PM - System Checkpoint
RP435: 2/6/2011 9:36:56 AM - System Checkpoint
RP436: 2/7/2011 11:44:22 PM - System Checkpoint
RP437: 2/9/2011 3:01:41 AM - Software Distribution Service 3.0
RP438: 2/10/2011 12:05:59 PM - System Checkpoint
RP439: 2/12/2011 3:31:38 AM - System Checkpoint
RP440: 2/13/2011 12:04:49 PM - System Checkpoint
RP441: 2/14/2011 9:35:57 PM - System Checkpoint
RP442: 2/16/2011 10:25:05 PM - System Checkpoint
RP443: 2/17/2011 11:49:26 PM - System Checkpoint
RP444: 2/19/2011 8:56:29 PM - System Checkpoint
RP445: 2/21/2011 4:29:40 PM - System Checkpoint
RP446: 2/22/2011 7:31:05 PM - System Checkpoint
RP447: 2/24/2011 2:00:25 PM - System Checkpoint
RP448: 2/25/2011 7:55:51 PM - System Checkpoint
RP449: 2/26/2011 8:23:23 PM - System Checkpoint
RP450: 3/1/2011 10:43:12 PM - System Checkpoint
RP451: 3/3/2011 10:24:58 PM - System Checkpoint
RP452: 3/5/2011 7:35:26 PM - System Checkpoint
RP453: 3/8/2011 3:00:48 AM - Software Distribution Service 3.0
RP454: 3/9/2011 10:27:16 AM - Installed Compatibility Pack for the 2007 Office system
RP455: 3/9/2011 10:18:35 PM - Software Distribution Service 3.0
RP456: 3/10/2011 3:02:01 AM - Software Distribution Service 3.0
RP457: 3/11/2011 7:56:06 PM - System Checkpoint
RP458: 3/15/2011 5:13:04 AM - Installed Java(TM) 6 Update 24
RP459: 3/15/2011 5:20:37 AM - Removed Java 2 Runtime Environment, SE v1.4.2
RP460: 3/15/2011 6:17:01 AM - Removed Adobe Reader 7.0
RP461: 3/15/2011 6:18:11 AM - Installed Adobe Reader X.
.
==== Installed Programs ======================
.
.
µTorrent
AAC Decoder
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader X
Amazon MP3 Downloader 1.0.10
Amazon Unbox Video
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Bulent's Screen Recorder
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Charter Security Suite
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
F-Secure PSC Prerequisites
GIMP 2.6.8
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB939209)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ICQ
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Last.fm 1.5.4.27091
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft LifeCam
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MKV Splitter
Mozilla Firefox (3.6.15)
MSVCRT
Multimedia Keyboard Driver
NVIDIA Display Driver
NVIDIA Ethernet Driver
NVIDIA nForce Drivers
PeerBlock 1.0.0 (r181)
Play Wireless USB Adapter
PowerDVD
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 4.1
SoftV92 Data Fax Modem with SmartCP
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VLC media player 1.0.3
WebFldrs XP
Winamp
Winamp Application Detect
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
3/9/2011 3:21:15 AM, error: F-Secure Gatekeeper [1] -
3/15/2011 7:56:07 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
3/15/2011 7:56:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
3/15/2011 7:56:05 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/15/2011 7:26:56 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
3/15/2011 7:15:10 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/15/2011 6:43:21 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 6:43:21 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 6:43:15 AM, error: Service Control Manager [7034] - The Amazon Unbox Video Service service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 6:43:13 AM, error: Service Control Manager [7034] - The Belkin WLAN service service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 6:43:06 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 6:43:06 AM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 6:43:01 AM, error: Service Control Manager [7034] - The F-Secure Management Agent service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 6:42:57 AM, error: Service Control Manager [7034] - The FSGKHS service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 6:42:42 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 6:42:42 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2011 5:21:29 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/15/2011 5:05:34 AM, error: PlugPlayManager [11] - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal.
.
==== End Of File ===========================
 
Bear with me as I'm having considerable difficulty posting the last portion. I keep on getting a page that says "The Connection Was Reset" after clicking reply.



Edit: I'm REALLY sorry about the size of my ever-shrinking replies. Shortening them seems to be the only way the board will take them.
 
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Joe at 11:29:34.26 on Tue 03/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.133 [GMT -5:00]
.
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe -k itlsvc
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Belkin\F7D4101\V1\PBN.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Charter Security Suite\Common\FSLAUNCH.EXE
C:\Documents and Settings\Joe\Desktop\dds.scr
.
 
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.emachines.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nForce Tray Options] sstray.exe /r
mRun: [CHotkey] zHotkey.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
 
mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\playwi~1.lnk - c:\program files\belkin\f7d4101\v1\PBN.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

DDS.txt log is incomplete.
Please, repost it.
If you still have some problems with posting it, attach it.
 
Status
Not open for further replies.
Back