Major Browser Hijack.

Kitten Kong

Kitten Kong

Administrator
Staff member
Reaction score
3,471
Location
Manchester UK
Can anyone with greater virus removal knowledge please help me out with this.

Basically which ever browser I use, IE, FF etc, if I enter a search ie bbc, it takes me to the bbc website. However if I put in a search string ie avg, it comes up with the list of avg searches, click on one of these, and I get a unable to connect.

I have just put in 'hitman', clicked on the wiki result, and I am brought up with a icosearch.com/search browser hijack. This is the same hijack which I am forever finding.

So far, this is what I have done.
MBam - 1 infection found - cleaned.
Hitman Pro - 76 malware detections
Hitman Pro - 102 traces
Hijack this - removed 10 entries
SAS Pro - 11 infections
SAS Pro - 9 traces
Kaspersky - 582! infections. Yes, that's NO typo!!.

OTL - Initial log is attached - next post.
OTL Fix - Attached - with next post (With thanks to OtherSteve) for his assistance with checking my fix; and adding to it.

TDSS Clear
GMER Clear
Autoruns - removed 19 lines
Process Explorer - clear

xpreg.exe fix (Initially no .exe files worked)
upsold professional licence for SAS pro.
Removed Norton PC Checkup
Removed Eusing Free Registry Booster
Removed unwise regsitry cleaner
removed glary utilities
removed avg anti virus
removed windows installer

Combo fix - Log attached - with next post.
Gone through everything I can with Eureka's UVK Killer
Reset Hosts File complete.

I am now at a complete loss.. The amount of time I have spent on this machine, it would of been far easier if I n&p'd it. This is one of those times, when I think its the best solution.

Does anyone have any other ideas please?
 
ORIGINAL LOG
OTL logfile created on: 24/04/2011 11:38:06 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\MyPc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 345.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 120.12 Gb Free Space | 80.60% Space Free | Partition Type: NTFS
Drive D: | 14.89 Gb Total Space | 8.81 Gb Free Space | 59.17% Space Free | Partition Type: FAT32

Computer Name: ASUS | User Name: Chin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\MyPc\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\iobituninstaller.exe (IObit)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\MyPc\desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Paltalk Messenger\ctrlkey.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (hitmanpro35) -- C:\WINDOWS\system32\drivers\hitmanpro35.sys ()
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (SR9USB) -- C:\WINDOWS\system32\drivers\sr9usb.sys (SUPERAL Semiconductor, Inc. Co Ltd.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ksaud) -- C:\WINDOWS\system32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (dfmirage) -- C:\WINDOWS\system32\drivers\dfmirage.sys (DemoForge, LLC)
DRV - (ksaudfl) -- C:\WINDOWS\system32\drivers\ksaudfl.sys (Creative)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/05/26 00:05:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/05/25 22:54:58 | 000,000,000 | ---D | M]

[2010/05/26 15:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MyPc\Application Data\Mozilla\Extensions
[2010/05/26 15:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MyPc\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/26 22:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MyPc\Application Data\Mozilla\Firefox\Profiles\y6fb6ocf.default\extensions
[2010/05/26 15:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MyPc\Application Data\Mozilla\Firefox\Profiles\y6fb6ocf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/26 15:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MyPc\Application Data\Mozilla\Firefox\Profiles\y6fb6ocf.default\extensions\staged-xpis
[2010/04/12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Documents and Settings\MyPc\Application Data\Mozilla\Firefox\Profiles\y6fb6ocf.default\searchplugins\SearchquWebSearch.xml
[2010/05/26 21:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 22:55:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/25 22:54:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/05/25 22:54:57 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/21 14:56:16 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/04/04 00:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/04/12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1274863479906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\jrgwacdw\rxxjkfmn.exe) - C:\Program Files\jrgwacdw\rxxjkfmn.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\MyPc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MyPc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/25 16:40:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 14:47:08 | 000,000,000 | ---D | M] - D:\autobackup4tech -- [ FAT32 ]
O32 - AutoRun File - [2011/04/21 19:37:36 | 003,055,932 | ---- | M] (Igor Pavlov) - D:\autobackup4tech.exe -- [ FAT32 ]
O32 - AutoRun File - [2011/04/24 11:38:46 | 000,000,003 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (bootdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dfrgvr32 - (C:\WINDOWS\system32\dvdprcp.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 11:35:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MyPc\Desktop\OTL.exe
[2011/04/24 10:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/04/24 10:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\jrgwacdw
[2011/04/24 10:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MyPc\Application Data\SUPERAntiSpyware.com
[2011/04/24 10:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/24 10:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/24 10:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/24 00:16:51 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/23 23:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MyPc\Start Menu\Programs\Free Registry Cleaner
[2011/04/23 23:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011/04/23 23:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MyPc\Local Settings\Application Data\Tific
[2011/04/23 23:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MyPc\Application Data\Tific
[2011/04/23 23:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/23 23:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/04/23 23:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/04/23 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2011/04/23 22:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MyPc\Start Menu\Programs\Paltalk Messenger
[2011/04/23 22:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2011/04/20 18:20:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MyPc\Recent
[2011/04/15 22:35:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 22:35:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/14 11:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/04/07 15:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/03/28 15:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/03/27 18:23:16 | 000,000,000 | ---D | C] -- C:\boot
[2011/03/27 18:23:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/03/27 17:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fNpAhDlFkCb28601
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/24 11:42:04 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/24 11:31:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MyPc\Desktop\OTL.exe
[2011/04/24 10:43:13 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/24 10:43:09 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/24 10:42:43 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/24 10:42:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/24 10:39:59 | 000,019,796 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/04/24 10:33:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/04/24 09:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/04/23 23:58:38 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\MyPc\Desktop\Eusing Free Registry Cleaner.lnk
[2011/04/23 22:03:31 | 000,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
[2011/04/23 22:03:31 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\MyPc\Desktop\Upgrade to Paltalk Extreme.lnk
[2011/04/23 22:03:26 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\MyPc\Desktop\Paltalk Messenger.lnk
[2011/04/23 13:58:25 | 000,002,048 | ---- | M] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2011/04/23 13:23:02 | 000,013,288 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\n1s8h35n803412kjjtvk3c6h417v
[2011/04/23 13:23:02 | 000,013,288 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\n1s8h35n803412kjjtvk3c6h417v
[2011/04/23 12:49:21 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/22 16:23:01 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/21 16:07:31 | 000,001,958 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\ljl2qjnc0ds5cjv0814pp0
[2011/04/21 16:07:31 | 000,001,958 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ljl2qjnc0ds5cjv0814pp0
[2011/04/20 21:21:01 | 000,013,652 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
[2011/04/20 21:21:01 | 000,013,652 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
[2011/04/15 22:35:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/15 22:28:58 | 000,000,359 | ---- | M] () -- C:\Documents and Settings\MyPc\Desktop\fix.inf
[2011/04/15 22:26:37 | 000,479,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 22:26:37 | 000,087,194 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 22:23:12 | 000,011,388 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\2056492677
[2011/04/15 22:23:12 | 000,011,388 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2056492677
[2011/04/13 12:52:10 | 000,013,048 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\1133710736
[2011/04/13 12:52:10 | 000,013,048 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1133710736
[2011/04/10 18:02:02 | 015,057,814 | ---- | M] () -- C:\Documents and Settings\MyPc\My Documents\@PHIEN TOA DAM LE [DAY KEP].mp3
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/24 10:33:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/04/23 23:58:38 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\MyPc\Desktop\Eusing Free Registry Cleaner.lnk
[2011/04/23 22:03:31 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
[2011/04/23 22:03:31 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\MyPc\Desktop\Upgrade to Paltalk Extreme.lnk
[2011/04/23 22:03:26 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\MyPc\Desktop\Paltalk Messenger.lnk
[2011/04/23 13:17:36 | 000,013,288 | -HS- | C] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\n1s8h35n803412kjjtvk3c6h417v
[2011/04/23 13:17:36 | 000,013,288 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n1s8h35n803412kjjtvk3c6h417v
[2011/04/21 16:05:30 | 000,001,958 | -HS- | C] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\ljl2qjnc0ds5cjv0814pp0
[2011/04/21 16:05:30 | 000,001,958 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ljl2qjnc0ds5cjv0814pp0
[2011/04/20 19:47:13 | 000,013,652 | -HS- | C] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
[2011/04/20 19:47:13 | 000,013,652 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
[2011/04/15 22:35:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/15 22:28:58 | 000,000,359 | ---- | C] () -- C:\Documents and Settings\MyPc\Desktop\fix.inf
[2011/04/15 18:35:37 | 000,011,388 | -HS- | C] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\2056492677
[2011/04/15 18:35:37 | 000,011,388 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2056492677
[2011/04/14 12:37:04 | 000,019,796 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/04/13 12:39:39 | 000,013,048 | -HS- | C] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\1133710736
[2011/04/13 12:39:39 | 000,013,048 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1133710736
[2011/04/10 17:56:18 | 015,057,814 | ---- | C] () -- C:\Documents and Settings\MyPc\My Documents\@PHIEN TOA DAM LE [DAY KEP].mp3
[2011/02/22 17:40:07 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/04 21:51:35 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/04 19:45:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\fusioncache.dat
[2010/11/21 17:21:00 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2010/11/21 17:21:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\bsrgvas.dll
[2010/11/21 17:20:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2010/11/21 17:18:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2010/11/21 17:18:00 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2010/10/10 15:36:13 | 000,189,952 | ---- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll
[2010/10/10 13:25:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2010/09/15 18:02:57 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2010/09/12 18:37:55 | 000,000,650 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2010/05/31 15:44:22 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/26 22:55:37 | 000,033,327 | ---- | C] () -- C:\WINDOWS\System32\kschimp.ini
[2010/05/26 15:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/25 22:57:53 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/25 22:57:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/25 22:57:51 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/25 22:57:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/25 22:57:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/25 22:41:33 | 001,752,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/05/25 22:41:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/05/25 22:37:24 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010/05/25 22:24:43 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010/05/25 22:24:43 | 000,000,008 | R--- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010/05/25 17:45:06 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/25 17:28:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/25 17:26:43 | 000,173,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/25 16:43:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/25 16:36:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/14 18:12:56 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2008/10/02 16:34:16 | 000,029,528 | ---- | C] () -- C:\WINDOWS\System32\ksaud.ini
[2008/08/28 04:10:24 | 000,000,173 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
[2008/07/30 19:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 13:00:00 | 000,479,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 13:00:00 | 000,087,194 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/16 17:36:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/03/21 10:41:32 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/21 10:41:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

========== LOP Check ==========

[2011/04/24 10:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/12 20:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/05/26 21:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/01/12 20:34:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/27 19:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fNpAhDlFkCb28601
[2011/04/14 12:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/01/12 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/07/11 12:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2010/05/25 23:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/12 20:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\AVG10
[2010/05/25 23:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\Canneverbe Limited
[2010/12/09 16:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\COWON
[2010/05/26 21:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\Dropbox
[2010/09/19 14:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\Free Sound Recorder
[2011/01/12 21:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\GlarySoft
[2011/02/21 14:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\IObit
[2010/05/26 22:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\Leadertech
[2010/12/23 14:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\ManyCam
[2010/12/05 18:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\OpenOffice.org
[2010/05/26 15:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\Opera
[2011/04/23 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\Paltalk
[2011/02/21 13:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\PriceGong
[2010/09/01 19:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\REAPER
[2010/07/11 12:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\River Past G5
[2010/09/23 16:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\TeamViewer
[2011/04/23 23:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\Tific
[2010/05/26 00:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\Windows Desktop Search
[2010/06/15 19:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\Windows Search
[2011/04/24 09:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
 
OTL Fix

:OTL
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
[2010/04/12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O20 - HKLM Winlogon: UserInit - (C:\Program Files\jrgwacdw\rxxjkfmn.exe) - C:\Program Files\jrgwacdw\rxxjkfmn.exe File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (bootdelete) - File not found
O36 - AppCertDlls: dfrgvr32 - (C:\WINDOWS\system32\dvdprcp.dll) - File not found
[2011/04/24 10:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/04/24 10:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\jrgwacdw
[2011/04/23 23:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MyPc\Start Menu\Programs\Free Registry Cleaner
[2011/04/23 23:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011/03/27 17:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fNpAhDlFkCb28601
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/04/24 09:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/04/23 23:58:38 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\MyPc\Desktop\Eusing Free Registry Cleaner.lnk
[2011/04/23 13:23:02 | 000,013,288 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\n1s8h35n803412kjjtvk3c6h417v
[2011/04/23 13:23:02 | 000,013,288 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\n1s8h35n803412kjjtvk3c6h417v
[2011/04/23 12:49:21 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/21 16:07:31 | 000,001,958 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\ljl2qjnc0ds5cjv0814pp0
[2011/04/21 16:07:31 | 000,001,958 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ljl2qjnc0ds5cjv0814pp0
[2011/04/20 21:21:01 | 000,013,652 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
[2011/04/20 21:21:01 | 000,013,652 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kf57d1fk8ydj8e74jr7r6u2m842s70508cpb2pbf5mp6
[2011/04/15 22:23:12 | 000,011,388 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\2056492677
[2011/04/15 22:23:12 | 000,011,388 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2056492677
[2011/04/13 12:52:10 | 000,013,048 | -HS- | M] () -- C:\Documents and Settings\MyPc\Local Settings\Application Data\1133710736
[2011/04/13 12:52:10 | 000,013,048 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1133710736
[2011/02/21 13:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\PriceGong
[2010/09/01 19:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\REAPER
[2011/01/12 20:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MyPc\Application Data\AVG10
[2011/01/12 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

:Reg

:Commands
[createrestorepoint]
[emptytemp]
[emptyflash]
[resethosts]
[purity]
[rebootmachine]
 
Combofix log

ComboFix 11-04-24.04 - Chin 25/04/2011 9:35.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.712 [GMT 1:00]
Running from: c:\documents and settings\MyPc\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MyPc\Application Data\Mozilla\Firefox\Profiles\y6fb6ocf.default\searchplugins\SearchquWebSearch.xml
c:\documents and settings\MyPc\Templates\ljl2qjnc0ds5cjv0814pp0
c:\program files\AutocompletePro
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\DataMngr\DataMngrUI.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-25 to 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-24 19:25 . 2011-04-24 19:26 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-24 09:43 . 2011-04-24 09:43 -------- d-----w- c:\program files\123
2011-04-24 09:34 . 2011-04-24 09:34 -------- d-----w- c:\documents and settings\MyPc\Application Data\SUPERAntiSpyware.com
2011-04-24 09:34 . 2011-04-24 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-24 09:32 . 2011-04-24 09:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-23 23:16 . 2011-04-23 23:16 -------- d-----w- C:\found.000
2011-04-23 22:48 . 2011-04-23 22:48 -------- d-----w- c:\documents and settings\MyPc\Local Settings\Application Data\Tific
2011-04-23 22:48 . 2011-04-23 22:48 -------- d-----w- c:\documents and settings\MyPc\Application Data\Tific
2011-04-23 22:48 . 2011-04-23 22:48 -------- d-----w- c:\windows\system32\NtmsData
2011-04-23 22:47 . 2011-04-24 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-04-23 22:05 . 2011-04-24 09:56 -------- d-----w- c:\program files\MSECACHE
2011-04-23 21:03 . 2011-04-24 21:15 -------- d-----w- c:\program files\Paltalk Messenger
2011-04-15 21:35 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-15 21:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 10:46 . 2011-04-14 10:46 -------- d-----w- c:\program files\Common Files\Skype
2011-04-14 02:39 . 2011-04-14 02:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-07 14:53 . 2011-04-22 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-03-27 17:23 . 2011-03-27 17:23 -------- d-----w- C:\boot
2011-03-27 17:23 . 2011-03-27 17:23 -------- d-----w- c:\windows\Logs
2011-03-27 16:12 . 2011-03-27 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\fNpAhDlFkCb28601
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-24 09:42 . 2011-02-22 16:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-05-25 15:33 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-05-25 15:33 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2011-4-13 13683464]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MyPc^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Pro]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusACPIServer]
2008-12-17 18:59 794999 ------w- c:\program files\EeePC\ACPI\AsAcpiSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusEPCMonitor]
2008-05-21 00:56 266589 ------w- c:\program files\EeePC\ACPI\AsEPCMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusTray]
2008-12-04 12:38 287088 ------w- c:\program files\EeePC\ACPI\AsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative KSRun Persistence Module]
2008-08-29 20:09 16896 ----a-w- c:\windows\system32\KSRun.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTAPR2]
2008-08-07 14:50 61546 ------w- c:\program files\Creative\Sound Blaster X-Fi Go\Console Launcher\CTAPR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-19 18:08 159744 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-19 18:08 135168 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2010-10-15 05:25 1721640 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-19 18:07 131072 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-02-13 15:59 17508864 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-04-20 15:57 2423752 ------w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2008-10-28 09:20 237693 ------w- c:\program files\Creative\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2010 12:31 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25/05/2010 22:24 1684736]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [30/10/2008 00:05 31896]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [22/02/2011 17:40 16968]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [01/12/2008 18:33 768256]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [24/10/2008 18:27 1830912]
S3 Normandy;Normandy SR2; [x]
S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\sr9usb.sys [25/05/2010 16:58 14720]
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 11:31]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 11:31]
.
2011-04-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
AddRemove-HijackThis - d:\computer-repair\VirusSpywareRemoval\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 09:41
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\MyPc\Start Menu\Programs\Startup\rxxjkfmn.exe 166768 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\MyPc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\MyPc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\MyPc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\MyPc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
.
Completion time: 2011-04-25 09:43:56
ComboFix-quarantined-files.txt 2011-04-25 08:43
.
Pre-Run: 132,618,772,480 bytes free
Post-Run: 132,671,918,080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 561404F15FA2E53E90BF5E54228927DD
 
In the combo fix log, you will see avg10, and msse. I have now sucessfully removed avg, as that was a major pain also.

At the moment I cannot update msse, nor use windows update. - Both come up with page cannot be displayed.
 
Cadishead Computers said:
Can anyone with greater virus removal knowledge please help me out with this.

Basically which ever browser I use, IE, FF etc, if I enter a search ie bbc, it takes me to the bbc website. However if I put in a search string ie avg, it comes up with the list of avg searches, click on one of these, and I get a unable to connect.

I have just put in 'hitman', clicked on the wiki result, and I am brought up with a icosearch.com/search browser hijack. This is the same hijack which I am forever finding.

So far, this is what I have done.
MBam - 1 infection found - cleaned.
Hitman Pro - 76 malware detections
Hitman Pro - 102 traces
Hijack this - removed 10 entries
SAS Pro - 11 infections
SAS Pro - 9 traces
Kaspersky - 582! infections. Yes, that's NO typo!!.

OTL - Initial log is attached - next post.
OTL Fix - Attached - with next post (With thanks to OtherSteve) for his assistance with checking my fix; and adding to it.

TDSS Clear
GMER Clear
Autoruns - removed 19 lines
Process Explorer - clear

xpreg.exe fix (Initially no .exe files worked)
upsold professional licence for SAS pro.
Removed Norton PC Checkup
Removed Eusing Free Registry Booster
Removed unwise regsitry cleaner
removed glary utilities
removed avg anti virus
removed windows installer

Combo fix - Log attached - with next post.
Gone through everything I can with Eureka's UVK Killer
Reset Hosts File complete.

I am now at a complete loss.. The amount of time I have spent on this machine, it would of been far easier if I n&p'd it. This is one of those times, when I think its the best solution.

Does anyone have any other ideas please?
Click to expand...

Run fixmbr from recovery console/command prompt. If the machine has a recovery partition, you'll lose that functionality, but you'll fix your problem.

Rick
 
What scans have you performed offline? If none then I'd look at Kaspersky's rescue disk; could well be rootkit/mbr related.

I would say to check browser addons as someone here posted that they had a malicious addon in firefox that stopped them accessing antivirus sites, but you say it's cross browser.
 
Thanks for the advice on teh fixmbr. I tried that, and that didnt fix the hijack either.

I downloaded the kaspersky rescue disc, started a scan on that, and within 10 mins it was finding things in the high 70's plus, with hours to go.

So rang my client and said, the best thing for this machine is a n&p. The cost of everything including all the virus removals and the SAS pro licence would be £85. To be told its too much!.

I mentioned to him, that I have been working on this netbook for close to 6 hours, running and checking every last item I can. It is still there, therefore the best thing would be to backup up, wipe it and start again. I am not charging you for the virus removal, or the 20Gb backup, only the n&p, and the SAS licence. He was very hesitant but agreed eventually it was the best course of action.

This would of been completed at least 6 hours ago, if I did it first, but I wanted to give it my best shot at removing everything, and think I have done a bloody good job considering the state of the machine when it came in. Just a shame that I have had to n&p it. But its best for the computer, and best for the client.

Thanks again for the helpful advice guys. It's what makes TN the place it is :).
 
This is exactly the reason I don't bother trying to remove things using the host OS until after scanning it an offline method. Too many things nowadays are becoming invisible to scanners and even manual removal tools, and it's a real pain.

Glad you got the issue sorted now; I agree a N&P was the way to go on a machine that bad :)
 
iisjman07 said:
This is exactly the reason I don't bother trying to remove things using the host OS until after scanning it an offline method. Too many things nowadays are becoming invisible to scanners and even manual removal tools, and it's a real pain.

Glad you got the issue sorted now; I agree a N&P was the way to go on a machine that bad :)
Click to expand...

Agreed - I run a scan from a bootable AV disk first. Malware gets sneakier by the day.
 
And the bad news is.. its STILL redirecting!!.

Checked the mbr, and found a mbr virus, checked and cleared that.

So now, its a complete low level format, and start afresh. This one will NOT get past me.
 
We all remember when viruses got a little smarter and started working in pairs; you'd kill off VirusFileA and then VirusFileB would start it up again.

Maybe rootkits are doing the same?


Don't feel bad about it, Nigel. Most viruses are just a single cockroach in the kitchen but sometimes it's a complete termite infestation and the house needs to be condemned.

Scrub that puppy!
 
true mate, as soon as I saw the 76 infections off hmp, and then 500+ from kaspersky, I should of called it quits and scrubbed, and started afresh. But wanted to see how far I got before it finally got to me. Another late night ahead me thinks lol
 
Cadishead Computers said:
true mate, as soon as I saw the 76 infections off hmp, and then 500+ from kaspersky, I should of called it quits and scrubbed, and started afresh. But wanted to see how far I got before it finally got to me. Another late night ahead me thinks lol
Click to expand...

I agree that you should have n/p when you saw that but I also understand wanting to not have this bugger get the final laugh.

$125 USD for n/p with data returned . . that is low average for around here.
 
Thanks for the tip. Another one to add to the arsenal :).

3rd time lucky, windows is installed, no sign of a redirect.. thank god, else it would of gone through the window!.

Thanks to all for the helpful advice. I really do appreciate it all :)
 
Interesting read. Got a buddy who lives about an hour from me, who has a bad redirect. He is fairly tech savvy, has tried lots of scanners (including combofix) and even a format and still redirecting. He reset router too. Called me about it so I'm gonna head there in a week or so and check it out for him.

So my question, what finally cleared it in this case, the low level format?
 
yep. thats the only thing that cleared it im afraid. I ran mbr.exe which found 1 infection, cleared that, and the redirect was still there!.

Luckily this ones nearly done now. Over 8 hours work on this, for just £85!. (inc sas pro licence). Win some, lose some..
 
You must log in or register to reply here.

Similar threads

GTP
Got this missive this morning...
Replies
13
Views
1K
xrobwx71
xrobwx71
HCHTech
Google Workspace OUs
Replies
0
Views
461
HCHTech
HCHTech
Metanis
[TIP] Automatic updates to digital wallets!
Replies
1
Views
440
britechguy
britechguy
GTP
Microsoft Edge is back!
Replies
5
Views
2K
Philippe
Philippe
Rosco
[SOLVED] G suite for Outlook sync tool
Replies
7
Views
936
callthatgirl
callthatgirl
Back
Top