search engine redirects

Dell Latitude d600
December 22, 2009 at 14:01:01
Specs: Microsoft Windows XP Professional, 1.598 GHz / 1023 MB
Hi, I when I try to use google search I get links but when I click on them it redirects me to other search engines. I have downloaded updated versions of ad aware and malware bytes and did the hijackthis. Still have the same problem. Please help. I think I posted this question but I can't find it anywhere.

See More: search engine redirects

Report •


#1
December 22, 2009 at 15:00:48
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Download Gmer.exe from the following link.

Gmer.exe

Next reboot into safe mode using only the F8 method:

1.Restart your computer.
2.When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3.Select the option for Safe Mode using the arrow keys.
4.Then press enter on your keyboard to boot into Safe Mode.

Now run GMER from safe mode.


1. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
2. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
3. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
4. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
5. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
6. Now click the Scan button. If you see a rootkit warning window, click OK.
7. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
8. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done restart into normal mode and post the Gmer log.



Report •

#2
December 23, 2009 at 10:47:17
Thanks so much. Here goes the log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-23 10:43:23
Windows 5.1.2600 Service Pack 3
Running: 3xys1fij.exe; Driver: C:\DOCUME~1\HOME\LOCALS~1\Temp\kwloypod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF767F87E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF767FBFE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF75907A4]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[452] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F0000A

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 86F01618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Report •

#3
December 23, 2009 at 11:30:20
Would like to get the scan results in the order requested please.

Report •

Related Solutions

#4
December 23, 2009 at 13:08:09
Sorry. Lets try this again. I had to get out of safe mode to connect to the internet. Here it goes:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-23 12:51:42
Windows 5.1.2600 Service Pack 3
Running: 3xys1fij.exe; Driver: C:\DOCUME~1\HOME\LOCALS~1\Temp\kwloypod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF767F87E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF767FBFE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF75907A4]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 86F01618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Report •

#5
December 23, 2009 at 13:10:05
We need the RSIT scan results please.

Report •

#6
December 23, 2009 at 14:45:33
Is this what you needed? I think this is it:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HOME at 2009-12-23 14:46:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (41%) free of 19 GB
Total RAM: 1023 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:30 PM, on 12/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HOME\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HOME.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5794 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\Norton Security Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-13 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-10 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-16 2043160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-13 1836544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2003-02-10 4501504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
C:\WINDOWS\system32\pctspk.exe [2003-02-24 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-13 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2007-08-13 124912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-10-15 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\iWin Games\iWinGames.exe"="C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application."
"C:\Program Files\iWin Games\WebUpdater.exe"="C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-23 09:29:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-23 09:19:38 ----D---- C:\rsit
2009-12-21 14:13:37 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-12-21 14:13:37 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-12-21 13:45:31 ----D---- C:\Program Files\Trend Micro
2009-12-21 12:39:14 ----D---- C:\Documents and Settings\HOME\Application Data\Malwarebytes
2009-12-21 12:39:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-21 12:39:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-21 11:36:20 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-12-21 10:01:11 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-18 14:32:47 ----D---- C:\Program Files\iWin Games
2009-12-18 14:31:08 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2009-12-16 08:45:55 ----D---- C:\Program Files\iWin.com Games
2009-12-12 18:24:45 ----D---- C:\Program Files\PopCap Games
2009-11-28 17:25:19 ----D---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2009-12-23 14:39:24 ----D---- C:\WINDOWS\Temp
2009-12-23 14:38:43 ----D---- C:\WINDOWS\system32
2009-12-23 14:38:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-23 14:35:29 ----SD---- C:\WINDOWS\Tasks
2009-12-23 14:34:42 ----D---- C:\WINDOWS
2009-12-23 12:57:34 ----D---- C:\WINDOWS\network diagnostic
2009-12-23 11:51:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-23 10:46:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-23 10:46:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-21 14:18:08 ----HD---- C:\WINDOWS\inf
2009-12-21 14:17:51 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-21 14:13:37 ----D---- C:\WINDOWS\Help
2009-12-21 13:45:31 ----RD---- C:\Program Files
2009-12-21 13:37:02 ----D---- C:\WINDOWS\system32\drivers
2009-12-21 13:37:02 ----D---- C:\WINDOWS\Connection Wizard
2009-12-21 10:07:42 ----D---- C:\WINDOWS\Prefetch
2009-12-21 10:03:07 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-21 10:01:11 ----SHD---- C:\WINDOWS\Installer
2009-12-21 10:00:33 ----D---- C:\Program Files\Lavasoft
2009-12-21 10:00:25 ----D---- C:\WINDOWS\WinSxS
2009-12-21 05:44:30 ----D---- C:\Program Files\Norton Security Scan
2009-12-16 21:26:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-16 21:04:57 ----D---- C:\WINDOWS\system32\config
2009-12-16 21:04:43 ----D---- C:\WINDOWS\system32\wbem
2009-12-16 21:04:43 ----D---- C:\WINDOWS\Registration
2009-11-28 18:06:09 ----D---- C:\Documents and Settings\HOME\Application Data\Uniblue
2009-11-28 18:06:09 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-15 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-10-15 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-07-19 17153]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.0.0; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2009-10-15 15584]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-11-10 1406464]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 AR5211;D-Link Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 407360]
S3 AR5513;ZyXEL 802.11g Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5513.sys [2005-09-12 358464]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 atimtag;atimtag; C:\WINDOWS\System32\DRIVERS\atimtag.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 GWRCB_A00;Ashton Digital AirDash WRCB-1054i 802.11b/g Driver; C:\WINDOWS\System32\DRIVERS\GWRCBA00.sys [2004-03-15 418368]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-02-10 1234298]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
S3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-08 162944]
S3 RT61;Conceptronic RT61 54g Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2008-11-24 495104]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 W8335PCI;3Com OfficeConnect Wireless 54Mbps 11g PC Card Driver; C:\WINDOWS\system32\DRIVERS\Mrvw123.sys [2005-12-29 282624]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-10-15 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-10-15 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-11-24 78104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-21 1181328]
R2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\wltrysvc.exe [2007-10-09 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-02-10 65536]
S2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-13 1836544]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-15 182768]

-----------------EOF-----------------


Report •

#7
December 23, 2009 at 19:39:51

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Remember..your AVG antivirus and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#8
December 23, 2009 at 21:29:39
Thank you for helping me. Here is the combofix log:

ComboFix 09-12-23.02 - HOME 12/23/2009 21:16:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.517 [GMT -8:00]
Running from: c:\documents and settings\HOME\Desktop\combofix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin Games\iWinGamesHookIE.dll
c:\recycler\S-1-5-21-117609710-706699826-1060284298-1003

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-24 04:46 . 2009-12-24 04:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-23 17:19 . 2009-12-23 17:20 -------- d-----w- C:\rsit
2009-12-21 22:13 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-21 22:01 . 2009-12-21 22:01 195584 ----a-w- c:\documents and settings\HOME\Application Data\Sun\Java\Deployment\cache\6.0\5\27706285-67f79fb3-n\WMINative.dll
2009-12-21 21:45 . 2009-12-21 21:45 -------- d-----w- c:\program files\Trend Micro
2009-12-21 20:39 . 2009-12-21 20:39 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-21 20:39 . 2009-12-21 20:39 -------- d-----w- c:\documents and settings\HOME\Application Data\Malwarebytes
2009-12-21 20:39 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 20:39 . 2009-12-21 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 20:39 . 2009-12-21 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-21 20:39 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:36 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-21 18:03 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-21 18:01 . 2009-12-21 18:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-21 18:01 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-18 22:32 . 2009-12-24 05:21 -------- d-----w- c:\program files\iWin Games
2009-12-18 22:31 . 2009-12-18 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-12-17 05:26 . 2009-12-18 20:58 16 ----a-w- c:\windows\popcinfot.dat
2009-12-17 05:26 . 2009-12-17 05:26 0 ----a-w- c:\windows\popcreg.dat
2009-12-17 05:09 . 2009-12-17 05:08 2065688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-17 05:09 . 2009-11-29 17:53 3514648 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-12-17 05:09 . 2009-11-29 17:53 2029336 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-12-17 05:04 . 2009-12-17 05:04 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-17 04:35 . 2009-12-17 04:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-17 03:05 . 2009-12-17 03:05 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2009-12-16 16:45 . 2009-12-16 16:45 -------- d-----w- c:\program files\iWin.com Games
2009-12-13 02:24 . 2009-12-17 05:26 -------- d-----w- c:\program files\PopCap Games
2009-11-29 04:47 . 2009-11-29 04:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 04:46 . 2008-08-20 15:52 -------- d-----w- c:\program files\Java
2009-12-21 18:00 . 2006-01-16 23:10 -------- d-----w- c:\program files\Lavasoft
2009-12-21 13:44 . 2007-08-13 22:29 -------- d-----w- c:\program files\Norton Security Scan
2009-12-21 08:22 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-29 02:06 . 2009-10-15 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-11-29 02:06 . 2009-10-15 22:05 -------- d-----w- c:\documents and settings\HOME\Application Data\Uniblue
2009-11-09 20:03 . 2009-11-09 20:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-25 20:16 . 2009-10-22 16:04 -------- d-----w- c:\program files\iTunes
2009-10-25 20:16 . 2009-10-22 16:04 -------- d-----w- c:\program files\iPod
2009-10-25 20:15 . 2009-10-22 16:04 -------- d-----w- c:\program files\Bonjour
2009-10-25 20:15 . 2009-10-22 16:03 -------- d-----w- c:\program files\QuickTime
2009-10-25 20:15 . 2009-10-22 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-25 20:14 . 2009-10-22 16:03 -------- d-----w- c:\program files\Apple Software Update
2009-10-25 20:14 . 2009-10-25 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-25 20:12 . 2009-10-25 20:12 93074728 ----a-w- c:\program files\itunes setup.exe
2009-10-22 16:06 . 2006-01-12 17:37 22096 ----a-w- c:\documents and settings\HOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 22:27 . 2009-10-15 22:26 18633800 ----a-w- c:\documents and settings\HOME\Application Data\Blitware\DriverRobot\downloads\f4154a7a4f8c435480933713565b6bfd\sp40239.exe
2009-10-15 22:27 . 2009-10-15 22:26 15978168 ----a-w- c:\documents and settings\HOME\Application Data\Blitware\DriverRobot\downloads\fe3517850f96623aba6614feef6addc7\54wg04ww.exe
2009-10-15 22:27 . 2009-10-15 22:26 14191264 ----a-w- c:\documents and settings\HOME\Application Data\Blitware\DriverRobot\downloads\e3220407927e138608ef37f7f9508559\intel_wireless_12441_os2006207a.exe
2009-10-15 22:27 . 2009-10-15 22:26 9595296 ----a-w- c:\documents and settings\HOME\Application Data\Blitware\DriverRobot\downloads\7996948d018526795a1092cd311b6b62\driver_cardreader_o2_27442A.exe
2009-10-15 22:26 . 2009-10-15 22:26 3016352 ----a-w- c:\documents and settings\HOME\Application Data\Blitware\DriverRobot\downloads\5788ecfb81b441c2e1e68f655401ca28\7jgk06ww.exe
2009-10-15 22:04 . 2009-10-15 22:04 3171456 ----a-w- c:\program files\DriverScanner.exe
2009-10-15 21:14 . 2009-10-15 21:13 304293008 ----a-w- c:\program files\office2007sp2-kb953195-fullfile-en-us.exe
2009-10-15 21:07 . 2009-10-15 21:07 15584 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-10-15 21:06 . 2009-10-15 21:05 15516048 ----a-w- c:\program files\OxpSp2.exe
2009-10-15 20:49 . 2004-01-18 11:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-15 20:49 . 2004-01-18 11:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-15 20:49 . 2004-01-18 11:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-15 20:49 . 2004-01-18 11:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2007-08-13 22:14 . 2007-08-13 22:14 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-05-15 19:34 . 2006-01-13 14:28 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-15 19:34 . 2006-01-13 14:28 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-15 19:34 . 2007-08-13 22:16 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-05-15 19:34 . 2007-08-13 22:16 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-05-15 19:34 . 2006-01-13 14:28 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-24 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-15 20:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 07:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-11-11 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-17 05:08 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-08-13 22:14 1836544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-02-10 13:27 4501504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-02-10 13:27 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
2003-02-24 20:35 163840 ----a-w- c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-13 22:13 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/21/2009 10:03 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/18/2004 3:27 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/18/2004 3:27 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/15/2009 12:49 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/15/2009 12:49 PM 297752]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [11/24/2009 11:43 AM 78104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [9/6/2007 4:07 PM 92550]
S3 AR5513;ZyXEL 802.11g Wireless Adapter Service;c:\windows\system32\drivers\ar5513.sys [8/20/2008 7:56 AM 358464]
S3 GWRCB_A00;Ashton Digital AirDash WRCB-1054i 802.11b/g Driver;c:\windows\system32\drivers\GWRCBA00.sys [1/12/2006 9:32 AM 418368]
S3 W8335PCI;3Com OfficeConnect Wireless 54Mbps 11g PC Card Driver;c:\windows\system32\drivers\Mrvw123.sys [8/13/2007 4:13 PM 282624]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HOME\Application Data\Mozilla\Firefox\Profiles\aad9qvoq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\HOME\Application Data\Mozilla\Firefox\Profiles\aad9qvoq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\HOME\Application Data\Mozilla\Firefox\Profiles\aad9qvoq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-SDTray - c:\program files\Spyware Doctor\SDTrayApp.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 21:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(812)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\wltrysvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-23 21:28:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-24 05:28

Pre-Run: 7,927,222,272 bytes free
Post-Run: 8,264,441,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

- - End Of File - - AFD1E545240847840078606889140F12


Report •

#9
December 23, 2009 at 22:53:06
That seemed to work. My google search is working fine. This is the best xmas gift I could've asked for. Thanks for all your help. Certainly has saved me from spending money on those so called anti-virus programs.

Report •

#10
December 24, 2009 at 09:35:56
Merry Christmas.

A little clean-up to do.

Delete RSIT and GMER from your desktop.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •


Ask Question