Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

redirected from google search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

redirected from google search

Unread postby lamedmem » December 2nd, 2009, 10:14 pm

Hi

I wonder if anyone could help over the past few days when I click on items on Google search I most of the time get redirected to other advertising sites I have scanned with Adaware, AVG and spybot but cant get rid of it. My log is below and i would greatly appreciate if anyone could help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:18 PM, on 12/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Movie Maker\moviemk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ViVL: Save Pictures... - C:\Program Files\ViVL.COM\vivlWebSaverImage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ViVL Web Picture Saver - {D3B9FE31-191E-443B-9E43-D0D0DF53F3C2} - C:\Program Files\ViVL.COM\vivlWebSaverBar.html
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://nigel.viewnetcam.com:81/kxhcm10.ocx
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - https://208.125.27.194/ConnectComputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3612711456
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/Rite ... Online.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/ ... 0.0.10.cab?
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 11344 bytes
lamedmem
Regular Member
 
Posts: 15
Joined: December 2nd, 2009, 9:57 pm
Advertisement
Register to Remove

Re: redirected from google search

Unread postby shinybeast » December 7th, 2009, 6:25 pm

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.
  • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
  • Perform all instructions in the order given.
  • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
  • The instructions assume you are using an account with administrator privileges.
  • Do not run any other tools to remove malware while we are working.
  • Post all responses in a reply to this topic - Please do not start a new topic.
  • If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
  • If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated. :)


Installed Program List

It would be helpful to see a list of programs installed on your computer.

  • Please start Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager... under System Tools

You will see a list of programs installed on your computer.
Please click the Save List... button and specify where you would like to save the list.
Once you click Save, the list will open in Notepad. Simply copy and paste the entire contents of Notepad in your next post.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: redirected from google search

Unread postby lamedmem » December 8th, 2009, 12:38 pm

Thank you so much for getting back to me . I have done what you asked and here is the list

32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
Agere Systems USB 2.0 Soft Modem
AHV content for Acrobat and Flash
AVG Free 9.0
Canon Camera Window for ZoomBrowser EX
Canon IXY DV3, ELURA40 WIA Driver
Canon PhotoRecord
Canon PowerShot S45 WIA Driver
Canon Utilities FileViewerUtility 1.0
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.6
Canon Utilities ZoomBrowser EX
CCleaner
Classic PhoneTools
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support 3.1
Diskeeper Professional Edition
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
D-Link USB Phone Adapter
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
FastStone Image Viewer 3.2
FastStone Photo Resizer 2.7
ffdshow [rev 2844] [2009-03-30]
FW LiveUpdate
Google Chrome
Google SketchUp 6
Google SketchUp 6
Google Talk Plugin
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 10.0
HP Deskjet All-In-One Software 9.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Image Zone 4.2
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP PSC & OfficeJet 4.2
HP Smart Web Printing
HP Solution Center 10.0
HP Update
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 5
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes' Anti-Malware
Maxtor MaxBlast
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mobile Photo Enhancer 1.3
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
Nero Suite
PDF Settings
Picasa 3
Picture This... Professional
Qualxserve Service Agreement
QuarkXPress 7.0
QuickBooks Simple Start Special Edition
QuickTime
Rhapsody Player Engine
Seagate FreeAgent Theater PC Software
Seagate FreeAgent Theater PC Software
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shop for HP Supplies
Skype™ 4.0
Spybot - Search & Destroy
The KMPlayer (remove only)
TVUPlayer 2.4.7.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Web Task 5
ViVL.COM Software WebSaver Version:2.0.2
WebCyberCoach 3.2 Dell
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPatrol
WinPatrol 2009
WM Converter 2.0
WordPerfect Office 12
Xvid 1.2.1 final uninstall
Yahoo! Toolbar
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
lamedmem
Regular Member
 
Posts: 15
Joined: December 2nd, 2009, 9:57 pm

Re: redirected from google search

Unread postby shinybeast » December 12th, 2009, 11:38 pm

Hello lamedmem,

Apologies for the delay.

Do you know why CA License Client is running on this computer?

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe


Uninstall Programs

Ad-Aware, while a decent program, is not effective against most of today's threats. Please uninstall it to prevent it interfering with the tools we use.

Click Start, click Run...
Type appwiz.cpl and press Enter to open Add or Remove Programs
For each of the programs listed below, highlight them in the list and click Remove

Ad-Aware

Once finished, close Add or Remove Programs window


Disable Spybot Tea Timer

Tea Timer needs to be disabled to prevent interference with the tools we use.

  • Start Spybot Search & Destroy (Start > All Programs > Spybot - Search & Destroy > Spybot - Search & Destroy)
  • Select Advanced Mode (Click Mode in menu bar and select Advanced mode)
  • On the left side of the window click Tools
  • Under Tools click Resident (red & white shield)
  • Uncheck Resident "TeaTimer" and click OK at any prompts.
  • Restart the computer


Scan with CKScanner

Click here to download CKScanner
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


In your next reply, please include the CKScanner log and info on CA license client. :)
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: redirected from google search

Unread postby lamedmem » December 13th, 2009, 2:27 pm

HI thank you

here is the the CKS scanner Log. I do not know anything about CA License Client what is is or if i need it?

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe after effects cs3\support files\presets\image - special effects\cracked tiles.ffx
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\html\keygen.html
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\php\crackf.html
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\jasc software inc\paint shop pro studio\bump maps\cracked desert.pspimage
c:\program files\jasc software inc\paint shop pro studio\patterns\cracked paint.pspimage
c:\program files\lencom software inc\visual web task 5\lencom.webcracker.dll
c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll
scanner sequence 3.DF.11
----- EOF -----
lamedmem
Regular Member
 
Posts: 15
Joined: December 2nd, 2009, 9:57 pm

Re: redirected from google search

Unread postby shinybeast » December 13th, 2009, 10:12 pm

Hi lamedemem,


The CA Client service is associated with Computer Associates security products, perhaps you had eTrust anti-virus installed in the past?


Scan with OTL

Click here to download OTL by OldTimer and save it to your Desktop
  • Close all other open windows, then double-click OTL.exe to start OTL
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Click Run Scan in upper left of window.
  • When the scan is finished, two logs will open:
    OTL.Txt <-- Will be opened
    Extras.Txt <-- Will be minimized
  • Please post the contents of these two logs in your next reply.


Defogger

Certain virtual cd drivers will interfere with some of the tools we use.
As a precaution, disable them by doing the following:
NOTE: If the drivers are not present the program will not make any changes to your computer.

Click Here to download Defogger by jpshortstuff and save it to your desktop.
  • Double-click Defogger.exe to run the tool
  • In the window that opens click Disable
  • Read the warning and click Yes
  • When the Finished! message appears, click OK.
  • If Defogger asks to reboot the machine, click OK to allow it.

IMPORTANT! If you receive an error message while running DeFogger, please post the contents of defogger_disable.log which will appear on your desktop.

Do NOT re-enable these drivers until otherwise instructed.


Scan with GMER

Please download GMER Rootkit Scanner from here.
  • Double click the randomly named .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image[
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button and wait for it to finish
  • Once done click on the Save.. button at lower right, and in the File name area, type in "Gmer.txt" (include the quotes) or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


In your next reply, please include the OTL logs (otl.txt and extras.txt) and the GMER log.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: redirected from google search

Unread postby lamedmem » December 14th, 2009, 12:54 am

Thank you again for the detailed instructions here are the logs

OTL logfile created on: 12/13/2009 11:16:28 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\hhhhhh\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 509.13 Mb Available Physical Memory | 49.82% Memory free
1.90 Gb Paging File | 1.48 Gb Available in Paging File | 77.79% Paging File free
Paging file location(s): c:\pagefile.sys 1022 1222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 425.72 Gb Total Space | 224.70 Gb Free Space | 52.78% Space Free | Partition Type: NTFS
Drive D: | 649.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBDHXY71
Current User Name: hhhhhh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/13 23:11:13 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hhhhhh\Desktop\OTL.exe
PRC - [2009/12/12 09:25:30 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/12 09:25:21 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/12 09:25:19 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/12 19:03:53 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/12 19:03:53 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/12 19:03:50 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/10 16:07:08 | 00,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/12/16 13:36:06 | 00,165,160 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\FreeAgent_Theater\Sync\MediaAggreService.exe
PRC - [2008/11/10 12:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2007/12/11 16:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/26 17:51:22 | 00,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe


========== Modules (SafeList) ==========

MOD - [2009/12/13 23:11:13 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hhhhhh\Desktop\OTL.exe
MOD - [2006/10/01 13:04:00 | 00,063,032 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LogWatch)
SRV - [2009/11/12 19:03:50 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/16 21:24:46 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/30 10:53:25 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9b14fb1942f82) Google Update Service (gupdate1c9b14fb1942f82)
SRV - [2008/12/16 13:36:06 | 00,165,160 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\FreeAgent_Theater\Sync\MediaAggreService.exe -- (FreeAgentTheater Service)
SRV - [2008/11/10 12:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/10 12:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/10 12:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/01/03 13:45:18 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/12/11 16:15:04 | 00,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/04/20 08:03:02 | 00,411,168 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/07/26 17:51:22 | 00,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/16 12:35:38 | 00,126,976 | ---- | M] (Computer Associates International Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/12 19:04:19 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/12 19:04:18 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/12 19:04:18 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/11/20 14:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/09/12 18:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/06/30 21:38:49 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/01/24 15:05:10 | 00,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/01/24 15:05:10 | 00,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/24 15:05:05 | 00,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/01/07 03:01:56 | 00,084,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slvad.sys -- (SLVAD_simple)
DRV - [2007/12/14 15:06:08 | 01,202,624 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/07 23:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 23:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 23:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/01/28 06:27:14 | 00,780,544 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAVCap.sys -- (USBAVCap)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/03/01 02:31:26 | 00,546,120 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slusbvip.sys -- (slusbvip)
DRV - [2006/03/01 02:31:00 | 00,014,888 | R--- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TLRecAgent.sys -- (TLRecAgent)
DRV - [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/03/21 20:48:30 | 00,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2005/01/27 21:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 07:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 07:00:00 | 00,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/04 07:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 07:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 07:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 07:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 07:00:00 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 07:00:00 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 07:00:00 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 07:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 07:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 07:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 07:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 07:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 07:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 22:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004/08/03 22:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004/08/03 22:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004/02/10 21:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://newsvote.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:2.710.016.005
FF - prefs.js..extensions.enabledItems: esnipesnipeit@esnipe.com:1.0.9
FF - prefs.js..extensions.enabledItems: {C4A22BA1-6D61-45F1-82A9-140FD33F1110}:1.0.4.86
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 09:27:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/11/12 19:04:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 11:38:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/09 11:38:45 | 00,000,000 | ---D | M]

[2008/06/17 21:23:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hhhhhh\Application Data\Mozilla\Extensions
[2009/12/13 01:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hhhhhh\Application Data\Mozilla\Firefox\Profiles\rmumy5hf.default\extensions
[2009/02/06 06:20:00 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\hhhhhh\Application Data\Mozilla\Firefox\Profiles\rmumy5hf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/01 18:19:01 | 00,000,000 | ---D | M] (Hebrew Calendar) -- C:\Documents and Settings\hhhhhh\Application Data\Mozilla\Firefox\Profiles\rmumy5hf.default\extensions\{C4A22BA1-6D61-45F1-82A9-140FD33F1110}
[2008/05/13 08:39:54 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hhhhhh\Application Data\Mozilla\Firefox\Profiles\rmumy5hf.default\extensions\{c7182bab-dd8e-4e4e-a5c3-f60359142d6d}
[2008/12/12 06:13:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hhhhhh\Application Data\Mozilla\Firefox\Profiles\rmumy5hf.default\extensions\esnipesnipeit@esnipe.com
[2009/09/13 22:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hhhhhh\Application Data\Mozilla\Firefox\Profiles\rmumy5hf.default\extensions\firefox@tvunetworks.com
[2008/06/19 23:22:47 | 00,002,117 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Application Data\Mozilla\Firefox\Profiles\rmumy5hf.default\searchplugins\babylon.xml
[2009/12/13 01:29:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/24 22:08:06 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/07/17 17:54:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/05/19 13:57:00 | 02,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/09/15 10:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2008/02/28 13:30:00 | 00,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/02/28 13:33:00 | 00,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - Reg Error: Value error. File not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: ViVL: Save Pictures... - C:\Program Files\ViVL.COM\vivlWebSaverImage.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ViVL Web Picture Saver - {D3B9FE31-191E-443B-9E43-D0D0DF53F3C2} - C:\Program Files\ViVL.COM\vivlWebSaverBar.html ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sure.com/c/ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://nigel.viewnetcam.com:81/kxhcm10.ocx (KX-HCM10 Control)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} https://208.125.27.194/ConnectComputer/nshelp.dll (NSHelp Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3612711456 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} https://photos.riteaid.com/control/Rite ... Online.cab (Rite Aid One Hour Photo Online Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/ ... 0.0.10.cab? (Photo Upload Plugin Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{408e29b2-cebf-11dc-a70c-0011118debd2}\Shell - "" = AutoRun
O33 - MountPoints2\{408e29b2-cebf-11dc-a70c-0011118debd2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{408e29b2-cebf-11dc-a70c-0011118debd2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/09 11:21:01 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53483694433763328)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/13 23:11:09 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hhhhhh\Desktop\OTL.exe
[2009/12/10 13:15:50 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\hhhhhh\Recent
[2009/12/02 22:42:33 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2009/12/02 22:42:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/12/02 22:41:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hhhhhh\Local Settings\Application Data\Downloaded Installations
[2009/12/02 21:22:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hhhhhh\Desktop\New Folder (15)
[2009/12/02 20:50:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/01 22:25:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hhhhhh\Desktop\home v
[2009/11/29 23:27:07 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/28 19:07:22 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\hhhhhh\PrivacIE
[2009/11/14 22:49:42 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\hhhhhh\IETldCache
[2009/11/14 22:35:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/11/14 22:34:30 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/11/14 22:34:30 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/11/14 22:34:28 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/11/14 22:34:28 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/11/14 22:33:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/11/14 22:32:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/12 18:02:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/12 18:02:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/12 18:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/12 18:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/30 10:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/08 11:24:55 | 00,546,120 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slusbvip.sys
[2008/10/08 11:24:55 | 00,014,888 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\TLRecAgent.sys
[2008/06/30 21:38:49 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\hhhhhh\Application Data\pcouffin.sys
[2008/03/30 23:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2008/01/27 15:40:02 | 00,769,536 | ---- | C] (Toshiba Samsung Storage Technology Coporation) -- C:\Documents and Settings\hhhhhh\Application Data\sfdnwin.dll
[2007/06/12 09:49:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/02/27 22:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WinPatrol
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\hhhhhh\My Documents\*.tmp files -> C:\Documents and Settings\hhhhhh\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/13 23:18:00 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1329665198-3272703715-2708353175-1006UA.job
[2009/12/13 23:11:13 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hhhhhh\Desktop\OTL.exe
[2009/12/13 18:33:02 | 46,593,199 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/13 18:32:29 | 00,123,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/13 13:11:57 | 00,441,856 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\CKScanner.exe
[2009/12/13 13:06:18 | 00,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/13 13:04:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/13 13:04:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 13:04:13 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/13 13:03:09 | 11,534,336 | -H-- | M] () -- C:\Documents and Settings\hhhhhh\NTUSER.DAT
[2009/12/13 13:03:09 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\hhhhhh\ntuser.ini
[2009/12/13 01:31:58 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1329665198-3272703715-2708353175-1006Core.job
[2009/12/13 01:20:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/09 03:31:14 | 00,446,804 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 03:31:14 | 00,073,416 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 03:31:13 | 00,530,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/08 22:12:15 | 02,937,706 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\SPEECH1.pdf
[2009/12/08 22:11:31 | 02,937,706 | ---- | M] () -- C:\Documents and Settings\hhhhhh\My Documents\SPEECH1.pdf
[2009/12/08 22:10:28 | 02,966,016 | ---- | M] () -- C:\Documents and Settings\hhhhhh\My Documents\SPEECH1.doc
[2009/12/07 11:37:36 | 00,045,530 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\La Guardia to 739 E New Yor...pdf
[2009/12/07 06:24:12 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/07 06:24:05 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/05 21:54:50 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\dds.scr
[2009/12/05 20:24:17 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\hhhhhh\default.pls
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 10:58:59 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\hhhhhh\My Documents\rentletter3.doc
[2009/12/02 22:42:45 | 00,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FreeAgent Theater.lnk
[2009/12/02 20:50:46 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\HijackThis.lnk
[2009/11/30 23:18:09 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\Spybot - Search & Destroy.lnk
[2009/11/30 14:24:34 | 00,055,862 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\Payment Confirmation.pdf
[2009/11/29 23:27:03 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/24 09:33:56 | 00,971,924 | ---- | M] () -- C:\Documents and Settings\hhhhhh\My Documents\marsh2009.pdf
[2009/11/24 09:33:14 | 00,988,160 | ---- | M] () -- C:\Documents and Settings\hhhhhh\My Documents\marsh2009.doc
[2009/11/22 13:13:31 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\Shortcut to scan0001.lnk
[2009/11/18 22:21:36 | 00,247,089 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\How to Teach Your Children ...pdf
[2009/11/16 18:44:41 | 00,025,425 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\Woot _ Order Receipt.pdf
[2009/11/14 22:55:32 | 00,057,000 | ---- | M] () -- C:\Documents and Settings\hhhhhh\Desktop\Gmail - MARGIT G NYC-KENNED...pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\hhhhhh\My Documents\*.tmp files -> C:\Documents and Settings\hhhhhh\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/13 13:11:56 | 00,441,856 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\CKScanner.exe
[2009/12/08 22:12:15 | 02,937,706 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\SPEECH1.pdf
[2009/12/08 22:11:31 | 02,937,706 | ---- | C] () -- C:\Documents and Settings\hhhhhh\My Documents\SPEECH1.pdf
[2009/12/08 22:09:53 | 02,966,016 | ---- | C] () -- C:\Documents and Settings\hhhhhh\My Documents\SPEECH1.doc
[2009/12/07 11:37:36 | 00,045,530 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\La Guardia to 739 E New Yor...pdf
[2009/12/05 21:54:37 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\dds.scr
[2009/12/03 10:58:59 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\hhhhhh\My Documents\rentletter3.doc
[2009/12/02 22:42:45 | 00,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FreeAgent Theater.lnk
[2009/12/02 20:50:46 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\HijackThis.lnk
[2009/11/30 23:18:09 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\Spybot - Search & Destroy.lnk
[2009/11/30 14:24:34 | 00,055,862 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\Payment Confirmation.pdf
[2009/11/24 09:33:48 | 00,971,924 | ---- | C] () -- C:\Documents and Settings\hhhhhh\My Documents\marsh2009.pdf
[2009/11/24 09:33:13 | 00,988,160 | ---- | C] () -- C:\Documents and Settings\hhhhhh\My Documents\marsh2009.doc
[2009/11/22 13:13:31 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\Shortcut to scan0001.lnk
[2009/11/18 22:21:36 | 00,247,089 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\How to Teach Your Children ...pdf
[2009/11/16 18:44:41 | 00,025,425 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\Woot _ Order Receipt.pdf
[2009/11/14 22:55:32 | 00,057,000 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Desktop\Gmail - MARGIT G NYC-KENNED...pdf
[2009/05/17 22:52:32 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/17 22:52:31 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/17 18:38:47 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2009/05/17 18:38:47 | 00,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2009/05/17 18:38:35 | 00,262,144 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2009/05/17 18:38:35 | 00,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2009/05/17 18:36:01 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/05/04 14:32:05 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Application Data\$_hpcst$.hpc
[2008/10/08 11:25:23 | 00,244,240 | ---- | C] () -- C:\WINDOWS\System32\slvipgx.dll
[2008/10/08 11:25:23 | 00,150,032 | ---- | C] () -- C:\WINDOWS\System32\slvipco.dll
[2008/10/08 11:25:23 | 00,084,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\slvad.sys
[2008/07/07 07:45:31 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/07 07:45:31 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/30 21:38:55 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Application Data\pcouffin.log
[2008/06/30 21:38:49 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Application Data\inst.exe
[2008/06/30 21:38:49 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Application Data\pcouffin.cat
[2008/06/30 21:38:49 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Application Data\pcouffin.inf
[2008/06/24 18:29:21 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/06/24 18:29:21 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/06/24 18:29:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/06/24 18:29:21 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/04/08 14:21:08 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/02 15:03:33 | 00,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2008/04/02 15:02:33 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2008/01/27 14:35:01 | 00,000,465 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Application Data\SamsungLiveUpdateConfig.ini
[2008/01/03 14:06:18 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/11/12 17:53:53 | 00,006,347 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/07 11:17:21 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/28 11:07:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/09/28 11:05:50 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/09/28 11:05:50 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/09/28 11:05:08 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/07 13:06:43 | 00,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/07/06 13:04:32 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/05/27 09:39:49 | 00,000,032 | ---- | C] () -- C:\WINDOWS\Autorun.INI
[2007/05/22 18:14:58 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/13 18:58:44 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/04/15 13:10:57 | 00,073,728 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/04 10:42:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/10/30 20:53:14 | 00,000,121 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/04 10:34:23 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/06/19 20:03:47 | 00,000,125 | -HS- | C] () -- C:\Documents and Settings\hhhhhh\Application Data\.zreglib
[2006/03/22 00:48:21 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/17 16:55:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/10 10:17:41 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2005/08/10 10:16:47 | 00,000,151 | ---- | C] () -- C:\WINDOWS\UPSWSHIP.INI
[2005/08/09 12:42:09 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\hhhhhh\Local Settings\Application Data\fusioncache.dat
[2005/07/21 08:31:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/21 07:52:34 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/21 07:52:20 | 00,000,302 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 07:00:00 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2003/12/17 06:19:00 | 00,005,743 | ---- | C] () -- C:\WINDOWS\UN021217.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/08/13 13:31:41 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 10:28:14 | 00,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/03/21 20:49:00 | 00,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\i386\NvAtaBus.sys
[2005/03/21 20:49:00 | 00,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/03/21 20:49:00 | 00,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2007/10/31 12:45:10 | 00,042,496 | ---- | M] ()(C:\Documents and Settings\hhhhhh\My Documents\????? ????? ??? ????? ???? ?.doc) -- C:\Documents and Settings\hhhhhh\My Documents\הרבעש הנשבש יפל גאדומ ינאו ה.doc
[2007/10/31 10:32:14 | 00,042,496 | ---- | C] ()(C:\Documents and Settings\hhhhhh\My Documents\????? ????? ??? ????? ???? ?.doc) -- C:\Documents and Settings\hhhhhh\My Documents\הרבעש הנשבש יפל גאדומ ינאו ה.doc
< End of report >

OTL Extras logfile created on: 12/13/2009 11:16:28 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\hhhhhh\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 509.13 Mb Available Physical Memory | 49.82% Memory free
1.90 Gb Paging File | 1.48 Gb Available in Paging File | 77.79% Paging File free
Paging file location(s): c:\pagefile.sys 1022 1222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 425.72 Gb Total Space | 224.70 Gb Free Space | 52.78% Space Free | Partition Type: NTFS
Drive D: | 649.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBDHXY71
Current User Name: hhhhhh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Program Files\TVU Player\TVUPlayer.exe" = C:\Program Files\TVU Player\TVUPlayer.exe:*:Enabled:TVUPlayer -- File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component -- (TVU networks)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\hhhhhh\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\hhhhhh\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\hhhhhh\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\hhhhhh\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = FileViewerUtility 1.0
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{209F37EA-45C5-4292-AF97-3FC64D67A78D}" = Seagate FreeAgent Theater PC Software
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}" = Canon Camera WIA Driver
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3205A978-4A7A-403B-A4B9-D48E6BAFB73B}" = WinPatrol
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3EB36B73-E8D9-42B2-84A3-1303DCDBDDAF}" = Visual Web Task 5
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{570B96D1-70D3-4B48-93EF-029440FA1BCE}" = Camera Window
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62E8A1F2-6A17-4AFB-95E0-3C0C41A6A034}_is1" = ViVL.COM Software WebSaver Version:2.0.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Maxtor MaxBlast
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}" = QuarkXPress 7.0
"{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = PhotoStitch
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = RemoteCapture 2.6
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}" = F4100_Help
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBCD6910-F929-4D46-B867-3EBEA4A1D409}" = Diskeeper Professional Edition
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EC59BF9E-39D5-3108-A34B-12FB60ECAF8B}" = Google Talk Plugin
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F8FED11D-3584-4a72-8B26-E0951B655797}" = F4100
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems USB 2.0 Soft Modem
"AVG9Uninstall" = AVG Free 9.0
"Canon Camera WIA Driver IXY DV3, ELURA40" = Canon IXY DV3, ELURA40 WIA Driver
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"FastStone Image Viewer" = FastStone Image Viewer 3.2
"FastStone Photo Resizer" = FastStone Photo Resizer 2.7
"ffdshow_is1" = ffdshow [rev 2844] [2009-03-30]
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = Canon Utilities FileViewerUtility 1.0
"InstallShield_{209F37EA-45C5-4292-AF97-3FC64D67A78D}" = Seagate FreeAgent Theater PC Software
"InstallShield_{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}" = Canon PowerShot S45 WIA Driver
"InstallShield_{570B96D1-70D3-4B48-93EF-029440FA1BCE}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = Canon Utilities RemoteCapture 2.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Photo Enhancer_is1" = Mobile Photo Enhancer 1.3
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PhotoRecord" = Canon PhotoRecord
"Picasa 3" = Picasa 3
"Picture This... Professional" = Picture This... Professional
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The KMPlayer" = The KMPlayer (remove only)
"TLink" = D-Link USB Phone Adapter
"TVUPlayer" = TVUPlayer 2.4.7.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPatrol" = WinPatrol 2009
"winusb0100" = Microsoft WinUsb 1.0
"WM Converter 2.0" = WM Converter 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2009 10:57:00 PM | Computer Name = DBDHXY71 | Source = Application Hang | ID = 1002
Description = Hanging application PTPro.exe, version 3.0.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2009 10:57:56 PM | Computer Name = DBDHXY71 | Source = Application Hang | ID = 1002
Description = Hanging application PTPro.exe, version 3.0.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2009 10:58:24 PM | Computer Name = DBDHXY71 | Source = Application Hang | ID = 1002
Description = Hanging application PTPro.exe, version 3.0.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/23/2009 8:16:19 PM | Computer Name = DBDHXY71 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2009 10:56:33 PM | Computer Name = DBDHXY71 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3593, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00011a42.

Error - 11/25/2009 12:19:23 AM | Computer Name = DBDHXY71 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3593, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00011119.

Error - 11/25/2009 8:22:22 PM | Computer Name = DBDHXY71 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3593, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00011a42.

Error - 11/29/2009 2:31:49 PM | Computer Name = DBDHXY71 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3593, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x000108f3.

Error - 11/30/2009 12:25:03 AM | Computer Name = DBDHXY71 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/30/2009 9:35:57 PM | Computer Name = DBDHXY71 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

[ System Events ]
Error - 12/9/2009 9:37:03 AM | Computer Name = DBDHXY71 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/13/2009 2:16:38 AM | Computer Name = DBDHXY71 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/13/2009 2:16:38 AM | Computer Name = DBDHXY71 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/13/2009 2:16:51 AM | Computer Name = DBDHXY71 | Source = Service Control Manager | ID = 7000
Description = The Event Log Watch service failed to start due to the following error:
%%3

Error - 12/13/2009 2:18:17 AM | Computer Name = DBDHXY71 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/13/2009 2:04:41 PM | Computer Name = DBDHXY71 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/13/2009 2:04:41 PM | Computer Name = DBDHXY71 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/13/2009 2:04:50 PM | Computer Name = DBDHXY71 | Source = Service Control Manager | ID = 7000
Description = The Event Log Watch service failed to start due to the following error:
%%3

Error - 12/13/2009 2:06:16 PM | Computer Name = DBDHXY71 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/13/2009 2:06:16 PM | Computer Name = DBDHXY71 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >

GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-13 23:51:00
Windows 5.1.2600 Service Pack 2
Running: ssneb10r.exe; Driver: C:\DOCUME~1\hhhhhh\LOCALS~1\Temp\uxroapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00001015 -> \Driver\atapi \Device\Harddisk0\DR0 86F2D50C

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
lamedmem
Regular Member
 
Posts: 15
Joined: December 2nd, 2009, 9:57 pm

Re: redirected from google search

Unread postby shinybeast » December 14th, 2009, 10:36 pm

Hello lamedemem,

P2P Software

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
DNA


I'd like you to read the P2P (Person to Person) File Sharing Programmes where this forum's policy is explained.

If you would like to continue, you must go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Warning: Any existing remnants of the program may be removed during cleaning.

Please let me know if you uninstall the P2P software and would like to continue. It's quite likely that your infection came from using P2P to download infected files.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: redirected from google search

Unread postby lamedmem » December 15th, 2009, 12:03 am

Thank you
I have removed Bit torrent and DNA
lamedmem
Regular Member
 
Posts: 15
Joined: December 2nd, 2009, 9:57 pm

Re: redirected from google search

Unread postby shinybeast » December 15th, 2009, 10:32 am

Hi lamedemem,

Thank you, let's continue.

Please note that the computer has a deep-rooted infection. I strongly encourage you to back up all important data on the computer before attempting the below steps as there is a small possibility of things going awry.


Spybot Tea Timer should still be disabled, if it is not, follow the instructions in this post to disable it.


Backup Registry With ERUNT

Modifying the Windows Registry can occasionally create problems, so it is imperative we back it up first.

  • Please download ERUNT (Emergency Recovery Utility NT) by Lars Hederer from one of the links below and save it to a convenient location
    Link 1 | Link 2
  • Double-click the file erunt-setup.exe that you downloaded to start the install
  • After the language selection, click Next three times to choose the default location, folder name and start menu folder.
  • You may choose to uncheck the desktop icons at the Select Additional Options window.
  • IMPORTANT: After clicking Install, you will get a popup asking if you want to run ERUNT at each startup. Click No (Once we are finished, you may choose to enable this option).
  • Keep the option to run ERUNT checked and click Finish
  • Click OK at the Welcome dialog box
  • Ensure the System Registry and Current User Registry boxes are checked and click OK to backup the registry to the default location and filename. You will be asked if you want to create the folder, click Yes
  • A window should appear that says "Registry backup is complete!." Click OK in that window.

NOTE: If the "registry optimization tool" NTREGOPT is installed with ERUNT, do NOT, for any reason, run NTREGOPT.


IMPORTANT: If you do not complete ERUNT backup successfully, do not continue further and post back to let me know.


TDSSKiller

  • Click here to download TDSSKiller to your desktop.
  • Extract TDSSKiller.zip to your desktop so that TDSSKiller.exe is on your desktop (not in a folder).
    NOTE: Close all running programs as a reboot may be necessary.
  • Copy the text in code box below.
    Code: Select all
    "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the above command in the Open: box and click OK.
  • Once the tool is finished, press any key to continue and allow the computer to reboot if necessary.
  • Locate the log, tdsskiller.txt, on your desktop and post the contents of that log in your next reply.

Test for Google redirects and include info on that and the TDSSKiller log in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: redirected from google search

Unread postby lamedmem » December 15th, 2009, 12:54 pm

Thank you 2 questions
1. do i copy and paste with quotation marks? "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
2. tdsskiller.txt is in a black window?


Thanks
lamedmem
Regular Member
 
Posts: 15
Joined: December 2nd, 2009, 9:57 pm

Re: redirected from google search

Unread postby shinybeast » December 15th, 2009, 1:47 pm

lamedmem wrote:Thank you 2 questions
1. do i copy and paste with quotation marks? "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
2. tdsskiller.txt is in a black window?


1. Yes, copy the whole command line with quotes and paste it in the Run... box.
2. The program TDSSKiller.exe will run in a black window. Once it is finished press any key and the log tdsskiller.txt should be created on your desktop. No need to get anything from the black program window.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: redirected from google search

Unread postby lamedmem » December 15th, 2009, 2:25 pm

Thanks here it is

13:22:55:78 2864
Scanning Registry ...
13:22:55:93 2864
Scanning Kernel memory ...
13:22:55:140 2864
Completed

Results:
13:22:55:140 2864 Infected objects in memory: 0
13:22:55:156 2864 Cured objects in memory: 0
13:22:55:156 2864 Infected objects on disk: 0
13:22:55:156 2864 Objects on disk cured on reboot: 0
13:22:55:156 2864 Objects on disk deleted on reboot: 0
13:22:55:156 2864 Registry nodes deleted on reboot: 0
13:22:55:156 2864
lamedmem
Regular Member
 
Posts: 15
Joined: December 2nd, 2009, 9:57 pm

Re: redirected from google search

Unread postby shinybeast » December 15th, 2009, 2:40 pm

Hi lamedemem,

Are you still getting the redirects?
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: redirected from google search

Unread postby lamedmem » December 15th, 2009, 3:03 pm

This morning I was getting them all the time every time i clicked on a google link it got redirected 3 times before i could reach a link. However now I tried it and it seems not to be redirecting. how did you do it?
lamedmem
Regular Member
 
Posts: 15
Joined: December 2nd, 2009, 9:57 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware