Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help wanted!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

A couple questions before I proceed with the latest help

Unread postby Dorothy » November 22nd, 2010, 10:51 pm

1.) I am unable to access the uninstall for the SearchSettings thingy---it said the feature I need is not available so I should indicated where it is ( SearchSettings.msi installation file). I did a search but it's not showing up anywhere. Just skip it? Or is there some other way to get at it?

2.) Weather Bug is a program I use regularly. If it's a bad thing, or a portal for bad things, I'll ditch it. What do you say?
Thanks so much, Melboy!
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm
Advertisement
Register to Remove

oops ...dbl post

Unread postby Dorothy » November 22nd, 2010, 10:57 pm

sorry
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Unread postby Dorothy » November 22nd, 2010, 11:04 pm

oh yeah..page 2! Duh
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 23rd, 2010, 9:13 am

Hi

Skip the Search Settings uninstall. It's possible that it is no longer there but the add/remove entry remains.

You can keep Weatherbug if you wish. It is considered borderline and it's removal is optional. It is not overtly harmful and many people do install it deliberately. However, It's installation can be unsolicited as in the past it has been installed without the users consent, bundled with other software or pre-installed by OEM's.

The free version is ad supported and this can be an attack vector for malware writers as they fraudulently try to get advertisements laced with hidden malicious code onto legitimate ad networks (Known as malvertisements).

Post the mbam log.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

OK--live and learn

Unread postby Dorothy » November 23rd, 2010, 11:34 am

I WILL uninstall that ad-laden Weather Bug. "malvertisements"...lol..but not funny
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby Dorothy » November 23rd, 2010, 2:01 pm

Melboy,
All steps completed except the Malwarebytes. Since downloading that, I have been unable to get the updates, receiving this error msg:
MBAM_ERROR_UPDATING(C12007,0,WinHttp.SendRequest)
I think I sent a msg to the support, but no reply, so have never really been able to benefit from it.
Today, I removed it and re-downloaded and re-installed. Same error.
Any ideas?
THANK YOU!
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

OK got it

Unread postby Dorothy » November 23rd, 2010, 4:41 pm

I READ SOME MORE & ENDED UP USING A PROXY SERVER..whether or not that's a good idea, I don't know, but it worked. Here's the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5177

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/23/2010 1:39:13 PM
mbam-log-2010-11-23 (13-39-13).txt

Scan type: Quick scan
Objects scanned: 174278
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{eca3e63b-2d45-2cad-efb1-65fd6c346935} (Adware.LoudMo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 23rd, 2010, 9:38 pm

Hi

Please undo the proxy server for the time being.

Router Check

  • Open Notepad and copy/paste the entire contents inside the codebox below, into Notepad (Do Not include code:)
Code: Select all
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
  • Save this as router.bat
  • Choose to Save type as - All Files and where to save - Desktop
  • Close the Notepad file.
  • Double-click on router.bat to run it. It should look like this: Image
  • It will open notepad when done. Please post back the results



Re-run OTL

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, please post the contents of OTL.txt in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

results from router.bat

Unread postby Dorothy » November 24th, 2010, 1:30 pm

Windows IP Configuration



Host Name . . . . . . . . . . . . : Dots

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-28-45-3F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.103

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 213.109.66.237

213.109.72.202

1.1.1.1

Lease Obtained. . . . . . . . . . : Tuesday, November 23, 2010 11:45:49 AM

Lease Expires . . . . . . . . . . : Friday, November 26, 2010 11:45:49 AM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.66.237

Name: google.com
Addresses: 74.125.159.106, 74.125.159.105, 74.125.159.147, 74.125.159.99
74.125.159.103, 74.125.159.104

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.66.237

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging google.com [74.125.159.99] with 32 bytes of data:



Reply from 74.125.159.99: bytes=32 time=100ms TTL=49

Reply from 74.125.159.99: bytes=32 time=102ms TTL=49



Ping statistics for 74.125.159.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 100ms, Maximum = 102ms, Average = 101ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=123ms TTL=49

Reply from 209.191.122.70: bytes=32 time=120ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 120ms, Maximum = 123ms, Average = 121ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 28 45 3f ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.103 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.103 192.168.2.103 20
192.168.2.103 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.103 192.168.2.103 20
224.0.0.0 240.0.0.0 192.168.2.103 192.168.2.103 20
255.255.255.255 255.255.255.255 192.168.2.103 192.168.2.103 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

OTL logfile created on: 11/24/2010

Unread postby Dorothy » November 24th, 2010, 1:43 pm

OTL logfile created on: 11/24/2010 10:35:09 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dot\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.48 Gb Total Space | 106.83 Gb Free Space | 73.44% Space Free | Partition Type: NTFS

Computer Name: DOTS | User Name: Dot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 10:29:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dot\My Documents\Downloads\OTL.exe
PRC - [2010/10/28 19:40:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/23 18:07:50 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/10/23 18:07:46 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/10/19 06:18:40 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dot\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 11:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 16:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 16:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 16:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 16:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/28 21:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/09/15 04:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 02:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 06:30:40 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/15 16:30:06 | 000,574,760 | ---- | M] () -- C:\Program Files\iGive_Toolbar\igvtt.exe
PRC - [2009/09/15 16:30:06 | 000,095,528 | ---- | M] () -- C:\Program Files\iGive_Toolbar\igvtp.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/29 18:09:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2001/12/12 17:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 10:29:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dot\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/23 18:07:46 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/19 15:42:14 | 000,132,608 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\RSVP.EXE -- (RSVP)
SRV - [2003/03/03 11:33:40 | 000,143,360 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/04/11 17:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\f3a2be184315b053.dat -- (f3a2be184315b053)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\385ecfecf477f8e7.dat -- (385ecfecf477f8e7)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/12 17:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/09 11:45:01 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2004/12/01 02:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 00:05:00 | 000,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 00:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 00:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DDMI2.sys -- (SDDMI2)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/28 16:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/webhp?hl=en&tab=nw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.184.133.210:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {cae9e4ee-e63b-4c68-8abf-672f47016882}:9.0.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/03 05:47:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/04 12:12:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/23 09:20:15 | 000,000,000 | ---D | M]

[2009/04/30 07:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Mozilla\Extensions
[2010/11/24 08:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions
[2009/10/30 13:34:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/20 19:43:19 | 000,000,000 | ---D | M] (IObitCom Toolbar) -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}
[2010/10/30 09:19:59 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2009/07/27 10:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions\en-US@dictionaries.addons.mozilla(2).org
[2010/04/30 20:31:12 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\searchplugins\bing-ff.xml
[2009/12/19 22:34:36 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\searchplugins\conduit.xml
[2010/11/24 08:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 06:39:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/23 10:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/23 10:11:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/03/19 15:37:50 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (no name) - {b6a73a11-0161-bbd1-427e-0c61e7e66e17} - No CLSID value found.
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (iGive Toolbar) - {FA73AE1B-4BA9-4E8B-832B-54A287FF1B7F} - C:\Program Files\iGive_Toolbar\igvtb.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [igvtm] C:\Program Files\iGive_Toolbar\igvtt.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTrace Express\NTXcontext.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: iGive Toolbar - C:\Documents and Settings\Dot\Application Data\iGive_Toolbar\igvtt\igvtC5.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/ ... arth3D.cab (Reg Error: Value error.)
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} http://www.pqprintcenter.com/plugin/axv ... ck1611.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} http://makeover.ivillage.co.uk/save/makeover.cab (Reg Error: Value error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.25/uploader2.cab (Reg Error: Value error.)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Value error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/54.16/uploader2.cab (Reg Error: Value error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.7.cab (Reg Error: Value error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (Reg Error: Value error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/share ... insctl.cab (Reg Error: Value error.)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Reg Error: Value error.)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://sidestep.com/get/k00719/sb02a.cab (Reg Error: Value error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Reg Error: Value error.)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://merillat.view22.com/view22/roomapp/View22RTE.cab (Reg Error: Value error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/share ... cgdmgr.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.237 213.109.72.202 1.1.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Dot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/16 06:36:02 | 000,000,025 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{de5eddea-181e-11db-b5e4-00111128453f}\Shell - "" = AutoRun
O33 - MountPoints2\{de5eddea-181e-11db-b5e4-00111128453f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de5eddea-181e-11db-b5e4-00111128453f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: brssINFO - (C:\WINDOWS\system32\dplastat.dll) - C:\WINDOWS\System32\dplastat.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/23 11:41:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/11/23 10:54:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/23 10:54:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/23 10:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 10:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/22 13:00:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/16 18:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dot\HijackThis logs
[2010/11/14 15:26:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dot\Recent
[2010/11/09 19:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dot\My Documents\ranchWife
[2010/11/06 09:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dot\My Documents\epohelp_files
[2010/11/03 06:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dot\Application Data\PCDr
[2010/10/25 15:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/10/25 15:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/10/25 15:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2004/09/07 18:59:59 | 016,706,160 | ---- | C] (Netopsystems AG) -- C:\Program Files\AdbeRdr60_enu_full.exe

========== Files - Modified Within 30 Days ==========

[2010/11/24 10:23:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-76020992-1609971859-2370090961-1007UA.job
[2010/11/24 09:58:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/24 09:00:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/11/24 07:29:32 | 100,030,783 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/24 07:23:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-76020992-1609971859-2370090961-1007Core.job
[2010/11/23 19:42:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/23 17:58:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 16:15:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\prvlcl.dat
[2010/11/23 15:31:58 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-76020992-1609971859-2370090961-1007.job
[2010/11/23 15:31:57 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-76020992-1609971859-2370090961-1007.job
[2010/11/23 11:46:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/11/23 11:46:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2010/11/23 11:45:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/11/23 10:55:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/23 10:00:33 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to jre-6u22-windows-i586.lnk
[2010/11/23 09:20:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/22 13:00:23 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/11/21 13:59:03 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\d7gnb2f4.exe
[2010/11/21 13:47:35 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\p15ipksk.exe
[2010/11/21 13:14:34 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\dds.scr
[2010/11/20 17:20:52 | 000,006,188 | -H-- | M] () -- C:\Documents and Settings\Dot\My Documents\Picasa.ini
[2010/11/19 19:02:37 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Brmfcmon.ini
[2010/11/19 19:02:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\¼
[2010/11/17 15:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/16 18:31:06 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to Downloads.lnk
[2010/11/16 17:39:51 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Dot\My Documents\project7_06.xls
[2010/11/15 08:29:35 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/11/14 20:40:59 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/14 20:40:59 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/14 20:40:59 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\IObit Freeware.url
[2010/11/14 15:20:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/14 15:01:56 | 000,000,989 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2010/11/11 06:57:42 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/11/08 19:55:30 | 000,486,360 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/08 19:55:29 | 000,089,412 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/11/08 10:02:17 | 000,002,442 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2010/11/06 09:06:55 | 000,118,415 | ---- | M] () -- C:\Documents and Settings\Dot\My Documents\epohelp.htm
[2010/11/05 18:21:49 | 000,015,796 | ---- | M] () -- C:\Documents and Settings\Dot\My Documents\STOPzilla Black List Contents.htm
[2010/11/04 18:01:50 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/04 13:24:12 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\Google Chrome.lnk
[2010/11/04 13:24:12 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/03 05:58:35 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Dot\My Documents\litterbox.xls
[2010/11/03 05:47:39 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/11/02 18:04:28 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to firefox.exe.lnk
[2010/10/28 20:52:19 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Dot\My Documents\andy_Bday_note-from-al.doc
[2010/10/28 07:02:39 | 000,147,968 | ---- | M] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/11/23 10:55:02 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/23 10:00:33 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to jre-6u22-windows-i586.lnk
[2010/11/21 13:59:01 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\d7gnb2f4.exe
[2010/11/21 13:47:34 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\p15ipksk.exe
[2010/11/21 13:14:19 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\dds.scr
[2010/11/19 19:02:37 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Brmfcmon.ini
[2010/11/19 19:02:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\¼
[2010/11/16 18:31:06 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to Downloads.lnk
[2010/11/14 20:40:59 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/14 20:40:59 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/14 15:20:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/10 19:58:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/06 09:06:45 | 000,118,415 | ---- | C] () -- C:\Documents and Settings\Dot\My Documents\epohelp.htm
[2010/11/05 17:51:13 | 000,015,796 | ---- | C] () -- C:\Documents and Settings\Dot\My Documents\STOPzilla Black List Contents.htm
[2010/11/04 18:01:50 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/02 18:04:28 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to firefox.exe.lnk
[2010/10/28 20:52:19 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Dot\My Documents\andy_Bday_note-from-al.doc
[2010/10/11 20:05:23 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\fusioncache.dat
[2010/08/12 14:58:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\prvlcl.dat
[2010/07/13 21:55:49 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/13 10:38:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/13 10:37:55 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/13 10:37:55 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/13 10:37:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/03/13 10:37:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/09 09:50:00 | 002,128,896 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2009/12/14 23:30:45 | 002,130,944 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\cooliris-win-ie-release-1.11.6.31225.en-US.msi
[2009/10/14 13:17:41 | 002,124,288 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\cooliris-win-ie-release-1.11.5.29501.en-US.msi
[2009/10/05 18:49:06 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/17 10:15:54 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\kodakpcd.ini
[2008/04/03 10:16:55 | 000,001,588 | ---- | C] () -- C:\WINDOWS\debugrcfile.ini
[2008/03/26 06:41:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/02/11 14:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/02/20 20:59:37 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/11/08 20:26:19 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/27 22:17:29 | 000,023,295 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\Comma Separated Values (Windows).ADR
[2006/10/27 22:16:25 | 000,038,458 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\Comma Separated Values (DOS).ADR
[2006/07/30 16:44:03 | 000,000,219 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI
[2006/05/29 05:15:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/03/01 19:51:47 | 000,002,442 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2006/02/10 09:19:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/01 22:14:55 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2005/11/24 11:04:01 | 000,000,054 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/11/13 20:22:41 | 000,000,315 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2005/07/08 11:03:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/07/08 10:20:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\POTATO.INI
[2005/07/08 08:04:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/04/24 21:51:42 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2005/04/24 21:51:41 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/04/24 18:40:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/04/24 18:39:32 | 000,001,549 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2005/04/24 18:39:32 | 000,000,551 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/04/24 18:39:32 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2005/04/24 18:39:32 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/04/24 18:39:09 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2005/04/24 18:29:22 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/03/09 10:07:51 | 000,004,271 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/25 10:08:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/16 13:25:59 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/01 16:44:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/12/04 21:14:45 | 000,000,053 | ---- | C] () -- C:\WINDOWS\zbj22.ini
[2004/11/26 14:45:07 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/11/26 14:45:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/11/26 14:45:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/11/26 14:42:47 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/11/26 14:37:13 | 000,000,962 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/11/26 14:37:05 | 000,000,201 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2004/11/24 17:31:00 | 000,001,084 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/11/24 12:47:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2004/09/22 07:49:04 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Chatrm.INI
[2004/09/22 07:48:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DRAGHOOK.dll
[2004/09/22 07:48:44 | 000,000,362 | ---- | C] () -- C:\WINDOWS\cribbage.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\spades.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pinochle.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hearts.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\gin.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\gammon.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\euchre.ini
[2004/09/07 18:59:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\dm.ini
[2004/09/03 19:09:15 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/09/01 15:39:47 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\PFP120JPR.{PB
[2004/09/01 15:39:47 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\PFP120JCM.{PB
[2004/09/01 11:27:59 | 000,000,163 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2004/09/01 06:44:27 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/28 08:55:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/28 08:48:16 | 000,000,839 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/28 08:36:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/28 08:26:04 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 15:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 11:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 10:58:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/19 15:37:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/19 11:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[1996/12/03 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/03 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/12/31 22:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/01/21 13:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGI
[2008/06/07 06:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atrise
[2010/11/16 19:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/29 08:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/29 09:46:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/05 16:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/09/29 07:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/08/13 19:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/02/10 09:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/05/11 07:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2005/04/24 18:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/11/24 09:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/02/01 22:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/04/30 20:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2007/01/23 09:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/14 16:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 13:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/02/08 15:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/08/17 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Acreon
[2010/03/15 21:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\ActiveState
[2005/12/17 15:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Allume Systems
[2010/08/10 19:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\AnvSoft
[2010/08/10 17:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Any Video Converter
[2010/10/11 21:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\AVG
[2010/09/29 09:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\AVG10
[2010/11/23 11:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\iGive_Toolbar
[2010/01/18 19:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\IObit
[2005/01/09 17:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Jasc
[2008/03/10 22:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\KompoZer
[2005/01/05 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Leadertech
[2009/01/15 20:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\MPEG Streamclip
[2007/05/31 14:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Nvu
[2010/11/03 06:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\PCDr
[2006/03/11 20:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\PDF reDirect
[2006/05/11 06:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\River Past G4
[2006/05/11 06:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\RiverPast G4
[2005/04/25 07:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\ScanSoft
[2010/03/25 12:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\scriptocean
[2008/08/19 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Search Settings
[2008/11/07 11:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Skinux
[2009/02/12 09:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Snapfish
[2006/04/05 15:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Template
[2010/08/03 14:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Tific
[2010/10/05 16:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Uniblue
[2007/06/03 18:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Viewpoint
[2010/11/23 11:46:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2010/11/22 13:00:23 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



< End of report >
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 24th, 2010, 5:38 pm

Hi

It looks like the DNS settings on the router have been changed which is probably the source of the re-directions.


Resetting Router

Let’s try to reset the router to its default configuration.

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.



flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:

      ipconfig /flushdns



Router Check

Now lets check the router again.

  • Open Notepad and copy/paste the entire contents inside the codebox below, into Notepad (Do Not include code:)
Code: Select all
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
  • Save this as router.bat
  • Choose to Save type as - All Files and where to save - Desktop
  • Close the Notepad file.
  • Double-click on router.bat to run it. It should look like this: Image
  • It will open notepad when done. Please post back the results
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help wanted!

Unread postby melboy » November 26th, 2010, 7:28 pm

Hi Dorothy

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help wanted!

Unread postby Dorothy » November 26th, 2010, 11:04 pm

Oh yes, DEFINITELY and ABSOLUTELY I'm still with it, but did not want to mess with my router settings till I could concentrate and the holiday has required my attention. I intend to tackle it tomorrow morning (Saturday) in earnest. Thanks so much Melboy!!!!
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 27th, 2010, 5:33 am

Hi

No worries. I hope you have had a Happy Thanksgiving.

Post when ready.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

me again with router.bat results

Unread postby Dorothy » November 27th, 2010, 4:44 pm

Happy TG weekend back to you too.
Here goes---should say I'm not absolutely sure I got the router totally reset--but did follow all instructions.

ROUTER.BAT output:


Windows IP Configuration



Host Name . . . . . . . . . . . . : Dots

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-28-45-3F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 213.109.66.237

213.109.72.202

1.1.1.1

Lease Obtained. . . . . . . . . . : Saturday, November 27, 2010 7:33:59 AM

Lease Expires . . . . . . . . . . : Tuesday, November 30, 2010 7:33:59 AM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.66.237

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.159.99, 74.125.159.147, 74.125.159.103, 74.125.159.106
74.125.159.105, 74.125.159.104

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.66.237

Name: yahoo.com
Addresses: 69.147.125.65, 209.191.122.70, 98.137.149.56, 72.30.2.43
67.195.160.76



Pinging google.com [74.125.159.147] with 32 bytes of data:



Reply from 74.125.159.147: bytes=32 time=156ms TTL=49

Reply from 74.125.159.147: bytes=32 time=250ms TTL=49



Ping statistics for 74.125.159.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 156ms, Maximum = 250ms, Average = 203ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=349ms TTL=49

Reply from 209.191.122.70: bytes=32 time=436ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 349ms, Maximum = 436ms, Average = 392ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 28 45 3f ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.104 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.104 192.168.2.104 20
192.168.2.0 255.255.255.0 192.168.2.104 192.168.2.104 20
192.168.2.104 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.104 192.168.2.104 20
224.0.0.0 240.0.0.0 192.168.2.104 192.168.2.104 20
255.255.255.255 255.255.255.255 192.168.2.104 192.168.2.104 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware