cant access that site either.....
this is making feel sad......
Printable View
cant access that site either.....
this is making feel sad......
Which site you can't access?
i cant access: http://support.microsoft.com/default...b;en-us;324764
i am being redirected still.....the avast isnt updating.....etc.,
We have a lot of issues here, so we have to try some workarounds, until the problem is solved.
First, I want you to try downloading, and installing Firefox: http://www.mozilla.com/en-US/firefox/, and see if you're still redirected.
Secondly...
Go HERE and download reglooks.exe to your Desktop.
Doubleclick on it to run it.
You'll see following window:
https://discussions.virtualdr.com/
When it has finished scanning, a log named result.txt will open in Notepad.
Copy the log and post it in this thread.
i am using firefos and it is being redirected....
just downloaded firefox....still redirected....
no running reglooks...
i meant....now running reglooks.....will post log as soon as it is finished....
OK.
REGLOOKS logfile
version 0.977
Sun 10/05/2008 23:02:38.20
running from: "C:\Program Files\Mozilla Firefox"
--- SSODL regkeys ---
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
only standard or legit regkeys found
--- STS regkeys ---
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found
--- USERINIT regkey ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
--- SHELL regkey ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"
--- SYSTEM regkey ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"System"=""
--- APPINIT_DLLS regkey ---
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""
--- NOTIFY regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
only standard or legit regkeys found
--- RUN / LOAD regkeys ---
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
"load"=""
--- BOOTEXECUTE regkey ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute= autocheck autochk *\0\0
--- SHELLEXECUTEHOOKS regkey ---
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
--- AUTORUN regkeys ---
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
"AutoRun"=""
--- HKLM\Run regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
--- HKLM\RunOnce regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKLM RunOnce keys found
--- HKLM\RunOnceEx regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
no HKLM RunOnceEx keys found
--- HKLM\RunServices regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regkey does not exist
--- HKLM\RunServicesOnce regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist
--- HKCU\Run regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
--- HKCU\RunOnce regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKCU RunOnce keys found
--- HKCU\RunOnceEx regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
regkey does not exist
--- HKCU\RunServices regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regkey does not exist
--- HKCU\RunServicesOnce regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist
--- HKU\.DEFAULT\Run regkeys - Default user ---
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\.DEFAULT\Run keys found
--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\S-1-5-18\Run keys found
--- HKU\S-1-5-19\Run regkeys - User Lokale service ---
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\S-1-5-19\Run keys found
--- HKU\S-1-5-20\Run regkeys - User Netwerkservice ---
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\S-1-5-20\Run keys found
--- HKLM\Explorer\Run regkeys ---
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist
--- HKCU\Explorer\Run regkeys ---
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist
--- Image File Execution regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found
--- BROWSER HELPER OBJECTS regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll"
--- TOOLBAR regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
no toolbars found
--- URLSEARCHHOOKS regkeys ---
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
only standard regkeys found
--- CONTEXTMENUHANDLERS regkeys ---
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
"avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll
"{CA8ACAFA-5FBB-467B-B348-90DD488DE003}" SUPERAntiSpyware Context Menu FILE ="C:\\Program Files\\SUPERAntiSpyware\\SASCTXMN.DLL"
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
"{CA8ACAFA-5FBB-467B-B348-90DD488DE003}" SUPERAntiSpyware Context Menu FILE ="C:\\Program Files\\SUPERAntiSpyware\\SASCTXMN.DLL"
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
"avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
"MBAMShlExt" CLSID ={57CE581A-0CB6-4266-9CA0-19364C90A0B3} FILE ="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamext.dll"
--- ALTERNATESHELL regkey ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
"AlternateShell"="cmd.exe"
--- SAFEBOOT MINIMAL SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
TDSSserv.sys
--- SAFEBOOT NETWORK SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
TDSSserv.sys
--- SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswFsBlk
"DisplayName"="aswFsBlk"
system32\DRIVERS\aswFsBlk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswSP
"DisplayName"="avast! Self Protection"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BCM42XX
"DisplayName"="Broadcom iLine10(tm) Network Adapter Driver"
System32\DRIVERS\bcm42xx5.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BCMModem
"DisplayName"="BCM V.90 56K Modem"
System32\DRIVERS\BCMDM.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BVRPMPR5
"DisplayName"="BVRPMPR5 NDIS Protocol Driver"
\??\G:\INSTAL~E\Core\BVRPMPR5.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DMICall
"DisplayName"="Sony DMI Call service"
System32\DRIVERS\DMICall.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dot4
"DisplayName"="MS IEEE-1284.4 Driver"
System32\DRIVERS\Dot4.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dot4Print
"DisplayName"="Print Class Driver for IEEE-1284.4"
System32\DRIVERS\Dot4Prt.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPVNMon
"DisplayName"="Visual NDMonitor"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASDIFSV
"DisplayName"="SASDIFSV"
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASENUM
"DisplayName"="SASENUM"
\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASKUTIL
"DisplayName"="SASKUTIL"
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SonyFKC
"DisplayName"="FAN and Keyboard Control Service"
System32\Drivers\SonyFKC.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SONYWBMS
"DisplayName"="Sony Memory Stick controller(WB)"
System32\DRIVERS\SonyWBMS.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd
no imagepath value found
service TDSSserv NOT FOUND
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\V7
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw
"DisplayName"="WAN Miniport (ATW)"
System32\DRIVERS\wanatw4.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{1665CEB2-B4F2-48E6-950A-6B3301B092A1}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{7B67BCB7-F427-4663-8CEB-B22CCC5B5F18}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{B4C1B459-0043-420B-B191-B320E3B13266}
no imagepath value found
--- SECURITYPROVIDERS regkey ---
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
--- SVCHOST regkey ---
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService: DnsCache\0\0
netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuauserv\0BITS\0ShellHWDetection\0helpsvc\0WmdmPmSN\0xmlprov\0wscsvc\0\0
rpcss: RpcSs\0\0
imgsvc: StiSvc\0\0
termsvcs: TermService\0\0
HTTPFilter: HTTPFilter\0\0
DcomLaunch: DcomLaunch\0TermService\0\0
WudfServiceGroup: WUDFSvc\0\0
--- WOW-CMDLINE regkeys ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
--- DNS SERVER regkeys ---
no "NameServer" values found
--- STARTUP FOLDERS ---
C:\Documents and Settings\Susheel\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
--- TASK SCHEDULER JOBS ---
no .job files found
--- File associations ---
.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
FINISHED
I don't see one damn thing responsible for redirections.
See, if you can run this...
Run the F-Secure online scan for Viruses, Spyware and RootKits: http://support.f-secure.com/enu/home/ols.shtml
This scanner works with Internet Explorer only
* Go to the F-Secure Online Virus Scanner
* Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
* Allow the Active X control to be installed on your computer, then click the Accept button
* Click Full System Scan and allow the components to download and the scan to complete.
* If malware is found, check Submit samples to F-Secure then select Automatic cleaning
* When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
* Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
* When the cleaning option is presented, Uncheck Submit samples to F-Secure
* Click Automatic cleaning
* When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
* Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post along with a fresh HijackThis log.
Note:
* This scan will only work with Internet Explorer
* You must have administrator rights to run this scan
* This scan can take over an hour so please be patient
OMG!!!!!!!!!!
I cant launch that link....i am blocked...i tried it in Internet Explorer.
I hope I have described my situation correctly....sorry - it seems that you are getting frustrated also...
I hope that it is a "redirection" issue...as that is what I think it is....
now when i type www.yahoo.com.....it defaults to www.m.yahoo.com....!?!?!?!?!?
i meant.....http://m.www.yahoo.com
Hmmmmm
Another try, if you can...
Download F-Secure Blacklight Rootkit Eliminator: http://www.pcworld.com/downloads/fil...l?tk=nl_ddxdwn to your desktop.
Double click on downloaded fsbl.exe file to run the program.
Accept agreement.
Click on Scan button.
When scan finishes, DO NOT attempt any fixes.
Find fsbl-***.log file on your desktop.
Open it in Notepad.
Copy the content, and paste it in your next reply.
10/06/08 08:06:20 [Info]: BlackLight Engine 1.0.70 initialized
10/06/08 08:06:20 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/06/08 08:06:21 [Note]: 7019 4
10/06/08 08:06:21 [Note]: 7005 0
10/06/08 08:06:33 [Note]: 7006 0
10/06/08 08:06:33 [Note]: 7011 1776
10/06/08 08:06:33 [Note]: 7035 0
10/06/08 08:06:33 [Note]: 7026 0
10/06/08 08:06:33 [Note]: 7026 0
10/06/08 08:06:39 [Note]: FSRAW library version 1.7.1024
10/06/08 08:06:50 [Note]: 2000 1012
10/06/08 08:06:50 [Note]: 2000 1012
10/06/08 08:07:04 [Note]: 7006 0
10/06/08 08:07:04 [Note]: 7011 1776
10/06/08 08:07:04 [Note]: 7035 0
10/06/08 08:07:04 [Note]: 7026 0
10/06/08 08:07:04 [Note]: 7026 0
10/06/08 08:07:09 [Note]: FSRAW library version 1.7.1024
10/06/08 08:07:20 [Note]: 2000 1012
10/06/08 08:07:20 [Note]: 2000 1012
10/06/08 08:07:51 [Note]: 7007 0
any further thoughts????
Nothing here.
Next step:
Download gmer.zip: http://www.gmer.net/files.php
Unzip the file, and double click on gmer.exe, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Attach the log to your next reply.
Failed to Connect
Firefox can't establish a connection to the server at www.gmer.net.
Though the site seems valid, the browser was unable to establish a connection.
* Could the site be temporarily unavailable? Try again later.
* Are you unable to browse other sites? Check the computer's network connection.
* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.
i tried running it in Internet Explorer also.....and it didnt work there either.....
I uploaded the file for you here: http://www.uploadbigfiles.net/downlo...le=977gmer.zip
See, if you can get it.
it worked...i am scanning now...
Cool :)
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-06 21:21:12
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF30E8618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF30E84D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF30E89B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF30E80AC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF30E85AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF30E7FEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF30E8050]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF30E86CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF30E868E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF30E880E]
Code E1970458 ZwEnumerateKey
Code E1970538 ZwFlushInstructionCache
Code F7DB1E0B pIofCallDriver
---- Kernel code sections - GMER 1.0.14 ----
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EEB0 5 Bytes JMP E197045C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 805769EA 5 Bytes JMP E197053C
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00F0000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] WININET.dll!HttpAddRequestHeadersW 780CCF65 5 Bytes JMP 00F8000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] WS2_32.dll!send 71AB428A 5 Bytes JMP 00B5000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1288] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00B4000A
.text C:\WINDOWS\Explorer.EXE[1776] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1776] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C5000A
.text C:\WINDOWS\Explorer.EXE[1776] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C4000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2640] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00DD000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2640] WS2_32.dll!send 71AB428A 5 Bytes JMP 00DF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2640] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00DE000A
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Modules - GMER 1.0.14 ----
Module \systemroot\system32\drivers\TDSSserv.sys (*** hidden *** ) F7DB0000-F7DBC000 (49152 bytes)
---- Threads - GMER 1.0.14 ----
Thread 4:292 F7DB1D68
---- Services - GMER 1.0.14 ----
Service C:\WINDOWS\system32\drivers\TDSSserv.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@affid 5
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@subid 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@flagged 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@serf_once 1
---- EOF - GMER 1.0.14 ----
We got SOB!!
You have a rootkit.
Restart computer in Safe Mode, and delete TDSSserv.sys file from C:\WINDOWS\system32\drivers
If it gives you any problem with deleting, let me know.
still cant do "Safe Mode".....
OK. I forgot.
Access Task Manager, and see, if TDSSserv.sys process is running. If so, click on it, and click "End Process" button.
See, if you can delete TDSSserv.sys file in Normal Mode, then.
well.....
i searched for TDSSserv.sys and could not find it......
it isnt running as a process either....
Did you go to: C:\WINDOWS\system32\drivers folder?
In Windows Explorer>Tools>Folder Options>View tab, make sure, 1st item is checked, and the 2nd one unchecked:
http://209.85.48.8/228/109/upload/p4167613.gif
Now, look again in the above folder.
its not there...
i searched for it again....
OK. Run GMER again.
When scan is completed, right click on following line:
Service C:\WINDOWS\system32\drivers\TDSSserv.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!
and click Delete the service, and answer YES to all questions.
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-06 22:23:47
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3164618] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF31644D4] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF31649B2] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF31640AC] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF31645AE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3163FEC] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3164050] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF31646CE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF316468E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF316480E] <-- ROOTKIT !!!
Code E19171F0 ZwEnumerateKey
Code E19172D0 ZwFlushInstructionCache
Code F7898E0B pIofCallDriver
---- Kernel code sections - GMER 1.0.14 ----
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EEB0 5 Bytes JMP E19171F4
PAGE ntoskrnl.exe!ZwFlushInstructionCache 805769EA 5 Bytes JMP E19172D4
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\Explorer.EXE[1720] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1720] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C5000A
.text C:\WINDOWS\Explorer.EXE[1720] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D5000A
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Modules - GMER 1.0.14 ----
Module \systemroot\system32\drivers\TDSSserv.sys (*** hidden *** ) F7897000-F78A3000 (49152 bytes)
---- Threads - GMER 1.0.14 ----
Thread 4:292 F7898D68
---- Services - GMER 1.0.14 ----
Service C:\WINDOWS\system32\drivers\TDSSserv.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@affid 5
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@subid 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@flagged 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@serf_once 1
---- EOF - GMER 1.0.14 ----
ok...i did the deletion of the TDSS.sys on gmer....
now what....
have I said thank you yet....
thanks for all of this help....
Restart computer, and see, if redirection still happens.
Broni - you are amazing.....IT WORKED!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I cant thank you enough for your patience and persistence!!!!!!!!!!!!!!!!!!!!!!
no more redirection on IE or on Firefox......
Now........
I have a lot of new programs that i had to install to squeeze out this little critter.....
what programs can i remove and how can i do that.....
and also - how did i get this rootkit....and what is a rootkit????
thanks a ton for your help....
I tell you, I'm glad, we found it, because, it was driving me nuts!...hehehe
Before we go any further:
1. Turn System Restore off.
2. Restart computer.
3. Turn System Restore on.
4. Run CCleaner.
Rootkit is just a type of virus, but a really nasty one, because most security programs won't detect it. The reason is, it pretends to be like another system file, and it hides itself very well (you know, by now :)). It's able to take full control of your system, if not taken care of.
As for the programs....
- reglooks.exe is a simple file, which doesn't install anything, so it can be simply deleted
- GMER - Start C:\WINDOWS\gmer_uninstall.cmd script and reboot
- others are keepers
OK....
I am running the ccleaner...
avast found the TDSS somewhere - i told it to delete....i guess it is running and is updated now where before the rootkit was blocking the update and avast from running....
i am down to 3.8GB of Memory....what should i delete...i was never able to find the HP toolkit???
speed seems better, is there anything I can do to improve that even more???
I'd like you to post another HJT log, just to make sure.
I assume, your hard drive space is down to 3.8GB, right?
What is the size of your HD?
Are you sure, Avast is getting updates?
Can you restart to Safe Mode, now?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:24 AM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ccf.org
O15 - Trusted Zone: *.clevelandclinic.org
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://secure.ccf.org/ccf-msam/cds/CGC/en/CSGProxy.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 6086 bytes
Hard Disk Space is:
C: total size: 14.9 GB
C: total available: 3.32GB
D: total size: 59.5 GB
D: total available: 56.0
avast looks like its is getting updates because i am not getting the warning saying that it cant access the updates, like I used to.....
if i do safe mode - should i run the superantispyware in safe mode???