google search links are redirected to advtsmt

May 13, 2010 at 23:32:43
Specs: Windows XP

In firefox and IE, google links are redirected to online advertisement websites.

It doesn't happen with Opera.


See More: google search links are redirected to advtsmt

Report •


#1
May 14, 2010 at 02:56:52

I think you are infected, no idea why Opera is Ok.

Won't hurt to run this.

Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/mbam.php
Forum
http://www.malwarebytes.org/forums/
Error codes
http://forums.malwarebytes.org/inde...
Common Issues, Questions, and their Solutions, Frequently Asked Questions.
http://forums.malwarebytes.org/inde...
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
At the top of the page, Tools > Folder Options > View, click > Show hidden files and folders and untick > Hide extensions for known file types.
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.
When it opens, update 1st.
If it won't update after installing, update manually.
http://www.malwarebytes.org/mbam/da...
Download & install.


Report •

#2
May 14, 2010 at 15:04:09

I already had Malwarebytes' Anti-Malware installed in my computer, but I just updated it, and ran again, it found 4 objects and deleted them. I just did a google search and it is the same thing. It still takes me to advertisement websites. First in the address bar it says: www.etheitbewms.com ............., then it takes me to some advertisement site.
Please help!

Report •

#3
Report •

Related Solutions

#4
May 14, 2010 at 17:56:21

It's some type of browser hi-jack, but why it didn't touch Opera baffles me. Use Hitman Pro as Johnw said, and if that doesn't work, try ComboFix and then post the log here. Here's the link/instructions for ComboFix: http://www.bleepingcomputer.com/com...

Report •

#5
May 14, 2010 at 20:16:48

I am trying to post a reply with the log report, but the website gives me a security warning saying "No/Invalid" subject.


Report •

#6
May 14, 2010 at 20:18:08

I tried Hitman Pro 3.5 and Avast before and they didn't work. I installed Combofix and ran it, here is the log:


Report •

#7
May 14, 2010 at 20:23:33

I tried Hitman and Avast but didn't work. Here is the first half of the log, the next hakf is the following threat.

ComboFix 10-05-14.06 - Halil Ibrahim Kalkan 05/14/2010 22:52:05.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1228 [GMT -4:00]
Running from: c:\documents and settings\Halil Ibrahim Kalkan\Desktop\ComboFix.exe
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\products\products.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\products\products.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_10\images\default_1363_alot_widget_radio.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_10\images\default_1363_alot_widget_radio.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_3\images\default_2302_default_1379_alot_cas_playgames.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_3\images\default_2302_default_1379_alot_cas_playgames.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_8\images\default_2254_email.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_8\images\default_2254_email.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_8\images\icon_configure.JPG
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\alert-icon.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\clear.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\cloudy.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\default_1007_alot_weather_widget.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\foggy.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\mcloud.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\nclear.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\pcloud.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\rain.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Button_9\images\shower.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\toolbar.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Halil Ibrahim Kalkan\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Halil Ibrahim Kalkan\GoToAssistDownloadHelper.exe
C:\Images
c:\images\Crop\DSCF0073.JPG
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\IEToolbar
c:\program files\IEToolbar\GeyikMerkezi Toolbar\autosearch_plugin.dll
c:\program files\IEToolbar\GeyikMerkezi Toolbar\basis.xml
c:\program files\IEToolbar\GeyikMerkezi Toolbar\geyikmerkezi.crc
c:\program files\IEToolbar\GeyikMerkezi Toolbar\icons.bmp
c:\program files\IEToolbar\GeyikMerkezi Toolbar\info.txt
c:\program files\IEToolbar\GeyikMerkezi Toolbar\radio.css
c:\program files\IEToolbar\GeyikMerkezi Toolbar\radio.html
c:\program files\IEToolbar\GeyikMerkezi Toolbar\radio_01.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\radio_02.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\radio_03.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\radio_on_01.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\radio_on_02.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\split.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\spliton.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\splitw.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\splitwon.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\stations.dll
c:\program files\IEToolbar\GeyikMerkezi Toolbar\stations.js
c:\program files\IEToolbar\GeyikMerkezi Toolbar\stations.xml
c:\program files\IEToolbar\GeyikMerkezi Toolbar\tbs_include_script_012372.js
c:\program files\IEToolbar\GeyikMerkezi Toolbar\Thumbs.db
c:\program files\IEToolbar\GeyikMerkezi Toolbar\uninstall.exe
c:\program files\IEToolbar\GeyikMerkezi Toolbar\update.exe
c:\program files\IEToolbar\GeyikMerkezi Toolbar\vbulletin3_logo_white.BMP
c:\program files\IEToolbar\GeyikMerkezi Toolbar\version.txt
c:\program files\IEToolbar\GeyikMerkezi Toolbar\vol.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\volbg.gif
c:\program files\IEToolbar\GeyikMerkezi Toolbar\your_logo.png
C:\restore
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
c:\windows\system32\st325602.dll
c:\windows\system32\win32.dll



Report •

#8
May 14, 2010 at 20:24:16

Here is the second half:
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.

2010-05-14 03:35 . 2010-05-14 03:35 -------- d-----w- c:\windows\system32\scripting
2010-05-14 03:35 . 2010-05-14 03:35 -------- d-----w- c:\windows\l2schemas
2010-05-14 03:35 . 2010-05-14 03:35 -------- d-----w- c:\windows\system32\en
2010-05-14 03:35 . 2010-05-14 03:35 -------- d-----w- c:\windows\system32\bits
2010-05-14 03:25 . 2010-05-14 03:25 -------- d-----w- c:\windows\EHome
2010-05-14 03:11 . 2010-05-14 03:11 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-05-14 03:08 . 2010-05-14 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-11 03:58 . 2010-05-11 03:58 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Opera
2010-05-11 03:58 . 2010-05-14 03:06 -------- d-----w- c:\program files\Opera
2010-05-10 16:45 . 2010-05-14 03:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-10 16:45 . 2010-05-14 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-10 16:40 . 2010-05-10 16:40 63488 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-10 16:40 . 2010-05-10 16:40 52224 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-10 16:40 . 2010-05-10 16:40 117760 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-10 16:39 . 2010-05-14 03:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-10 16:39 . 2010-05-10 16:39 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\SUPERAntiSpyware.com
2010-05-10 16:39 . 2010-05-10 16:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-09 12:00 . 2008-04-14 00:12 73832 ------w- c:\windows\system32\slcoinst.dll
2010-05-07 18:55 . 2010-05-14 03:13 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-07 18:55 . 2010-05-14 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-07 18:55 . 2010-05-07 18:55 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-07 15:00 . 2010-05-07 15:00 -------- d-----w- c:\program files\Alwil Software
2010-05-07 15:00 . 2010-05-07 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-07 15:00 . 2010-05-07 15:00 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Yahoo!
2010-05-07 15:00 . 2010-05-07 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-04 05:36 . 2010-05-04 06:05 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\StarOffice8
2010-05-03 20:24 . 2010-05-03 20:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\DVDVideoSoftTB
2010-04-30 00:06 . 2010-04-30 00:06 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\GrammarInUseIntermediate
2010-04-28 17:03 . 2010-05-14 03:06 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\gtk-2.0
2010-04-28 16:05 . 2010-05-14 00:34 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\gretl
2010-04-28 16:03 . 2010-04-28 16:03 -------- d-----w- c:\program files\gretl
2010-04-23 20:08 . 2010-04-23 20:08 -------- d-----w- c:\program files\iPod
2010-04-23 20:08 . 2010-04-23 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-23 20:04 . 2010-04-23 20:05 -------- d-----w- c:\program files\QuickTime
2010-04-23 19:58 . 2010-04-23 19:58 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-22 19:38 . 2010-05-14 06:23 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-04-22 19:38 . 2010-05-05 03:33 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\DVDVideoSoftTB
2010-04-17 02:29 . 2010-04-17 02:30 -------- d-----w- C:\Free YouTube Download

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 03:03 . 2009-09-21 06:12 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Skype
2010-05-15 03:00 . 2008-10-24 02:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-15 02:50 . 2009-09-21 06:14 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\skypePM
2010-05-14 17:29 . 2009-11-07 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 06:16 . 2010-05-14 06:16 -------- d-----w- c:\program files\Trend Micro
2010-05-14 03:07 . 2008-11-25 18:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-10 04:57 . 2010-04-27 03:06 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\LimeWire
2010-05-07 15:00 . 2008-10-20 01:26 -------- d-----w- c:\program files\Yahoo!
2010-05-07 14:58 . 2008-08-19 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-02 16:40 . 2008-08-15 15:57 85592 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 13:06 . 2008-09-17 22:51 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-01 12:43 . 2008-08-13 16:24 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Apple Computer
2010-05-01 12:38 . 2010-02-19 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-29 19:39 . 2009-11-07 23:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-07 23:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 20:09 . 2008-08-13 16:24 -------- d-----w- c:\program files\iTunes
2010-04-23 20:08 . 2008-08-13 16:22 -------- d-----w- c:\program files\Common Files\Apple
2010-04-19 11:41 . 2009-08-14 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-04-17 02:29 . 2010-02-27 02:09 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-14 01:41 . 2008-08-11 21:04 -------- d-----w- c:\program files\Google
2010-04-10 04:45 . 2010-04-10 04:45 -------- d-----w- c:\program files\iMesh Applications
2010-03-26 14:33 . 2010-04-15 02:35 1496064 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-04-15 02:35 43008 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-04-15 02:35 339456 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-04-15 02:35 346112 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-22 19:33 . 2010-03-22 19:33 -------- d-----w- c:\program files\Mailinfo
2010-03-20 19:14 . 2010-03-20 19:14 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\AVG8
2010-03-20 17:54 . 2010-03-20 17:33 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys.install_backup
2010-03-20 17:54 . 2008-10-24 02:22 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys.install_backup
2010-03-20 17:53 . 2010-03-20 17:33 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-20 17:51 . 2008-10-24 02:22 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys.install_backup
2010-03-20 17:51 . 2010-03-20 17:33 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys.install_backup
2010-03-20 17:32 . 2010-03-20 17:32 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-20 17:32 . 2010-03-20 17:32 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-20 17:32 . 2008-10-24 02:22 -------- d-----w- c:\program files\AVG
2010-03-20 17:32 . 2010-03-20 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-17 15:56 . 2010-03-16 15:54 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\School Zone Preferences
2010-03-16 15:55 . 2010-03-16 15:54 -------- d-----w- c:\program files\sz8081_6
2010-02-27 02:24 . 2010-02-27 02:10 52224 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-02-27 02:24 . 2010-02-27 02:10 101376 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2010-02-26 05:43 . 2006-03-04 03:33 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2009-09-07 20:37 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2004-08-04 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2005-03-30 01:21 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-03-30 01:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-01-15 17:52 . 2010-01-15 17:52 59392 --sha-r- c:\windows\system32\msvcrt40Y.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2009-03-18 21:02 140880 ----a-w- c:\progra~1\DAP\dapieloader.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-03-18 2807296]
"Google Update"="c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-19 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-05-07 5937984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-19 18:20 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Halil Ibrahim Kalkan\\Desktop\\Halil\\Music\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Halil Ibrahim Kalkan\\Desktop\\Music\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Halil Ibrahim Kalkan\\Desktop\\Music\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [3/20/2010 1:33 PM 25096]
R1 ISODrive;ISO DVD/CD-ROM Device Driver;c:\program files\UltraISO\drivers\ISODrive.sys [2/18/2010 10:55 PM 82320]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;c:\windows\system32\drivers\wmiacpi.sys [8/11/2008 5:12 AM 8832]
R2 Apple Mobile Device;Apple Mobile Device;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [3/19/2010 10:49 AM 144672]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/21/2009 1:56 AM 54752]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program;c:\program files\Canon\IJPLM\ijplmsvc.exe [8/13/2009 9:55 PM 103808]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [3/21/2009 5:34 AM 153376]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 rimmptsk;rimmptsk;c:\windows\system32\drivers\rimmptsk.sys [8/11/2008 2:16 PM 32256]
R2 rimsptsk;rimsptsk;c:\windows\system32\drivers\rimsptsk.sys [8/11/2008 2:16 PM 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver;c:\windows\system32\drivers\rixdptsk.sys [8/11/2008 2:16 PM 37376]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [5/19/2009 11:36 AM 240512]
R2 wltrysvc;Dell Wireless WLAN Tray Service;c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe --> c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe [?]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/20/2010 1:32 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [3/20/2010 1:32 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [3/20/2010 1:32 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [3/20/2010 1:32 PM 26120]
R3 BCM43XX;Dell Wireless WLAN Card Driver;c:\windows\system32\drivers\BCMWL5.SYS [8/11/2008 2:41 PM 1123328]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;c:\windows\system32\drivers\bcm4sbxp.sys [8/11/2008 2:27 PM 45568]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [9/4/2008 5:46 PM 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [9/4/2008 5:46 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [9/4/2008 5:46 PM 7424]
R3 sdbus;sdbus;c:\windows\system32\drivers\sdbus.sys [8/4/2004 6:00 AM 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC;c:\windows\system32\drivers\sthda.sys [8/11/2008 2:27 PM 1222840]
S0 cercsr6;cercsr6;c:\windows\system32\drivers\cercsr6.sys [12/13/2004 5:14 PM 39904]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/20/2010 1:53 PM 5888008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 1:23 AM 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/20/2010 1:32 PM 30104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [10/23/2008 10:49 PM 1527900]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/19/2008 2:20 PM 29744]
S3 NdisIP;Microsoft TV/Video Connection;c:\windows\system32\drivers\ndisip.sys [8/11/2008 5:14 AM 10880]
S3 sffdisk;SFF Storage Class Driver;c:\windows\system32\drivers\sffdisk.sys [8/4/2004 6:00 AM 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;c:\windows\system32\drivers\sffp_sd.sys [8/4/2004 6:00 AM 11008]
S3 SLIP;BDA Slip De-Framer;c:\windows\system32\drivers\slip.sys [8/11/2008 5:14 AM 11136]
S3 usbvideo;USB Video Device (WDM);c:\windows\system32\drivers\usbvideo.sys [8/11/2008 5:13 AM 121984]
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 16:34]

2010-05-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-11 14:58]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 05:23]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 05:23]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-861567501-682003330-1004Core.job
- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-12 03:21]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-861567501-682003330-1004UA.job
- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-12 03:21]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1703502&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{60270dc7-9ea0-472f-9b77-66652c06246e} - (no file)
BHO-{FC076C81-68C8-46A9-AC11-678E80A6C989} - (no file)
Toolbar-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-tmvdyrhr - c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\mmumro\mqcasftav.exe
ActiveSetup-{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} - c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 23:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1280)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\WLDAP32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\HPZipm12.exe
c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-05-14 23:06:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-15 03:06

Pre-Run: 114,593,325,056 bytes free
Post-Run: 114,588,827,648 bytes free

- - End Of File - - EA818BA17B927788320767E13A27577E



Report •

#9
May 14, 2010 at 23:46:39

Taquito.exe is still in System Restore.

Spyware removal tutorials - HOWTOs
http://www.myantispyware.com/tutori...
How to Disable System Restore in Windows ME or Windows XP.
One of the best features of Windows ME or XP is the System Restore option, however if a virus infects a computer with this operating system the virus may be accidentally backed up because of this feature. In order to completely remove a virus on these operating systems, you should disable System Restore before cleaning the system, then reenable it after the system is clean.


Report •

#10
May 15, 2010 at 07:24:43

I turned the system restore off, and ran Malwarebytes' Anti Malware and Hitman Pro. Hitman didn't find anything. MalwareBytes found 1 object and deleted it. But it is still the same problem.

Report •

#11
May 15, 2010 at 14:19:54

Run ATF Cleaner
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.atribune.org/
http://www.atribune.org/index.php?o...
Forum
http://www.atribune.org/forums/
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
This will remove all files from the items that are checked so if you have some cookies you'd like to save, please move them to a different directory first.
Notes for Windows Vista users:
On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"

Report •

#12
May 15, 2010 at 16:08:22

Uninstall AVG you can only have one Realtime AV running.

Report •

#13
May 16, 2010 at 04:30:55

Run Combofix again, make sure your AV & Spybot's TeaTimer are turned off or disabled.

How to use ComboFix
http://www.bleepingcomputer.com/com...
http://www.jamiiforums.com/download...
http://forums.majorgeeks.com/showth...


Report •

#14
May 16, 2010 at 05:34:44

What is this in startups?

MSConfigStartUp-tmvdyrhr - c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\mmumro\mqcasftav.exe


Report •

#15
Report •

#16
May 16, 2010 at 10:16:41

Ok, I uninstalled AVG, ran ATF cleaner, I went to Program add/remove, and didn't see alottoolbar, went to firefox, tools, extensions, didn't see it.

I tried to see what is " c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\mmumro\mqcasftav.exe" in the startup, but when I clicked on "mmumro", there was nothing in it. it was empty. so basically, "mgcasftav" doesn't exist in mmumro.


Report •

#17
May 16, 2010 at 15:57:57

"I went to Program add/remove, and didn't see alottoolbar, went to firefox, tools, extensions, didn't see it."

Read the links I gave you & make sure none of the files or registry entries are there, if so, delete them manually.


Report •

#18
May 16, 2010 at 20:06:46

Ok, done. there is no registry left regarding alottoolbar.

Report •

#19
May 16, 2010 at 21:09:38

Did you run combofix again?

Delete the previous version & download again.

Make sure Spybot's TeaTimer is disabled, this infection hides in the Hosts files.


Report •

#20
May 17, 2010 at 08:32:15

Deleted, and reinstalled combofix, here is the log:

ComboFix 10-05-16.02 - Halil Ibrahim Kalkan 05/17/2010 11:24:38.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1129 [GMT -4:00]
Running from: c:\documents and settings\Halil Ibrahim Kalkan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-17 01:18 . 2010-05-17 01:20 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Trend Micro
2010-05-17 00:05 . 2010-05-17 00:05 -------- d-----w- c:\program files\Enigma Software Group
2010-05-17 00:04 . 2010-05-17 01:05 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-14 17:35 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-05-14 06:16 . 2010-05-17 01:20 -------- d-----w- c:\program files\Trend Micro
2010-05-14 03:35 . 2010-05-14 03:35 -------- d-----w- c:\windows\system32\scripting
2010-05-14 03:35 . 2010-05-14 03:35 -------- d-----w- c:\windows\l2schemas
2010-05-14 03:35 . 2010-05-14 03:35 -------- d-----w- c:\windows\system32\en
2010-05-14 03:35 . 2010-05-14 03:35 -------- d-----w- c:\windows\system32\bits
2010-05-14 03:25 . 2010-05-14 03:25 -------- d-----w- c:\windows\EHome
2010-05-14 03:11 . 2010-05-14 03:11 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-05-11 03:58 . 2010-05-11 03:58 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Opera
2010-05-11 03:58 . 2010-05-14 03:06 -------- d-----w- c:\program files\Opera
2010-05-10 16:39 . 2010-05-15 17:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-10 16:39 . 2010-05-10 16:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-09 12:00 . 2008-04-14 00:12 73832 ------w- c:\windows\system32\slcoinst.dll
2010-05-07 18:55 . 2010-05-15 15:20 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-07 15:00 . 2010-05-07 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-07 15:00 . 2010-05-07 15:00 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Yahoo!
2010-05-07 15:00 . 2010-05-07 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-04 05:36 . 2010-05-04 06:05 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\StarOffice8
2010-05-03 20:24 . 2010-05-03 20:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\DVDVideoSoftTB
2010-04-30 00:06 . 2010-04-30 00:06 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\GrammarInUseIntermediate
2010-04-28 17:03 . 2010-05-14 03:06 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\gtk-2.0
2010-04-28 16:05 . 2010-05-14 00:34 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\gretl
2010-04-28 16:03 . 2010-04-28 16:03 -------- d-----w- c:\program files\gretl
2010-04-23 20:08 . 2010-04-23 20:08 -------- d-----w- c:\program files\iPod
2010-04-23 20:08 . 2010-04-23 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-23 20:04 . 2010-04-23 20:05 -------- d-----w- c:\program files\QuickTime
2010-04-23 19:58 . 2010-04-23 19:58 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 15:23 . 2009-09-21 06:12 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Skype
2010-05-17 13:56 . 2008-10-24 02:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-17 13:56 . 2009-09-21 06:14 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\skypePM
2010-05-17 01:12 . 2009-10-12 20:55 -------- d-----w- c:\program files\IrfanView
2010-05-17 00:04 . 2008-11-25 18:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 17:55 . 2008-08-11 21:04 -------- d-----w- c:\program files\Google
2010-05-15 16:06 . 2008-08-15 15:57 86368 ----a-w- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-15 15:15 . 2010-05-15 15:15 7168 --sha-w- c:\windows\system32\drivers\Thumbs.db
2010-05-14 17:29 . 2009-11-07 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 04:57 . 2010-04-27 03:06 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\LimeWire
2010-05-07 14:58 . 2008-08-19 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-01 13:06 . 2008-09-17 22:51 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-01 12:43 . 2008-08-13 16:24 -------- d-----w- c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Apple Computer
2010-05-01 12:38 . 2010-02-19 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-29 19:39 . 2009-11-07 23:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-07 23:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 20:09 . 2008-08-13 16:24 -------- d-----w- c:\program files\iTunes
2010-04-23 20:08 . 2008-08-13 16:22 -------- d-----w- c:\program files\Common Files\Apple
2010-04-19 11:41 . 2009-08-14 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-04-10 04:45 . 2010-04-10 04:45 -------- d-----w- c:\program files\iMesh Applications
2010-03-22 19:33 . 2010-03-22 19:33 -------- d-----w- c:\program files\Mailinfo
2010-03-20 17:54 . 2010-03-20 17:33 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys.install_backup
2010-03-20 17:54 . 2008-10-24 02:22 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys.install_backup
2010-03-20 17:51 . 2008-10-24 02:22 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys.install_backup
2010-03-20 17:51 . 2010-03-20 17:33 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys.install_backup
2010-03-09 11:09 . 2004-08-04 10:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43 . 2006-03-04 03:33 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2009-09-07 20:37 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2004-08-04 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-01-15 17:52 . 2010-01-15 17:52 59392 --sha-r- c:\windows\system32\msvcrt40Y.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2009-03-18 21:02 140880 ----a-w- c:\progra~1\DAP\dapieloader.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-03-18 2807296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-03-29 18:54 2343120 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-17 01:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-19 18:20 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-30 03:21 133104 ----atw- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-19 18:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Halil Ibrahim Kalkan\\Desktop\\Halil\\Music\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Halil Ibrahim Kalkan\\Desktop\\Music\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Halil Ibrahim Kalkan\\Desktop\\Music\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 1:23 AM 135664]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [10/23/2008 10:49 PM 1527900]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/19/2008 2:20 PM 29744]
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 16:34]

2010-05-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-11 14:58]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 05:23]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 05:23]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-861567501-682003330-1004Core.job
- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-12 03:21]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-861567501-682003330-1004UA.job
- c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-12 03:21]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Halil Ibrahim Kalkan\Application Data\Mozilla\Firefox\Profiles\v4hry2m6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1703502&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - plugin: c:\documents and settings\Halil Ibrahim Kalkan\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\unyt_wrap.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2010-05-17 11:30:18
ComboFix-quarantined-files.txt 2010-05-17 15:30

Pre-Run: 120,812,261,376 bytes free
Post-Run: 120,874,483,712 bytes free

- - End Of File - - 4D403A8096F25D770815C9943B4975BB


Report •

#21
Report •

#22
May 17, 2010 at 15:41:12

After removing MyWebSearch, reboot & run a full Avast scan.

Avast
http://www.freewarefiles.com/Avast-...
http://download.cnet.com/Avast-Free...
http://www.download.com/Avast-Home-...
http://www.avast.com/free-antivirus...
Reregister after 14 months free use ( Still stays free )
All-inclusive and comprehensive protection FREE avast! antivirus Home Edition includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT detection based on the best-in class GMER technology. No additional purchase is required.
Simple to use and automated Daily automatic updates ensure continuous data protection against all types of malware and spyware. Simply install and forget. We've made avast! as simple to use as possible.


Report •

#23
May 17, 2010 at 18:30:56

I ran a full Avast scan, and it didn't find anything.

Report •

#24
May 17, 2010 at 20:03:11

Is google still redirecting?

Report •

#25
May 18, 2010 at 18:11:58

I just tried it, and it is not redirecting anymore.
John, thank you very much. I hope you are aware what kind of a favor you did to me by directing me through all these steps.

Thank you so much!


Report •

#26
May 18, 2010 at 20:29:46

Whew, that's good news halil, your registry will now need tidying up. Do not be alarmed at the amount of files that need fixing.

Vit Registry Fix Free Edition
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.vitsoft.org.ua/Eng/vit-r...
XP / Vista / XP X64 / Vista64 / 7

5 Screenshots on how to use.
http://yfrog.com/0lvit5jx


Report •

#27
May 21, 2010 at 16:27:45

I ran Registry Fix and found 440 problems were found and fixed.

Report •

#28
May 21, 2010 at 16:59:08

Ok halil, how many times did you rerun the cleaner?

When finished with the cleaner, I run it regularly, reboot & run defrag or install either of these.

I use the screensaver version of this program.

Auslogics Disk Defrag Screen Saver
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.auslogics.com/en/softwar...

Auslogics Disk Defrag
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.auslogics.com/


Report •

#29
May 21, 2010 at 19:37:31

I ran it once, but after your your reply I ran it twice more. It found more errors.
I also downloaded the Screen saver version of Disk Defrag, and running it now.

Report •

#30
May 21, 2010 at 22:37:49

"I ran it once, but after your your reply I ran it twice more"

5 Screenshots on how to use.
http://yfrog.com/0lvit5jx

This screenshot shows what to click after each Fix.
http://a.yfrog.com/img21/8427/vit5.jpg


Report •


Ask Question