GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


descriptionRedirector troubles EmptyRedirector troubles

more_horiz
I read your "read first page". Tried to post the results but site keeps timing out. My troubles started about a week ago.
I have Malwarebytes, Webroot, and have tried SuperANTIspy and nothing has worked. Any help would be appreciated.

Thank you, Candice

Last edited by klassylady25 on 14th June 2010, 4:12 pm; edited 2 times in total

descriptionRedirector troubles EmptyRe: Redirector troubles

more_horiz
.

Last edited by klassylady25 on 14th June 2010, 4:10 pm; edited 1 time in total

descriptionRedirector troubles EmptyRe: Redirector troubles

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionRedirector troubles EmptyRe: Redirector troubles

more_horiz
Only one log was produced; the OTL.txt

OTL logfile created on: 6/14/2010 11:28:02 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 271.49 Gb Free Space | 91.08% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 86.53 Gb Free Space | 37.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STSTEMAX
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/14 14:52:01 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/06/13 22:07:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/17 08:48:28 | 000,541,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/03/17 08:48:26 | 006,952,344 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/03/17 08:48:26 | 001,141,144 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/03/17 08:06:32 | 000,044,032 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\ndis_events.exe
PRC - [2010/03/17 08:04:26 | 000,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe
PRC - [2010/03/10 16:56:21 | 001,094,656 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2010/03/10 16:56:21 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010/03/10 16:56:21 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2010/03/02 16:16:22 | 000,978,840 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2009/11/06 15:19:44 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2010/06/13 22:07:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/14 14:52:01 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/17 08:48:28 | 000,541,080 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/17 08:04:26 | 000,086,016 | ---- | M] (CACE Technologies) [Auto | Running] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/11 22:24:12 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/10 16:56:21 | 000,152,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/03/10 16:56:21 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/06/07 00:30:05 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\MpEngineStore\MpKsl86b4741d.sys -- (MpKsl86b4741d)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/17 08:16:00 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/03/17 08:04:26 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/03/11 23:22:33 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2010/03/10 16:56:21 | 000,246,936 | R--- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/11/13 15:25:44 | 000,070,784 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/12/16 21:50:29 | 001,918,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/11/01 11:39:16 | 000,246,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/09/07 15:25:06 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/02 18:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 09 74 38 0F 28 A7 0B 47 94 4E D2 E5 2B 46 26 83 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Dogpile"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/03 16:02:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 12:57:34 | 000,000,000 | ---D | M]

[2010/06/03 16:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/04/25 22:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/25 21:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2010/06/14 14:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\61an6l41.default\extensions
[2010/06/05 06:48:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\61an6l41.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/07 19:35:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\61an6l41.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/06 13:52:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\61an6l41.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/14 14:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\61an6l41.default\extensions\toolbar@ask.com
[2010/06/10 13:54:36 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\61an6l41.default\searchplugins\dogpile.xml
[2010/06/13 14:36:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/09 00:16:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/09 00:16:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml

O1 HOSTS File: ([2010/06/14 22:48:58 | 000,000,707 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [PhotoshopElements8SyncAgent] C:\Program Files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\directory\CyberGate\antivir\antivir.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275917957156 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (em\\ecurity Packages settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/11 16:44:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/14 14:51:31 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2010/06/14 14:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/14 14:51:03 | 000,108,880 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/06/14 14:50:50 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2010/06/14 14:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/06/14 08:46:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/06/13 22:29:24 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Owner\Desktop\JavaRa.exe
[2010/06/13 22:07:10 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/13 15:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/06/13 15:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2010/06/13 14:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ieSpell
[2010/06/13 14:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2010/06/12 20:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/06/12 18:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/11 12:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Unused_Programs
[2010/06/10 23:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2010/06/10 13:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/09 00:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/09 00:16:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/09 00:16:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/09 00:16:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/09 00:16:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/09 00:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/06/08 23:48:20 | 000,000,000 | ---D | C] -- C:\891e87584a592d2d99b7
[2010/06/08 22:36:33 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2010/06/08 22:36:33 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010/06/08 09:07:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/06/07 19:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/06/07 18:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/07 11:03:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/07 11:03:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/07 11:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/07 09:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/06/07 09:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2010/06/07 09:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/07 00:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/07 00:30:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/06/07 00:28:01 | 000,000,000 | ---D | C] -- C:\5e361f5b2502820574c07b71a2a706
[2010/06/03 21:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/06/03 21:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Photo Recovery
[2010/06/01 23:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/06/01 20:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2010/05/31 22:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/31 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2010/05/31 11:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/31 02:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/29 20:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/29 20:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/26 10:33:56 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\AFGSp50.sys
[2010/05/26 10:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/05/26 10:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2010/05/25 17:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AMS
[2010/05/25 17:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2010/05/25 17:40:58 | 000,246,936 | R--- | C] (silex technology, Inc.) -- C:\WINDOWS\System32\drivers\sxuptp.sys
[2010/05/25 17:40:20 | 000,233,472 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll
[2010/05/25 17:40:20 | 000,081,920 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\packet.dll
[2010/05/25 17:40:20 | 000,061,440 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\wanpacket.dll
[2010/05/25 17:40:20 | 000,032,512 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/05/25 17:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/05/25 16:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/05/25 13:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/25 13:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/19 02:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2010/05/19 00:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\BFG
[2010/05/17 21:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\4Media
[2010/05/17 01:24:36 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2010/05/16 14:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Downloads
[2010/05/16 13:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/05/16 13:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVS4YOU
[2010/05/16 11:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Neat Image
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/14 23:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/14 22:47:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/14 22:47:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/14 22:47:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/14 14:52:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/14 14:51:31 | 000,775,168 | ---- | M] () -- C:\WINDOWS\is-JL14A.exe
[2010/06/14 14:51:31 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot Security.lnk
[2010/06/14 14:47:57 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/06/14 14:47:50 | 000,108,880 | ---- | M] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/06/14 02:33:19 | 005,832,168 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/06/13 22:45:16 | 007,573,504 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/06/13 22:28:47 | 000,003,999 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mainhst.zgh
[2010/06/13 22:07:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/13 17:00:49 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\XnView.lnk
[2010/06/13 15:08:06 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/06/13 14:50:39 | 005,329,739 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RECIPE_COLLECTION_V4.pdf
[2010/06/12 22:36:15 | 000,234,751 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Capture-1.jpg
[2010/06/12 21:43:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/11 12:29:21 | 000,042,803 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\puter.jpg
[2010/06/10 23:11:52 | 000,020,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100610_231145.reg
[2010/06/10 16:09:32 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Owner\jobq.dat
[2010/06/09 00:16:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/09 00:16:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/09 00:16:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/09 00:16:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/09 00:16:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/07 18:56:23 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/07 18:56:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/07 18:56:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/07 11:03:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/07 09:54:21 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/06/06 15:10:14 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/06/06 04:41:59 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/03 16:01:48 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/31 22:39:03 | 000,000,022 | ---- | M] () -- C:\WINDOWS\clofghls.dll
[2010/05/31 13:02:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/30 23:41:51 | 000,000,428 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2010/05/29 20:34:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/25 16:47:58 | 000,010,218 | ---- | M] () -- C:\WINDOWS\System32\rof
[2010/05/25 16:46:15 | 000,067,584 | ---- | M] () -- C:\WINDOWS\System32\klgd.bmp
[2010/05/19 22:16:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/05/19 22:16:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/05/16 14:49:57 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Easy Video to DVD.INI
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/14 14:51:31 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-JL14A.exe
[2010/06/14 14:51:31 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot Security.lnk
[2010/06/14 14:51:27 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/13 22:45:16 | 007,573,504 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/06/13 15:08:06 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/06/13 14:50:36 | 005,329,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RECIPE_COLLECTION_V4.pdf
[2010/06/12 22:36:15 | 000,234,751 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Capture-1.jpg
[2010/06/12 21:43:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/11 12:29:21 | 000,042,803 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\puter.jpg
[2010/06/10 23:11:50 | 000,020,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100610_231145.reg
[2010/06/07 11:03:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/03 16:01:48 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/31 22:37:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\clofghls.dll
[2010/05/29 20:34:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/25 17:40:20 | 000,057,395 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/05/25 16:47:58 | 000,010,218 | ---- | C] () -- C:\WINDOWS\System32\rof
[2010/05/25 16:46:15 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\klgd.bmp
[2010/05/19 22:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/05/19 22:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/26 15:24:17 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2010/03/23 00:00:30 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/03/20 00:35:52 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/20 00:35:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/03/20 00:35:50 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/20 00:35:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/20 00:35:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/20 00:35:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/03/11 23:53:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/11 23:47:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D853F961
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2398E95B
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1919C7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2998F5
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
< End of report >

descriptionRedirector troubles EmptyRedirector Trouble

more_horiz
The problem has been solved. Since this is a work computer (at home) I couldn't afford to lose any more time. I sought an outside source however, you gave me some excellent option as I read through other threads and I was able to tell the technician what was going on.

Thank you,
Candice

descriptionRedirector troubles EmptyRe: Redirector troubles

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum